LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated tetex packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:109
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : May 23, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the gdImageStringFTEx function in gdft.c in the
 GD Graphics Library 2.0.33 and earlier allows remote attackers to
 cause a denial of service (application crash) and possibly execute
 arbitrary code via a crafted string with a JIS encoded font.
 
 Tetex 3.x uses an embedded copy of the gd source and may also be
 affected by this issue (CVE-2007-0455).
 
 A buffer overflow in the open_sty function for makeindex in Tetex
 could allow user-assisted remote attackers to overwrite files and
 possibly execute arbitrary code via a long filename (CVE-2007-0650).
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 f2fb0b9d245e499e2fc1138a038b3e7c  2007.0/i586/jadetex-3.12-116.2mdv2007.0.i586.rpm
 9837dfed443636fd08b9e375204d22f3  2007.0/i586/tetex-3.0-18.2mdv2007.0.i586.rpm
 d4973051015bd0e48b89934f73fd5897  2007.0/i586/tetex-afm-3.0-18.2mdv2007.0.i586.rpm
 b1fd20a365cb89f9adbb056957800730  2007.0/i586/tetex-context-3.0-18.2mdv2007.0.i586.rpm
 13ee210196e3f1c0e997e50520e04168  2007.0/i586/tetex-devel-3.0-18.2mdv2007.0.i586.rpm
 e90f6b31569572defb05df637b47256b  2007.0/i586/tetex-doc-3.0-18.2mdv2007.0.i586.rpm
 e5059f0d5fbcbe39514080c402403668  2007.0/i586/tetex-dvilj-3.0-18.2mdv2007.0.i586.rpm
 ea99b66036aae65ebd4dc61c926371c2  2007.0/i586/tetex-dvipdfm-3.0-18.2mdv2007.0.i586.rpm
 6ad19d54b5ffb9f36d89e25543614d6a  2007.0/i586/tetex-dvips-3.0-18.2mdv2007.0.i586.rpm
 2ed6744049834e1b5571c014039cad73  2007.0/i586/tetex-latex-3.0-18.2mdv2007.0.i586.rpm
 68710a0017149bab9bd9c45e72500e4d  2007.0/i586/tetex-mfwin-3.0-18.2mdv2007.0.i586.rpm
 e86f54a2dd0c686181b5095612dd36e6  2007.0/i586/tetex-texi2html-3.0-18.2mdv2007.0.i586.rpm
 52cefb34a64cb9153f2089e01c1c41a3  2007.0/i586/tetex-xdvi-3.0-18.2mdv2007.0.i586.rpm
 8ee8896d09ee50dcb43dfafb27af7450  2007.0/i586/xmltex-1.9-64.2mdv2007.0.i586.rpm 
 7332b25d4445a16a6e8cf7dde312f8b3  2007.0/SRPMS/tetex-3.0-18.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 bd2a21204202fc7101a14cd843dc6675  2007.0/x86_64/jadetex-3.12-116.2mdv2007.0.x86_64.rpm
 18a2ebd864bda026ed9deae0260f2c6a  2007.0/x86_64/tetex-3.0-18.2mdv2007.0.x86_64.rpm
 08674c2aaf3dc4e64d79e356351b16ec  2007.0/x86_64/tetex-afm-3.0-18.2mdv2007.0.x86_64.rpm
