LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated tetex packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:124
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : June 13, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in libgd2 was found by Xavier Roche where it would not correctly
 validate PNG callback results.  If an application linked against
 libgd2 was tricked into processing a specially-crafted PNG file, it
 could cause a denial of service scenario via CPU resource consumption.
 
 Tetex uses an embedded copy of the gd source and may also be affected
 by this issue.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2e8c2ac6ad83cc072b76787be3d15299  2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm
 957a3160ce764d40e12e6017130a6332  2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm
 e6f1f57c2aab41833f5a2f4a46356144  2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm
 8c6e7772152cfa5ebe14cef82e9c8886  2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm
 94be356439d6932788d9f7550e9206d5  2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm
 cd5db61b9bfd3e644efd262de24e84c5  2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm
 846e037efab3a20fe81c1be5a5cbbfc0  2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm
 33c7aa750310bfda386768f9e7f8055d  2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm
 08db04b936e7d91644f21b54a423bcff  2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm
 5bc245e88f789ded24c3b2c36740d24a  2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm
 bb90c0b9833a35c31450f43149a5b076  2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm
 dba9384f7d839111cacaee7511e080ed  2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm
 626eb3c0c5f18540e14c25b098e882e5  2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm
 468a678c98a37047027dc813274004ce  2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm 
 f65fbde65d9ca68be158f92e24508413  2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 ce0d6de4ce859af079ffe3afc49c05bf  2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm
 4b2e945b215737269c192a6fbcf838b6  2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm
 1673d2571a84c29b58385e02eb3bd6c3  2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm
 60ca25d92303c6864a50559098c1b601  2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm
 91d962afd5f258ab72c5ef2ab6bdfa1a  2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm
 2c186f216f86f43920ad9904d28e3e0f  2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm
 4d6ea1b35f033e1cd27d1d61393a0196  2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm
 e4fc1eda06c96d9f72ec0415099d6094  2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm
 a4daeeb22f0e9de15893df0d2b49614d  2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm
 051377331be602aee494c41d7858b8a8  2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm
 e341788602e2239080c80c111bc23d52  2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm
 6486e09c3be46503b597666819f2dcb3  2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm
 fe18bf6f511d0a8af4a52f8970102fcb  2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm
 9b018058b8cae68e65228a151a849603  2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm 
 f65fbde65d9ca68be158f92e24508413  2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 50048a669bb05f151efa42105f43fb9c  2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm
 e29de9eb213eb8b94539a1e3d6a22db9  2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm
 81ca9f7536b997c3793df222442fb519  2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm
 9659b9e7a5b8530c49cc9ceb40a32f18  2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm
 2ba7ea077768d4c82351656578c984eb  2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm
 6ea801e052eab5a1bd6258c08b6c8268  2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm
 16160a0300b7a80c131a161fee536ccb  2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm
 8fb693d4715e914d85d4ef97f57c91f8  2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm
 bc1ad2d54861f6b447e6205024f7e52f  2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm
 f672d69f2edb5d6a9d1ef562f570a7b9  2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm
 028c8012150d66f65b0386f1c1bc85a4  2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm
 67aa7bdf0e24c48f005ffdb6d5f1ed36  2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm
 0f2a7b4946894afa7e126f9deb17a7b7  2007.1/i586/tetex-usrlocal-3.0-31.2mdv2007.1.i586.rpm
