RedHat: Moderate: tetex security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: tetex security update
Advisory ID:       RHSA-2005:354-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-354.html
Issue date:        2005-04-01
Updated on:        2005-04-01
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0888 CAN-2004-1125
- ---------------------------------------------------------------------

1. Summary:

Updated tetex packages that fix several integer overflows are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.

A number of security flaws have been found affecting libraries used
internally within teTeX.  An attacker who has the ability to trick a user
into processing a malicious file with teTeX could cause teTeX to crash or
possibly execute arbitrary code. 

A number of integer overflow bugs that affect Xpdf were discovered. The
teTeX package contains a copy of the Xpdf code used for parsing PDF files
and is therefore affected by these bugs. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2004-0888 and
CAN-2004-1125 to these issues.

A number of integer overflow bugs that affect libtiff were discovered.  The
teTeX package contains an internal copy of libtiff used for parsing TIFF
image files and is therefore affected by these bugs.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0803, CAN-2004-0804 and CAN-2004-0886 to these issues.

Also latex2html is added to package tetex-latex for 64bit platforms.

Users of teTeX should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

137475 - CAN-2004-0888 xpdf integer overflows
137607 - CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
137973 - tetex-latex package missing latex2html
145129 - CAN-2004-1125 xpdf buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm

ia64:
65fa9f50ff34d83f16d930f4be8fd09f  tetex-1.0.7-38.5E.8.ia64.rpm
32cab33699c3928e2c743538b02fb568  tetex-afm-1.0.7-38.5E.8.ia64.rpm
d2530b745bca8e100b10c351b07db66e  tetex-doc-1.0.7-38.5E.8.ia64.rpm
088cf8bde9281498821c578418ba2c7b  tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
759261d6cb19e58d5ccd84aa4b8ff77f  tetex-dvips-1.0.7-38.5E.8.ia64.rpm
aa145c8fc8f88176ca9958b1d25969c7  tetex-fonts-1.0.7-38.5E.8.ia64.rpm
59dd10dbea7a5761f0708faf38924b4d  tetex-latex-1.0.7-38.5E.8.ia64.rpm
146fa129f82b229b3736de8646c88bba  tetex-xdvi-1.0.7-38.5E.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm

ia64:
65fa9f50ff34d83f16d930f4be8fd09f  tetex-1.0.7-38.5E.8.ia64.rpm
32cab33699c3928e2c743538b02fb568  tetex-afm-1.0.7-38.5E.8.ia64.rpm
d2530b745bca8e100b10c351b07db66e  tetex-doc-1.0.7-38.5E.8.ia64.rpm
088cf8bde9281498821c578418ba2c7b  tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
759261d6cb19e58d5ccd84aa4b8ff77f  tetex-dvips-1.0.7-38.5E.8.ia64.rpm
aa145c8fc8f88176ca9958b1d25969c7  tetex-fonts-1.0.7-38.5E.8.ia64.rpm
59dd10dbea7a5761f0708faf38924b4d  tetex-latex-1.0.7-38.5E.8.ia64.rpm
146fa129f82b229b3736de8646c88bba  tetex-xdvi-1.0.7-38.5E.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm

ppc:
6840b4b9525d995f6a8d0cff49ad342d  tetex-1.0.7-67.7.ppc.rpm
686b36322cced7700b251cb799a149d9  tetex-afm-1.0.7-67.7.ppc.rpm
4864ff1dfb6fe6b0c487051272e598be  tetex-dvips-1.0.7-67.7.ppc.rpm
f49ebe65c04f7a6ef1758fe4bae993ed  tetex-fonts-1.0.7-67.7.ppc.rpm
1ea30cb22124b4293d92ebf171b18372  tetex-latex-1.0.7-67.7.ppc.rpm
e4d2624d104cfcae449e86939df8f100  tetex-xdvi-1.0.7-67.7.ppc.rpm

s390:
06c6b4779930bb803b591af8f82014b7  tetex-1.0.7-67.7.s390.rpm
0cc859f1c101b0283cac22c8fa1f7029  tetex-afm-1.0.7-67.7.s390.rpm
82f0c5d4edc43b5592ee31580d3d2598  tetex-dvips-1.0.7-67.7.s390.rpm
5e24afa95c0c81b3f37ef9d58272a556  tetex-fonts-1.0.7-67.7.s390.rpm
3606c37243a599ed81b9193a9f7e2315  tetex-latex-1.0.7-67.7.s390.rpm
422d88e7e25fd240b2c58ec8f3454043  tetex-xdvi-1.0.7-67.7.s390.rpm

s390x:
fc0447b2810a6c4b88d3846b55eef1f7  tetex-1.0.7-67.7.s390x.rpm
01834580509ce3faa5f9ec40a50d9437  tetex-afm-1.0.7-67.7.s390x.rpm
8be653ea8a54e38df44405727b97221d  tetex-dvips-1.0.7-67.7.s390x.rpm
2d9b29929e9e1e93e4b3054be00b109e  tetex-fonts-1.0.7-67.7.s390x.rpm
9c693a28ad4f210e4a80faebe2610256  tetex-latex-1.0.7-67.7.s390x.rpm
54323c111589e10d0d19f62a45ae9e19  tetex-xdvi-1.0.7-67.7.s390x.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.