 099958867b65722546ff5616168d353b  2007.0/x86_64/tetex-context-3.0-18.2mdv2007.0.x86_64.rpm
 ab7b5ddd7032163f9538cbfeb972c36f  2007.0/x86_64/tetex-devel-3.0-18.2mdv2007.0.x86_64.rpm
 80d8c28897a373290a3e7da9e7450049  2007.0/x86_64/tetex-doc-3.0-18.2mdv2007.0.x86_64.rpm
 25b68b1ec84b71b41670441bd14e3662  2007.0/x86_64/tetex-dvilj-3.0-18.2mdv2007.0.x86_64.rpm
 1145106d1b43d66780ef9e5fbf7b41e0  2007.0/x86_64/tetex-dvipdfm-3.0-18.2mdv2007.0.x86_64.rpm
 6a7f1c5b69eec1d6dc909d1a4bd60e62  2007.0/x86_64/tetex-dvips-3.0-18.2mdv2007.0.x86_64.rpm
 99fb2ba27ba3ee62627f98e3a293961a  2007.0/x86_64/tetex-latex-3.0-18.2mdv2007.0.x86_64.rpm
 8fd128897ea8795205e09e26df2d9936  2007.0/x86_64/tetex-mfwin-3.0-18.2mdv2007.0.x86_64.rpm
 f8d9a6b42f6ac0e8cbbe49db185683aa  2007.0/x86_64/tetex-texi2html-3.0-18.2mdv2007.0.x86_64.rpm
 dcbdb99c0cb719fdf46462266b8c0b1b  2007.0/x86_64/tetex-xdvi-3.0-18.2mdv2007.0.x86_64.rpm
 9d4136876004296084ccccb2e8901ba8  2007.0/x86_64/xmltex-1.9-64.2mdv2007.0.x86_64.rpm 
 7332b25d4445a16a6e8cf7dde312f8b3  2007.0/SRPMS/tetex-3.0-18.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b0c390f76cf5b5345d5c09ca69d3c059  2007.1/i586/jadetex-3.12-129.1mdv2007.1.i586.rpm
 5ee999211c58309118a09d98cc334711  2007.1/i586/tetex-3.0-31.1mdv2007.1.i586.rpm
 824ed1c03ce87ed9735d918badd463c3  2007.1/i586/tetex-afm-3.0-31.1mdv2007.1.i586.rpm
 d26541171e2d048cce9b708bd75771ad  2007.1/i586/tetex-context-3.0-31.1mdv2007.1.i586.rpm
 81c9101b8ff1c83ce091be00328ec0ba  2007.1/i586/tetex-devel-3.0-31.1mdv2007.1.i586.rpm
 c14a60cccb6b00a8f3df515b7640d7b7  2007.1/i586/tetex-doc-3.0-31.1mdv2007.1.i586.rpm
 cae0f034ff475c0ba70cf02a2a977ba6  2007.1/i586/tetex-dvilj-3.0-31.1mdv2007.1.i586.rpm
 b4c68dbaed85af6334e1716d83327d2b  2007.1/i586/tetex-dvipdfm-3.0-31.1mdv2007.1.i586.rpm
 377f9fd4e3ad4ef7fa64a93b34c2a93b  2007.1/i586/tetex-dvips-3.0-31.1mdv2007.1.i586.rpm
 5a80c5a2bded8b079d136a07ddba8860  2007.1/i586/tetex-latex-3.0-31.1mdv2007.1.i586.rpm
 047e0abadaa73d98d6f7df9e86d079bc  2007.1/i586/tetex-mfwin-3.0-31.1mdv2007.1.i586.rpm
 e05a770ad5bbd460f649f3e97603fdc3  2007.1/i586/tetex-texi2html-3.0-31.1mdv2007.1.i586.rpm
 1e3549f969eb15273cd985c56e030d1f  2007.1/i586/tetex-usrlocal-3.0-31.1mdv2007.1.i586.rpm
 6bafc48bd1afb2202d18bd4c7a392a09  2007.1/i586/tetex-xdvi-3.0-31.1mdv2007.1.i586.rpm
 2d25c94ec807ef9e79c9411f6b1e5ab4  2007.1/i586/xmltex-1.9-77.1mdv2007.1.i586.rpm 
