Debian: DSA-1917-1 Moderate: Mimetex Buffer Overflow Exploits
debian
October 24, 2009
Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML
Summary
Several vulnerabilities have been discovered in mimetex, a lightweight
alternative to MathML. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-1382
Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow.
An attacker could execute arbitrary code via a TeX file with long picture,
circle, input tags.
CVE-2009-2459
Chris Evans discovered that mimeTeX contained certain directives that may be
unsuitable for handling untrusted user input. A remote attacker can obtain
sensitive information.
For the oldstable distribution (etch), these problems have been fixed in
version 1.50-1+etch1.
Due to a bug in the archive system, the fix for the stable distribution
(lenny) will be released as version 1.50-1+lenny1 once it is available.
For the testing distribution (squeeze), and the unstable distribution (sid),
these problems have been fixed in version 1.50-1.1.
We recommend that you upgrade your mimetex packages.
Upgrade instructions
- ----------------...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!