Fedora Core 3 tetex Update 202-217FC3-11 Critical PDF Exploit

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes

a text file and a set of formatting commands as input and creates a

typesetter-independent .dvi (DeVice Independent) file as output.

Usually, TeX is used in conjunction with a higher level formatting

package like LaTeX or PlainTeX, since TeX by itself is not very

user-friendly.

Install tetex if you want to use the TeX text formatting system. If

you are installing tetex, you will also need to install tetex-afm (a

PostScript(TM) font converter for TeX),

tetex-dvips (for converting .dvi files to PostScript format

for printing on PostScript printers), tetex-latex (a higher level

formatting package which provides an easier-to-use interface for TeX),

and tetex-xdvi (for previewing .dvi files in X). Unless you are an

expert at using TeX, you should also install the tetex-doc package,

which includes the documentation for TeX.

Several flaws were discovered in the way teTeX processes PDF

files. An attacker could construct a carefully crafted PDF

file that could cause poppler to crash or possibly execute

arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned

the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and

CVE-2005-3627 to these issues.

- apply additional patch to fix xpdf flaws from Ludwig Nussel

(CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)

* Mon Dec 19 2005 Jindrich Novy 2.0.2-21.6

- apply more complete fix for CVE-2005-3193 (#175110) suggested by

security response team, taken from xpdf

cf7ccd06a85a2a3eaa876706971fe32f5cba66b9 SRPMS/tetex-2.0.2-21.7.FC3.src.rpm

c4b3207cd02981b2c6f96ad2e27e2c882664c444 x86_64/tetex-2.0.2-21.7.FC3.x86_64.rpm

cfe7477d6307af610983d7b3b4bd8ab1b23026bc x86_64/tetex-latex-2.0.2-21.7.FC3.x86_64.rpm

6de73df47b772f7631692c4c392a02a32630acc4 x86_64/tetex-xdvi-2.0.2-21.7.FC3.x86_64.rpm

ec4cc2f62901e9714f5fc0a1e482ac87868a38e3 x86_64/tetex-dvips-2.0.2-21.7.FC3.x86_64.rpm

7b7380a14999d0fb2ea794cf48afea1bf4fcb608 x86_64/tetex-afm-2.0.2-21.7.FC3.x86_64.rpm

5f58c8f32f80ae9f3940918cb77dc4145ac87d15 x86_64/tetex-fonts-2.0.2-21.7.FC3.x86_64.rpm

8269c2c6f763acc64d4b7230b3e2b9e30de0e5e6 x86_64/tetex-doc-2.0.2-21.7.FC3.x86_64.rpm

fa6a0fe488ddca27adddf8fd8e86efd5d3c96702 x86_64/debug/tetex-debuginfo-2.0.2-21.7.FC3.x86_64.rpm

0199f223161ef36cc20d6c8d3975bc93cf5b859a i386/tetex-2.0.2-21.7.FC3.i386.rpm

ebf60610fcb7883a7fd51fc9149ca0ce39c25f88 i386/tetex-latex-2.0.2-21.7.FC3.i386.rpm

9b33603eaf128f8175b5d6a76b11dc2a1f7938a9 i386/tetex-xdvi-2.0.2-21.7.FC3.i386.rpm

0bca7c80842a921535f9f169873bba67857a9262 i386/tetex-dvips-2.0.2-21.7.FC3.i386.rpm

b10d1f4ab980b22f1b8c2998bba514294438e3e4 i386/tetex-afm-2.0.2-21.7.FC3.i386.rpm

439315089cf95886e7e93531df42779a5b3c9225 i386/tetex-fonts-2.0.2-21.7.FC3.i386.rpm

26316d94c329dbc63f732451cd92eac25a376bed i386/tetex-doc-2.0.2-21.7.FC3.i386.rpm

62428a292a5e896a2e13e95ad6dc58be9559af9e i386/debug/tetex-debuginfo-2.0.2-21.7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com