 6f72108fa75b366013c051dfdaa3c00b  2007.1/SRPMS/tetex-3.0-31.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 0f896082d16abfc556550384da047593  2007.1/x86_64/jadetex-3.12-129.1mdv2007.1.x86_64.rpm
 0233b425630b3f798a9b59173d94136f  2007.1/x86_64/tetex-3.0-31.1mdv2007.1.x86_64.rpm
 08f4c1b8e5122bc4f796d0730c990ba2  2007.1/x86_64/tetex-afm-3.0-31.1mdv2007.1.x86_64.rpm
 700e4d4965c0efa6dbfa492c1b6c5600  2007.1/x86_64/tetex-context-3.0-31.1mdv2007.1.x86_64.rpm
 9e20dcb2b92d55863fd86580f28527b0  2007.1/x86_64/tetex-devel-3.0-31.1mdv2007.1.x86_64.rpm
 cae67471381dd0b8e35994831415acc4  2007.1/x86_64/tetex-doc-3.0-31.1mdv2007.1.x86_64.rpm
 b8863374cbad4906248111a06fdaf6e9  2007.1/x86_64/tetex-dvilj-3.0-31.1mdv2007.1.x86_64.rpm
 1e71cd23d4020dc8317051c6bc15a358  2007.1/x86_64/tetex-dvipdfm-3.0-31.1mdv2007.1.x86_64.rpm
 626ee1efbd88acc8cccfbee5da1985ab  2007.1/x86_64/tetex-dvips-3.0-31.1mdv2007.1.x86_64.rpm
 648fdbb1723f9f1293224da40fb3264d  2007.1/x86_64/tetex-latex-3.0-31.1mdv2007.1.x86_64.rpm
 a3522f9fe371890adc4721d0139906d4  2007.1/x86_64/tetex-mfwin-3.0-31.1mdv2007.1.x86_64.rpm
 e8ba7ab0942deab0967cc876512e1a20  2007.1/x86_64/tetex-texi2html-3.0-31.1mdv2007.1.x86_64.rpm
 7d502b1bd83aa3da29c3445f333db9bf  2007.1/x86_64/tetex-usrlocal-3.0-31.1mdv2007.1.x86_64.rpm
 61692c92d44a06189a35b57d03a7e716  2007.1/x86_64/tetex-xdvi-3.0-31.1mdv2007.1.x86_64.rpm
 17070f0edb31a519ac58152f67f7053d  2007.1/x86_64/xmltex-1.9-77.1mdv2007.1.x86_64.rpm 
 6f72108fa75b366013c051dfdaa3c00b  2007.1/SRPMS/tetex-3.0-31.1mdv2007.1.src.rpm

 Corporate 3.0:
 69fec44f571156f4892f3ce3304c2221  corporate/3.0/i586/jadetex-3.12-93.6.C30mdk.i586.rpm
 e8a6f51ec4ce24e9a49671d8120d9340  corporate/3.0/i586/tetex-2.0.2-14.6.C30mdk.i586.rpm
 7bfa7ed152924e9d9e0003a9211b228e  corporate/3.0/i586/tetex-afm-2.0.2-14.6.C30mdk.i586.rpm
 87b1950ab06289054e397dbe54d1814f  corporate/3.0/i586/tetex-context-2.0.2-14.6.C30mdk.i586.rpm
 bb584f7d5a9bf364156b2d417aeb40e2  corporate/3.0/i586/tetex-devel-2.0.2-14.6.C30mdk.i586.rpm
 63de8b03b1464fece712e36f729a898a  corporate/3.0/i586/tetex-doc-2.0.2-14.6.C30mdk.i586.rpm
 21f2d4a4104f74e282b41417637ba4d4  corporate/3.0/i586/tetex-dvilj-2.0.2-14.6.C30mdk.i586.rpm
 4e0478c74ea2e5ef38b5de6a58bcc812  corporate/3.0/i586/tetex-dvipdfm-2.0.2-14.6.C30mdk.i586.rpm
 ae85fecf42171fe00bf14ddad82038a5  corporate/3.0/i586/tetex-dvips-2.0.2-14.6.C30mdk.i586.rpm
 1af2feb51a41f1fc6460b2c810e03beb  corporate/3.0/i586/tetex-latex-2.0.2-14.6.C30mdk.i586.rpm
