Pardus: 2010-84: dvipng: Denial of Service
Posted by Benjamin D. Thomas   
Multiple array index errors have been fixed which can allow malicious users to cause denial of service.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-84            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-24
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
Multiple array index errors have been fixed which can  allow  malicious
users to cause denial of service.


Description
==========
CVE-2010-0829:

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX,
allow remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a malformed DVI file.


Affected packages:

  Pardus 2009:
    dvipng, all before 1.13-4-3


Resolution
=========
There are update(s) for dvipng. You can update them via Package Manager
or with a single command from console:

    pisi up dvipng

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id392

------------------------------------------------------------------------