 e481bed4173177025ae1ec8736be5d00  2007.1/i586/tetex-xdvi-3.0-31.2mdv2007.1.i586.rpm
 5840aff2d781d350c725cfa542bd1703  2007.1/i586/xmltex-1.9-77.2mdv2007.1.i586.rpm 
 30fc9e3fdd1c57f5c3114ef62cd40206  2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 ca693fc97d8d06f649dbf6ce495065a2  2007.1/x86_64/jadetex-3.12-129.2mdv2007.1.x86_64.rpm
 c80a9f1e9d46d70acb08d8ff1ba79b89  2007.1/x86_64/tetex-3.0-31.2mdv2007.1.x86_64.rpm
 384fbbfe1f41516e186217f772be285f  2007.1/x86_64/tetex-afm-3.0-31.2mdv2007.1.x86_64.rpm
 2cde2d3ca5867704be94ad810b98545c  2007.1/x86_64/tetex-context-3.0-31.2mdv2007.1.x86_64.rpm
 4a967f6eb42973b60120978d5b6552d5  2007.1/x86_64/tetex-devel-3.0-31.2mdv2007.1.x86_64.rpm
 b5b172dba480c0c8fb56bca4e0625983  2007.1/x86_64/tetex-doc-3.0-31.2mdv2007.1.x86_64.rpm
 a874b50dfb6ca67b3fa5e8a39f0570c0  2007.1/x86_64/tetex-dvilj-3.0-31.2mdv2007.1.x86_64.rpm
 84c44363e7fb26726cdb47c3645a3e4a  2007.1/x86_64/tetex-dvipdfm-3.0-31.2mdv2007.1.x86_64.rpm
 71cea521a62bcd4a019a46808df86f50  2007.1/x86_64/tetex-dvips-3.0-31.2mdv2007.1.x86_64.rpm
 f0e20e8eb0957621fef83b324d24ec6d  2007.1/x86_64/tetex-latex-3.0-31.2mdv2007.1.x86_64.rpm
 52e972b6404156a84bd101acd972e7de  2007.1/x86_64/tetex-mfwin-3.0-31.2mdv2007.1.x86_64.rpm
 d0c983661de367d9c3b5ef8641d65784  2007.1/x86_64/tetex-texi2html-3.0-31.2mdv2007.1.x86_64.rpm
 b12db36bc90330c6ac09677bc9a4dadc  2007.1/x86_64/tetex-usrlocal-3.0-31.2mdv2007.1.x86_64.rpm
 54d7c5622d0923ba8514e23e3d730c0b  2007.1/x86_64/tetex-xdvi-3.0-31.2mdv2007.1.x86_64.rpm
 51d9d825e1826d8a4a2e35830b789d32  2007.1/x86_64/xmltex-1.9-77.2mdv2007.1.x86_64.rpm 
 30fc9e3fdd1c57f5c3114ef62cd40206  2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

 Corporate 4.0:
 e599963f57bf4cbabcfa0bc5cd85361a  corporate/4.0/i586/jadetex-3.12-110.5.20060mlcs4.i586.rpm
 3d51ae4ec1cb2d9257990de218735b7c  corporate/4.0/i586/tetex-3.0-12.5.20060mlcs4.i586.rpm
 f54c81df83907d8465375ebf0cc0be51  corporate/4.0/i586/tetex-afm-3.0-12.5.20060mlcs4.i586.rpm
 628d170cfd5848644efccc75e3c7b2ee  corporate/4.0/i586/tetex-context-3.0-12.5.20060mlcs4.i586.rpm
 e8414063f9a970b11eb259e4f247d6a4  corporate/4.0/i586/tetex-devel-3.0-12.5.20060mlcs4.i586.rpm
 766cadc5ead080da2714132785abbc2b  corporate/4.0/i586/tetex-doc-3.0-12.5.20060mlcs4.i586.rpm
 a1a0d027f353f029eff92e44d1d380b2  corporate/4.0/i586/tetex-dvilj-3.0-12.5.20060mlcs4.i586.rpm
 4878794c86296306e98e3083b0888da9  corporate/4.0/i586/tetex-dvipdfm-3.0-12.5.20060mlcs4.i586.rpm
 13fded1d09028f0f6a09745dde2c9195  corporate/4.0/i586/tetex-dvips-3.0-12.5.20060mlcs4.i586.rpm
 bf586503d8f18aeb0e4d039b0a5811ac  corporate/4.0/i586/tetex-latex-3.0-12.5.20060mlcs4.i586.rpm
 6addfcd795b2760417bd6322b1e06161  corporate/4.0/i586/tetex-mfwin-3.0-12.5.20060mlcs4.i586.rpm
 dadfda7a6b914a804ca9064f3ccd858b  corporate/4.0/i586/tetex-texi2html-3.0-12.5.20060mlcs4.i586.rpm
 7d503c927bed3c8f4900bb63dc5fa1cb  corporate/4.0/i586/tetex-xdvi-3.0-12.5.20060mlcs4.i586.rpm
 14abc9b3821b8fed85ccc324d2750464  corporate/4.0/i586/xmltex-1.9-58.5.20060mlcs4.i586.rpm 
 6eeeae7b2e2a3f73041996ed6bb455b6  corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 20945c9decacd27b855bbf1a234f51fe  corporate/4.0/x86_64/jadetex-3.12-110.5.20060mlcs4.x86_64.rpm
 051d3485b5f89420dd2d88ec53307412  corporate/4.0/x86_64/tetex-3.0-12.5.20060mlcs4.x86_64.rpm
 0e26a770001875de05795cbed4206a77  corporate/4.0/x86_64/tetex-afm-3.0-12.5.20060mlcs4.x86_64.rpm
 d9fdf4240acec0a31dbc5e0c96887de5  corporate/4.0/x86_64/tetex-context-3.0-12.5.20060mlcs4.x86_64.rpm
 428e660f5caf899f82a9f9aca31ed4a0  corporate/4.0/x86_64/tetex-devel-3.0-12.5.20060mlcs4.x86_64.rpm
 51c6a7ed18b59d381156ffe1291cf4a5  corporate/4.0/x86_64/tetex-doc-3.0-12.5.20060mlcs4.x86_64.rpm
 2f182feb9728673a4f97bfc60fb3e6fb  corporate/4.0/x86_64/tetex-dvilj-3.0-12.5.20060mlcs4.x86_64.rpm
 9ae5269b4468ce485ad0488cabc2f91e  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.5.20060mlcs4.x86_64.rpm
 75b50d9c33d183728796d845b0f07c14  corporate/4.0/x86_64/tetex-dvips-3.0-12.5.20060mlcs4.x86_64.rpm
 1f0454ee084c06cce0739937441e0487  corporate/4.0/x86_64/tetex-latex-3.0-12.5.20060mlcs4.x86_64.rpm
 97a2f90d8e8f5f19fde44b25834af43b  corporate/4.0/x86_64/tetex-mfwin-3.0-12.5.20060mlcs4.x86_64.rpm
 27b66f9466cf9ff3f4850fe0e6a412de  corporate/4.0/x86_64/tetex-texi2html-3.0-12.5.20060mlcs4.x86_64.rpm
 9568e6f8b9efa04ea56b943dc1ac6383  corporate/4.0/x86_64/tetex-xdvi-3.0-12.5.20060mlcs4.x86_64.rpm
 8672d507807a9f69cd8457ccaec313af  corporate/4.0/x86_64/xmltex-1.9-58.5.20060mlcs4.x86_64.rpm 
 6eeeae7b2e2a3f73041996ed6bb455b6  corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.