LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: tetex multiple vulnerabilities fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CAN-2004-0888).

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           tetex
 Advisory ID:            MDKSA-2004:166
 Date:                   December 29th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package,
 which also effect software using embedded xpdf code, such as tetex
 (CAN-2004-0888).

 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like tetex which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution.

 iDefense also reported a buffer overflow vulnerability, which affects
 versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use
 embedded xpdf code. An attacker could construct a malicious payload file
 which could enable arbitrary code execution on the target system
 (CAN-2004-1125).

 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 c75d7af8ac2efc11d6fdc0df6809304d  10.0/RPMS/jadetex-3.12-93.1.100mdk.i586.rpm
 a38628da7c17a028cdec59064f842b9e  10.0/RPMS/tetex-2.0.2-14.1.100mdk.i586.rpm
 39b6affec6f818446309590bfaff7002  10.0/RPMS/tetex-afm-2.0.2-14.1.100mdk.i586.rpm
 eb1f62b9fb1306018f466537a52ebd08  10.0/RPMS/tetex-context-2.0.2-14.1.100mdk.i586.rpm
 9fecc8b2559fbd0cacd8883471060ec7  10.0/RPMS/tetex-devel-2.0.2-14.1.100mdk.i586.rpm
 3d9a926734a4c4693da46e94d96e367b  10.0/RPMS/tetex-doc-2.0.2-14.1.100mdk.i586.rpm
 f9cb43a4c44048d8f52359da684bec30  10.0/RPMS/tetex-dvilj-2.0.2-14.1.100mdk.i586.rpm
 be176389f8d2e1edbc935b3aaf489f50  10.0/RPMS/tetex-dvipdfm-2.0.2-14.1.100mdk.i586.rpm
 fffe1cb5015310963d60d7881097bda9  10.0/RPMS/tetex-dvips-2.0.2-14.1.100mdk.i586.rpm
 724424998639f66d0be41f27af7978e5  10.0/RPMS/tetex-latex-2.0.2-14.1.100mdk.i586.rpm
 ebde42e85a62ab73f7fdf2af4e0e49ce  10.0/RPMS/tetex-mfwin-2.0.2-14.1.100mdk.i586.rpm
 e2eca42c115c5540e26ca702b074bf70  10.0/RPMS/tetex-texi2html-2.0.2-14.1.100mdk.i586.rpm
 19529166e556b87854401791f567f686  10.0/RPMS/tetex-xdvi-2.0.2-14.1.100mdk.i586.rpm
 38ebef2194ed1c8950364bd1af24eb56  10.0/RPMS/xmltex-1.9-41.1.100mdk.i586.rpm
 637514fe15251ebb39b6d5ec65514b83  10.0/SRPMS/tetex-2.0.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a741143c6f70869701db3682f618e35b  amd64/10.0/RPMS/jadetex-3.12-93.1.100mdk.amd64.rpm
 6c2504e7a92f17b132bfe709ebf5a25d  amd64/10.0/RPMS/tetex-2.0.2-14.1.100mdk.amd64.rpm
 b24f02a98b1d3f04881f12d692323a95  amd64/10.0/RPMS/tetex-afm-2.0.2-14.1.100mdk.amd64.rpm
 23031051edd62f7b59b33335d1c8846f  amd64/10.0/RPMS/tetex-context-2.0.2-14.1.100mdk.amd64.rpm
 a19d8eaf80260fdfb701634cdcf8bf34  amd64/10.0/RPMS/tetex-devel-2.0.2-14.1.100mdk.amd64.rpm
 8eae31a5c2f2430fdf7a6f07318465aa  amd64/10.0/RPMS/tetex-doc-2.0.2-14.1.100mdk.amd64.rpm
 dc91e4c7222a2078c61850972020c19b  amd64/10.0/RPMS/tetex-dvilj-2.0.2-14.1.100mdk.amd64.rpm
 a7200a22447c42371c23ff5ee586df2c  amd64/10.0/RPMS/tetex-dvipdfm-2.0.2-14.1.100mdk.amd64.rpm
 245d5423d50adf60a9d05c3bc0868122  amd64/10.0/RPMS/tetex-dvips-2.0.2-14.1.100mdk.amd64.rpm
 3a0369fc158cfe813e97feff9c64ddd0  amd64/10.0/RPMS/tetex-latex-2.0.2-14.1.100mdk.amd64.rpm
