LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: 'tetex' elevated privileges vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A problem was discovered in the temporary file handling capabilities of some teTeX filters that can lead to elevated privileges.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           tetex
Date:                   November 20th, 2001
Advisory ID:            MDKSA-2001:086

Affected versions:      7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1
________________________________________________________________________

Problem Description:

 A problem was discovered in the temporary file handling capabilities
 of some teTeX filters by zen-parse.  These filters are used as print
 filters automatically when printing .dvi files using lpr.  This can
 lead to elevated privileges.  This update relies on the updated mktemp
 packages for 7.x in MDKA-2001:021, which gives mktemp the ability to
 create temporary directories.  8.x users already have a mktemp that
 works in this fashion.
________________________________________________________________________

References:

   http://www.securityfocus.com/archive/1/192647
  https://bugzilla.Red Hat.com/bugzilla/show_bug.cgi?id=43342
________________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
   http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.1:
03ef1ee1b633f7b15a96e0aaeb7add41  7.1/RPMS/tetex-1.0.7-6.1mdk.i586.rpm
d8adc388002098ee54c25a85e48a1861  7.1/RPMS/tetex-afm-1.0.7-6.1mdk.i586.rpm
bf8af031068beb610175b69c2f56bf83  7.1/RPMS/tetex-doc-1.0.7-6.1mdk.i586.rpm
f1a8dfd94a0da14dc9446d7a1d58f227  7.1/RPMS/tetex-dvilj-1.0.7-6.1mdk.i586.rpm
25ed14dcdd9b3ba3862387d22eab47ca  7.1/RPMS/tetex-dvips-1.0.7-6.1mdk.i586.rpm
0a2951e2aee8ed37a2b206efa37e0a90  7.1/RPMS/tetex-latex-1.0.7-6.1mdk.i586.rpm
c5c7882c0d386ca5176464b52b583afa  7.1/RPMS/tetex-xdvi-1.0.7-6.1mdk.i586.rpm
f25809018552ee50468b8695562703f5  7.1/SRPMS/tetex-1.0.7-6.1mdk.src.rpm

Linux-Mandrake 7.2:
51007b87bf1dba689b08a7a2d481409d  7.2/RPMS/tetex-1.0.7-11.1mdk.i586.rpm
df7ecae9c6f7080ed3e869e5f5723dfb  7.2/RPMS/tetex-afm-1.0.7-11.1mdk.i586.rpm
046adf359223e78bfb174128019f8c2b  7.2/RPMS/tetex-doc-1.0.7-11.1mdk.i586.rpm
8924196a007e4358fbb4295ad0ffdd08  7.2/RPMS/tetex-dvilj-1.0.7-11.1mdk.i586.rpm
95713800fbf8d5cecaeeb4f0112ab0bb  7.2/RPMS/tetex-dvips-1.0.7-11.1mdk.i586.rpm
3ae21fe8d70ef236944be4a3f065c053  7.2/RPMS/tetex-latex-1.0.7-11.1mdk.i586.rpm
313f849bb6578966e78463799d37b019  7.2/RPMS/tetex-xdvi-1.0.7-11.1mdk.i586.rpm
f7f1a22b452d0acdbbc9424f73686ab5  7.2/SRPMS/tetex-1.0.7-11.1mdk.src.rpm

Mandrake Linux 8.0:
a5e5697f6b6c521e3132a0ccaa3bcdaa  8.0/RPMS/tetex-1.0.7-21.1mdk.i586.rpm
37132ac11983dfccb2ee7c1d9ff0203d  8.0/RPMS/tetex-afm-1.0.7-21.1mdk.i586.rpm
658a56ca65ddddfc0d4a288eec16a5d5  8.0/RPMS/tetex-doc-1.0.7-21.1mdk.i586.rpm
6213815683453df4029c4190c3ca4285  8.0/RPMS/tetex-dvilj-1.0.7-21.1mdk.i586.rpm
b79a68dbfba6c2bbc9455e93c3aa9b08  8.0/RPMS/tetex-dvipdfm-1.0.7-21.1mdk.i586.rpm
7c78663dff6b7d6110d52360ffe51bdf  8.0/RPMS/tetex-dvips-1.0.7-21.1mdk.i586.rpm
63e5cce1fed58e0870f067ef7d345f83  8.0/RPMS/tetex-latex-1.0.7-21.1mdk.i586.rpm
73d00015e30e78cdaf4fed01863696f2  8.0/RPMS/tetex-xdvi-1.0.7-21.1mdk.i586.rpm
c9d8502ab2e9ee1cbce62074dafc9ea9  8.0/SRPMS/tetex-1.0.7-21.1mdk.src.rpm