 c336772d422355e4585c7b15e3f57b62  corporate/3.0/i586/tetex-mfwin-2.0.2-14.6.C30mdk.i586.rpm
 c3f69b000f0f7f925033fd7314776ca4  corporate/3.0/i586/tetex-texi2html-2.0.2-14.6.C30mdk.i586.rpm
 070c9cbe961d604459cce982bf441232  corporate/3.0/i586/tetex-xdvi-2.0.2-14.6.C30mdk.i586.rpm
 3743e29d11c908288ba225b389d8a777  corporate/3.0/i586/xmltex-1.9-41.6.C30mdk.i586.rpm 
 72dd7067c3e01870a36c200dea46d98f  corporate/3.0/SRPMS/tetex-2.0.2-14.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1c4bcc2589858644c8b2456a4c63f355  corporate/3.0/x86_64/jadetex-3.12-93.6.C30mdk.x86_64.rpm
 0b20d640eb8d18f1a5ddbaa61f0b9c12  corporate/3.0/x86_64/tetex-2.0.2-14.6.C30mdk.x86_64.rpm
 ba7fe18d47ae12685daf0467f9c2e32a  corporate/3.0/x86_64/tetex-afm-2.0.2-14.6.C30mdk.x86_64.rpm
 39304c8b7a86e202f587955f61610791  corporate/3.0/x86_64/tetex-context-2.0.2-14.6.C30mdk.x86_64.rpm
 075732b125d63a6ec253113416033a30  corporate/3.0/x86_64/tetex-devel-2.0.2-14.6.C30mdk.x86_64.rpm
 18bde348dc1e27fe6f7920e0c570b856  corporate/3.0/x86_64/tetex-doc-2.0.2-14.6.C30mdk.x86_64.rpm
 1bef4166396e578ec54133a601a2acc0  corporate/3.0/x86_64/tetex-dvilj-2.0.2-14.6.C30mdk.x86_64.rpm
 3ccb48aa3d73035b25442fad43c3972b  corporate/3.0/x86_64/tetex-dvipdfm-2.0.2-14.6.C30mdk.x86_64.rpm
 e62237183d2cb28c322ccd33a8646381  corporate/3.0/x86_64/tetex-dvips-2.0.2-14.6.C30mdk.x86_64.rpm
 3ca3a5aa3e3280281992dec9f70dc710  corporate/3.0/x86_64/tetex-latex-2.0.2-14.6.C30mdk.x86_64.rpm
 03cf7ec5142b11c33149a09f56299bd4  corporate/3.0/x86_64/tetex-mfwin-2.0.2-14.6.C30mdk.x86_64.rpm
 77bfb4e143bdfc9ea7be3a1369f3cf4b  corporate/3.0/x86_64/tetex-texi2html-2.0.2-14.6.C30mdk.x86_64.rpm
 063b58c4e01d03623400812c93cf3bdc  corporate/3.0/x86_64/tetex-xdvi-2.0.2-14.6.C30mdk.x86_64.rpm
 03f8d26d409b40b663bc9277b759e1d5  corporate/3.0/x86_64/xmltex-1.9-41.6.C30mdk.x86_64.rpm 
 72dd7067c3e01870a36c200dea46d98f  corporate/3.0/SRPMS/tetex-2.0.2-14.6.C30mdk.src.rpm

 Corporate 4.0:
 353c207f583bac4b97e9ed18ded74d49  corporate/4.0/i586/jadetex-3.12-110.4.20060mlcs4.i586.rpm
 25dddb88ea4763663a141f6dbeddac01  corporate/4.0/i586/tetex-3.0-12.4.20060mlcs4.i586.rpm
 6c0de20e1e40ce1879dc7f7928a0339f  corporate/4.0/i586/tetex-afm-3.0-12.4.20060mlcs4.i586.rpm
 1a292217bb3b93a9d3bd00ef03e88742  corporate/4.0/i586/tetex-context-3.0-12.4.20060mlcs4.i586.rpm
 16d95f9c6eaf286a23b4774cfe5e0b85  corporate/4.0/i586/tetex-devel-3.0-12.4.20060mlcs4.i586.rpm
 60125a1bf699d93cc6fa585361c16ef4  corporate/4.0/i586/tetex-doc-3.0-12.4.20060mlcs4.i586.rpm
