Pardus: 2010-82: texlive-core: Integer Overflow

Posted by Benjamin D. Thomas

An integer overflow has been fixed in texlive-core which can be used by malicious people to execute arbitrary code.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-82            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-24
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
An integer overflow has been fixed in texlive-core which can be used by
malicious people to execute arbitrary code.


Description
==========
CVE-2010-0827:

Integer overflow in dvips in TeX Live  2009  and  earlier,  and  teTeX,
allows remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted virtual font (VF) file
associated with a DVI file.


Affected packages:

  Pardus 2009:
    texlive-core, all before 0.0_20080816-5-5


Resolution
=========
There are update(s) for texlive-core. You can update them  via  Package
Manager or with a single command from console:

    pisi up texlive-core

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id395

------------------------------------------------------------------------