LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: teTeX vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update.
=========================================================== 
Ubuntu Security Notice USN-410-2           January 25, 2007
tetex-bin vulnerability
CVE-2007-0104
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  tetex-bin                                2.0.2-30ubuntu3.6

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-410-1 fixed vulnerabilities in the poppler PDF loader library.  This 
update provides the corresponding updates for a copy of this code in 
tetex-bin in Ubuntu 5.10.  Versions of tetex-bin after Ubuntu 5.10 use 
poppler directly and do not need a separate update.

Original advisory details:

 The poppler PDF loader library did not limit the recursion depth of
 the page model tree. By tricking a user into opening a specially
 crafter PDF file, this could be exploited to trigger an infinite loop
 and eventually crash an application that uses this library.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6.diff.gz
      Size/MD5:   157893 b6007efd29194cc9fec42307922c3ba7
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6.dsc
      Size/MD5:     1026 e8f70041aef468507fa065c6f954b5c0
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5: 11677169 8f02d5940bf02072ce5fe05429c90e63

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:    73832 70ffe21b80c15ad83dc01d740103fab9
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:    63206 293d6e51cb2040243b5fd295e9c14be6
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_amd64.deb
      Size/MD5:  4483952 e247a7e58f1d01deca3a21c9f5cab205

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:    65990 45d8cde62b5130125d75bff6382ecdaa
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:    59262 58fbd1420c687797aae6ba9f311a3db0
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_i386.deb
      Size/MD5:  3885432 3641a03d2496ddb37041fe1a1688b00f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:    75806 0649e9b518f220facf494af01590a9c0
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:    64436 09bcbd56e5613821b40119ba87b5d2a7
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_powerpc.deb
      Size/MD5:  4472130 751f6987e7a38ca7a7dc9313ab867ee8

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:    72188 a4a1f70848c7bc7155ec5cf14d207b15
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea3_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:    62896 8c9e04a67589f38219e88f74966b831b
    http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_2.0.2-30ubuntu3.6_sparc.deb
      Size/MD5:  4237728 e4b5610a38c00f601ea23b5f1a534e4a


--6pbY/KU4ayLo+qis
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFuVOAH/9LqRcGPm0RAiozAJ9Lw3oLUxCzQGAYYv/Vqix4Ja2K+ACgngm9
TLaQUZgv9xixDBqt1admxms=LVvM
-----END PGP SIGNATURE-----

--6pbY/KU4ayLo+qis--


--==============59290949=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============59290949==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.