 1f0538ae84f8defbd02d7f7daee21154  corporate/4.0/i586/tetex-dvilj-3.0-12.4.20060mlcs4.i586.rpm
 6ca2b40b5323af558c8d5c1d5389e505  corporate/4.0/i586/tetex-dvipdfm-3.0-12.4.20060mlcs4.i586.rpm
 5df38c53bb5ffe84f248a6b0f55193d2  corporate/4.0/i586/tetex-dvips-3.0-12.4.20060mlcs4.i586.rpm
 1feb7c32d5ce93353802bb49687d7af0  corporate/4.0/i586/tetex-latex-3.0-12.4.20060mlcs4.i586.rpm
 1c4fbb7e6a2acaaffb818d0d9838f1f3  corporate/4.0/i586/tetex-mfwin-3.0-12.4.20060mlcs4.i586.rpm
 86d4d0fb1bdb5aa140d5d9627fae682c  corporate/4.0/i586/tetex-texi2html-3.0-12.4.20060mlcs4.i586.rpm
 408cf29fccdc4ed33e1a530dfdaacdf0  corporate/4.0/i586/tetex-xdvi-3.0-12.4.20060mlcs4.i586.rpm
 10bccc85c8752721bdaf21f1ebd62480  corporate/4.0/i586/xmltex-1.9-58.4.20060mlcs4.i586.rpm 
 cb91a4f29611bfb2fd602bb780449088  corporate/4.0/SRPMS/tetex-3.0-12.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f3a1f2a77294feb65162f034b9df4964  corporate/4.0/x86_64/jadetex-3.12-110.4.20060mlcs4.x86_64.rpm
 4330709943e85543b7d78c1339bb3830  corporate/4.0/x86_64/tetex-3.0-12.4.20060mlcs4.x86_64.rpm
 b4c0084e1ec7e3e5319622b02ced0291  corporate/4.0/x86_64/tetex-afm-3.0-12.4.20060mlcs4.x86_64.rpm
 dea7084c10404bc9d0ce25524e2403a6  corporate/4.0/x86_64/tetex-context-3.0-12.4.20060mlcs4.x86_64.rpm
 96132bde53b53c26b217c977f2f1bf41  corporate/4.0/x86_64/tetex-devel-3.0-12.4.20060mlcs4.x86_64.rpm
 c0dc37849c4f64dbb456890446d1999b  corporate/4.0/x86_64/tetex-doc-3.0-12.4.20060mlcs4.x86_64.rpm
 938f1eea3ff14476bce05a522b5d1e16  corporate/4.0/x86_64/tetex-dvilj-3.0-12.4.20060mlcs4.x86_64.rpm
 80637e21655ae7a4a2c00d368bbba408  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.4.20060mlcs4.x86_64.rpm
 1ee92cdcd5379a78b676ac1a28e4a4be  corporate/4.0/x86_64/tetex-dvips-3.0-12.4.20060mlcs4.x86_64.rpm
 9a6cf9edef2a08eb6ed8a02156cdfef5  corporate/4.0/x86_64/tetex-latex-3.0-12.4.20060mlcs4.x86_64.rpm
 141d05046ae1db25c51dfe66ec3f2831  corporate/4.0/x86_64/tetex-mfwin-3.0-12.4.20060mlcs4.x86_64.rpm
 51a8a0e33e7dddb05127324463d4cd7f  corporate/4.0/x86_64/tetex-texi2html-3.0-12.4.20060mlcs4.x86_64.rpm
 d0af2ea4888afcff162a03d2107295fb  corporate/4.0/x86_64/tetex-xdvi-3.0-12.4.20060mlcs4.x86_64.rpm
 df253a5dd2d53370903fec7ee373618b  corporate/4.0/x86_64/xmltex-1.9-58.4.20060mlcs4.x86_64.rpm 
 cb91a4f29611bfb2fd602bb780449088  corporate/4.0/SRPMS/tetex-3.0-12.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.