Mandrake Linux 8.0 (PPC):
4c4431b6b402049f1616519b7f17f4e3  ppc/8.0/RPMS/tetex-1.0.7-21.1mdk.ppc.rpm
044a5b357a7a5e6c5e6b75f917427333  ppc/8.0/RPMS/tetex-afm-1.0.7-21.1mdk.ppc.rpm
ae24f1aae2d0cc8fe306256916fd7c45  ppc/8.0/RPMS/tetex-doc-1.0.7-21.1mdk.ppc.rpm
26c8812140346ca3524974b44487fd26  ppc/8.0/RPMS/tetex-dvilj-1.0.7-21.1mdk.ppc.rpm
127a7b1c4a8cce9e54315508ad6f4db7  ppc/8.0/RPMS/tetex-dvipdfm-1.0.7-21.1mdk.ppc.rpm
a3eba4dac3b4f0944b26a4a3b625d95e  ppc/8.0/RPMS/tetex-dvips-1.0.7-21.1mdk.ppc.rpm
0316f1614af04b923ffd20b95cb98f3e  ppc/8.0/RPMS/tetex-latex-1.0.7-21.1mdk.ppc.rpm
9c02e6a5ed8ed4d3f5cf9ce7637703f4  ppc/8.0/RPMS/tetex-xdvi-1.0.7-21.1mdk.ppc.rpm
c9d8502ab2e9ee1cbce62074dafc9ea9  ppc/8.0/SRPMS/tetex-1.0.7-21.1mdk.src.rpm

Mandrake Linux 8.1:
2d7aaee76ce94274b105c89ae9104d9e  8.1/RPMS/tetex-1.0.7-31.1mdk.i586.rpm
ea793c3d29c61bd5cafbf90a7ab93ac7  8.1/RPMS/tetex-afm-1.0.7-31.1mdk.i586.rpm
fcc2d001813252656f5b2c5a140c3937  8.1/RPMS/tetex-doc-1.0.7-31.1mdk.i586.rpm
53881ceff47afb6723b22f5dee508cec  8.1/RPMS/tetex-dvilj-1.0.7-31.1mdk.i586.rpm
ce6fd105fdc6dcee614747b02fad8e52  8.1/RPMS/tetex-dvipdfm-1.0.7-31.1mdk.i586.rpm
2bd08b27ad7961e5405532f58ca840b0  8.1/RPMS/tetex-dvips-1.0.7-31.1mdk.i586.rpm
a454c5cf0e0031a85e6ecfd9e6e32c5e  8.1/RPMS/tetex-latex-1.0.7-31.1mdk.i586.rpm
55841068d15f1509a3bbefa9ecf89865  8.1/RPMS/tetex-xdvi-1.0.7-31.1mdk.i586.rpm
295d0cd04109922869668dcd21f203b5  8.1/SRPMS/tetex-1.0.7-31.1mdk.src.rpm

Corporate Server 1.0.1:
03ef1ee1b633f7b15a96e0aaeb7add41  1.0.1/RPMS/tetex-1.0.7-6.1mdk.i586.rpm
d8adc388002098ee54c25a85e48a1861  1.0.1/RPMS/tetex-afm-1.0.7-6.1mdk.i586.rpm
bf8af031068beb610175b69c2f56bf83  1.0.1/RPMS/tetex-doc-1.0.7-6.1mdk.i586.rpm
f1a8dfd94a0da14dc9446d7a1d58f227  1.0.1/RPMS/tetex-dvilj-1.0.7-6.1mdk.i586.rpm
25ed14dcdd9b3ba3862387d22eab47ca  1.0.1/RPMS/tetex-dvips-1.0.7-6.1mdk.i586.rpm
0a2951e2aee8ed37a2b206efa37e0a90  1.0.1/RPMS/tetex-latex-1.0.7-6.1mdk.i586.rpm
c5c7882c0d386ca5176464b52b583afa  1.0.1/RPMS/tetex-xdvi-1.0.7-6.1mdk.i586.rpm
f25809018552ee50468b8695562703f5  1.0.1/SRPMS/tetex-1.0.7-6.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

   http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

   http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

   http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security@linux-mandrake.com>


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see  http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see  http://www.gnupg.org

iD8DBQE7+gMvmqjQ0CJFipgRAsXBAKDUvFQmjx38nWwMWmdBAW4NXXwDOQCfUBWY
a7l0N39ZBqeefx9zUf5dEvE=
=tK23
-----END PGP SIGNATURE-----



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.