LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 4 Update: tetex-3.0-9.FC4 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. This package also updates bindings in texdoc and causes the local texmf tree to be searched first.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-028
2006-01-12
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : tetex
Version     : 3.0                      
Release     : 9.FC4                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.


The Red Hat tetex package also contains software related to Japanese
support for teTeX such as ptex, what is not a part of teTeX project.

---------------------------------------------------------------------
Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to
these issues.

This package also updates bindings in texdoc and causes the
local texmf tree to be searched first.
---------------------------------------------------------------------
* Wed Jan 11 2006 Jindrich Novy  3.0-9.FC4
- apply additional patch to fix xpdf flaws from Ludwig Nussel
  (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
- /usr/share/texmf/doc is now owned by tetex package (#177065)
- update searching order for kpathsea (local texmf tree is
  searched first)
- don't use obsolete bindings in texdoc
* Mon Dec 19 2005 Jindrich Novy  3.0-8.FC4
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
  security response team, taken from xpdf

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d5803bb897ac8b307e604d9b5ff872c1ff314565  SRPMS/tetex-3.0-9.FC4.src.rpm
ff74404da788d6b5677d6edf10745564bafd43da  ppc/tetex-3.0-9.FC4.ppc.rpm
1ddbc8cb532cb20d101e490bb881621c994d8851  ppc/tetex-latex-3.0-9.FC4.ppc.rpm
c8329a5c0b491f82d37e7b7024b3d4b0cf2553f1  ppc/tetex-xdvi-3.0-9.FC4.ppc.rpm
7387673a1b7a69582e6f0c4b382430f9c71c5eec  ppc/tetex-dvips-3.0-9.FC4.ppc.rpm
59b640dee6af739cde5d2f7f8dbebaaabcb4ec28  ppc/tetex-afm-3.0-9.FC4.ppc.rpm
0e4a4804df1cfd756da3be2b93bbdc08548ce3cf  ppc/tetex-fonts-3.0-9.FC4.ppc.rpm
846dc3c32e28fc4b1bc703d62f6bf1f1daa26031  ppc/tetex-doc-3.0-9.FC4.ppc.rpm
4d054f78d197154f5de87f7118de6a01dd65230e  ppc/debug/tetex-debuginfo-3.0-9.FC4.ppc.rpm
aa56a1fce1d8d1b5213a588612bfbea03d2e18d8  x86_64/tetex-3.0-9.FC4.x86_64.rpm
ccd10c08e3342efd7e0345e3d6bf030574066262  x86_64/tetex-latex-3.0-9.FC4.x86_64.rpm
2abd94209f969ffad4e152d5fa84d9724495886c  x86_64/tetex-xdvi-3.0-9.FC4.x86_64.rpm
4a966b11d187f743445bf0a9193eab5e021bcc7b  x86_64/tetex-dvips-3.0-9.FC4.x86_64.rpm
9b0b54e67982188e20dcbafdd1c25cc559306345  x86_64/tetex-afm-3.0-9.FC4.x86_64.rpm
81c804112f3f557950f618a4d7d459f6d3683298  x86_64/tetex-fonts-3.0-9.FC4.x86_64.rpm
a3905125347b27476119eb2109f533f868898f00  x86_64/tetex-doc-3.0-9.FC4.x86_64.rpm
8c50c8246b1cd2eb16dc03f9f45ebbcb31470c87  x86_64/debug/tetex-debuginfo-3.0-9.FC4.x86_64.rpm
7afe7adda01e3a4cef49c7ff05975c1a2ebf4d8a  i386/tetex-3.0-9.FC4.i386.rpm
de7db2f913951772d3ea106472bc390b3bd6a391  i386/tetex-latex-3.0-9.FC4.i386.rpm
af8d0c5026e4fbd557cc06024af2952025c8ba5b  i386/tetex-xdvi-3.0-9.FC4.i386.rpm
3d7837c759ec17ac25a3ba82cc038eb0eab25558  i386/tetex-dvips-3.0-9.FC4.i386.rpm
cb11ce07500fe9f978f8d372358eb4dd664bd03a  i386/tetex-afm-3.0-9.FC4.i386.rpm
c483b2892a7b02e22ac96c91e39e24f0fb783a26  i386/tetex-fonts-3.0-9.FC4.i386.rpm
31592fdca8509bc0412293b707eaf02485640b8e  i386/tetex-doc-3.0-9.FC4.i386.rpm
d706dba1b43706096b7dcd29c8ef203d72c48731  i386/debug/tetex-debuginfo-3.0-9.FC4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.