LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora: tetex-2.0.2-21.2 update Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Fedora The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-585
2005-01-06
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : tetex
Version     : 2.0.2
Release     : 21.2
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.

---------------------------------------------------------------------
Update Information:

The updated tetex package fixes a buffer overflow which allows attackers
to cause the internal xpdf library used by applications in tetex to
crash, and possibly to execute arbitrary code.  The Common Vulnerabilities
and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125
to this issue.

---------------------------------------------------------------------
* Mon Dec 27 2004 Jindrich Novy  2.0.2-21.2

- Fix CAN-2004-1125 xpdf overflow

* Tue Nov 02 2004 Jindrich Novy  2.0.2-21.1

- Add xpdf overflow security patch (CESA-2004-007)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

eeffe10a8d42f6269f2e7a9225b76108  SRPMS/tetex-2.0.2-21.2.src.rpm
2e3fe2e80094656b2a571b424f3bc002  x86_64/tetex-2.0.2-21.2.x86_64.rpm
e8fac4727a41f4cd97442e2e84fcc188  x86_64/tetex-latex-2.0.2-21.2.x86_64.rpm
94c4217e1b73293706b45880fbc72e39  x86_64/tetex-xdvi-2.0.2-21.2.x86_64.rpm
aef9eb3e2c213e6512b6c63c767893e0  x86_64/tetex-dvips-2.0.2-21.2.x86_64.rpm
b978a97c56edd0f8473646553912292f  x86_64/tetex-afm-2.0.2-21.2.x86_64.rpm
a350d6ebb4130fc67584f9dcb9aa8b34  x86_64/tetex-fonts-2.0.2-21.2.x86_64.rpm
a6435f2dadbce2192226bf1d6c751f7b  x86_64/tetex-doc-2.0.2-21.2.x86_64.rpm
94442d1626174498758f2f7999c31b1d  x86_64/debug/tetex-debuginfo-2.0.2-21.2.x86_64.rpm
e47da926c1a225d73724786e1d708989  i386/tetex-2.0.2-21.2.i386.rpm
774fa2bd414a297a92101000d5f3a980  i386/tetex-latex-2.0.2-21.2.i386.rpm
83e020d800b3d6faee79f4955c148083  i386/tetex-xdvi-2.0.2-21.2.i386.rpm
c4e3699330d79b05b99ffedb22ee6f2a  i386/tetex-dvips-2.0.2-21.2.i386.rpm
50fd2ac5818c548f7749e73b11f86b6b  i386/tetex-afm-2.0.2-21.2.i386.rpm
584b54a8d6c2241b49b9b7e38e7c0268  i386/tetex-fonts-2.0.2-21.2.i386.rpm
d151205d1990b1a09641e279e7f10aa3  i386/tetex-doc-2.0.2-21.2.i386.rpm
58f207404845c4de68c7ce0658d606e8  i386/debug/tetex-debuginfo-2.0.2-21.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.