 ada985d1330877120cff9f907d30c265  amd64/10.0/RPMS/tetex-mfwin-2.0.2-14.1.100mdk.amd64.rpm
 d8604cec79664570994cbba838fbda87  amd64/10.0/RPMS/tetex-texi2html-2.0.2-14.1.100mdk.amd64.rpm
 886d233a3b4ce5246f57843a7e13fd88  amd64/10.0/RPMS/tetex-xdvi-2.0.2-14.1.100mdk.amd64.rpm
 fec3aaa15684f4cefb08c150b4dc3e40  amd64/10.0/RPMS/xmltex-1.9-41.1.100mdk.amd64.rpm
 637514fe15251ebb39b6d5ec65514b83  amd64/10.0/SRPMS/tetex-2.0.2-14.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 c018bb4c0dd71bc00e30d9bf8f9355ac  10.1/RPMS/jadetex-3.12-98.1.101mdk.i586.rpm
 8766ee73c6f53ea2a7c73065d0737e6a  10.1/RPMS/tetex-2.0.2-19.1.101mdk.i586.rpm
 0f8b27c62be9dffbd24aafefaa91ae14  10.1/RPMS/tetex-afm-2.0.2-19.1.101mdk.i586.rpm
 fe4e007ba5d1a2ff5582b8f3ac37f107  10.1/RPMS/tetex-context-2.0.2-19.1.101mdk.i586.rpm
 b51e30366aa2d0f6705cd9f47b4cc8eb  10.1/RPMS/tetex-devel-2.0.2-19.1.101mdk.i586.rpm
 bfd9a1fae367b94f84bddc47a664f145  10.1/RPMS/tetex-doc-2.0.2-19.1.101mdk.i586.rpm
 2006a5e5a0ab239aabc72ec1cc317ba8  10.1/RPMS/tetex-dvilj-2.0.2-19.1.101mdk.i586.rpm
 13a8fbae47c079bf25ae14fc00a04eff  10.1/RPMS/tetex-dvipdfm-2.0.2-19.1.101mdk.i586.rpm
 0b940e4b1a5dcb9a4319603ae7c2e60c  10.1/RPMS/tetex-dvips-2.0.2-19.1.101mdk.i586.rpm
 93a9e10c4481d4849fbd34b5603e732a  10.1/RPMS/tetex-latex-2.0.2-19.1.101mdk.i586.rpm
 64c8858d00ca93aa0bd56e46ff760705  10.1/RPMS/tetex-mfwin-2.0.2-19.1.101mdk.i586.rpm
 0c6e7741dd217fe289f938ffde385b89  10.1/RPMS/tetex-texi2html-2.0.2-19.1.101mdk.i586.rpm
 2d59aa6f98604f55336a62c22abbe3dc  10.1/RPMS/tetex-xdvi-2.0.2-19.1.101mdk.i586.rpm
 b57e279bbb4ed20851c75ff00e8251ed  10.1/RPMS/xmltex-1.9-46.1.101mdk.i586.rpm
 026aa0fa94c518da4f3659364bee2891  10.1/SRPMS/tetex-2.0.2-19.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c570889cca89def0d7495fae7cbb4397  x86_64/10.1/RPMS/jadetex-3.12-98.1.101mdk.x86_64.rpm
 79c2039c46a7a0b9e12e49d58446a050  x86_64/10.1/RPMS/tetex-2.0.2-19.1.101mdk.x86_64.rpm
 c88b323db95603cf2df6e4f9bda9a502  x86_64/10.1/RPMS/tetex-afm-2.0.2-19.1.101mdk.x86_64.rpm
 482670da1f161fd0eed8da70d1ae2dad  x86_64/10.1/RPMS/tetex-context-2.0.2-19.1.101mdk.x86_64.rpm
 64977b808c06865f42836c10a2383b41  x86_64/10.1/RPMS/tetex-devel-2.0.2-19.1.101mdk.x86_64.rpm
 1f47fea865ec6e17ec67e110dee27942  x86_64/10.1/RPMS/tetex-doc-2.0.2-19.1.101mdk.x86_64.rpm
 b65a9afac21bba71f0c92e45b2de86b7  x86_64/10.1/RPMS/tetex-dvilj-2.0.2-19.1.101mdk.x86_64.rpm
 ac830cecbb2f9bb08a6f21bd63182cae  x86_64/10.1/RPMS/tetex-dvipdfm-2.0.2-19.1.101mdk.x86_64.rpm
 53896fe3fb471adb5d79b8fa1b5155ff  x86_64/10.1/RPMS/tetex-dvips-2.0.2-19.1.101mdk.x86_64.rpm
 c9074ea704ed1677cdbd496279ee14aa  x86_64/10.1/RPMS/tetex-latex-2.0.2-19.1.101mdk.x86_64.rpm
 bf5c86b54feb8d667150b926a60d2bbf  x86_64/10.1/RPMS/tetex-mfwin-2.0.2-19.1.101mdk.x86_64.rpm
 51598825f27f549b4e2d0d8b748532a5  x86_64/10.1/RPMS/tetex-texi2html-2.0.2-19.1.101mdk.x86_64.rpm
 05e68143337cfdd882012b1950ae7c53  x86_64/10.1/RPMS/tetex-xdvi-2.0.2-19.1.101mdk.x86_64.rpm
 d4a3f7a1a21c333b97cb117cf8f69194  x86_64/10.1/RPMS/xmltex-1.9-46.1.101mdk.x86_64.rpm
 026aa0fa94c518da4f3659364bee2891  x86_64/10.1/SRPMS/tetex-2.0.2-19.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.