Fedora: tetex-3.0-9.FC4 Critical: PDF Processing Risks Exploited

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes

a text file and a set of formatting commands as input and creates a

typesetter-independent .dvi (DeVice Independent) file as output.

Usually, TeX is used in conjunction with a higher level formatting

package like LaTeX or PlainTeX, since TeX by itself is not very

user-friendly.

Install tetex if you want to use the TeX text formatting system. If

you are installing tetex, you will also need to install tetex-afm (a

PostScript(TM) font converter for TeX),

tetex-dvips (for converting .dvi files to PostScript format

for printing on PostScript printers), tetex-latex (a higher level

formatting package which provides an easier-to-use interface for TeX),

and tetex-xdvi (for previewing .dvi files in X). Unless you are an

expert at using TeX, you should also install the tetex-doc package,

which includes the documentation for TeX.

The Red Hat tetex package also contains software related to Japanese

support for teTeX such as ptex, what is not a part of teTeX project.

Several flaws were discovered in the way teTeX processes PDF

files. An attacker could construct a carefully crafted PDF

file that could cause poppler to crash or possibly execute

arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned

the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to

these issues.

This package also updates bindings in texdoc and causes the

local texmf tree to be searched first.

- apply additional patch to fix xpdf flaws from Ludwig Nussel

(CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)

- /usr/share/texmf/doc is now owned by tetex package (#177065)

- update searching order for kpathsea (local texmf tree is

searched first)

- don't use obsolete bindings in texdoc

* Mon Dec 19 2005 Jindrich Novy 3.0-8.FC4

- apply more complete fix for CVE-2005-3193 (#175110) suggested by

security response team, taken from xpdf

d5803bb897ac8b307e604d9b5ff872c1ff314565 SRPMS/tetex-3.0-9.FC4.src.rpm

ff74404da788d6b5677d6edf10745564bafd43da ppc/tetex-3.0-9.FC4.ppc.rpm

1ddbc8cb532cb20d101e490bb881621c994d8851 ppc/tetex-latex-3.0-9.FC4.ppc.rpm

c8329a5c0b491f82d37e7b7024b3d4b0cf2553f1 ppc/tetex-xdvi-3.0-9.FC4.ppc.rpm

7387673a1b7a69582e6f0c4b382430f9c71c5eec ppc/tetex-dvips-3.0-9.FC4.ppc.rpm

59b640dee6af739cde5d2f7f8dbebaaabcb4ec28 ppc/tetex-afm-3.0-9.FC4.ppc.rpm

0e4a4804df1cfd756da3be2b93bbdc08548ce3cf ppc/tetex-fonts-3.0-9.FC4.ppc.rpm

846dc3c32e28fc4b1bc703d62f6bf1f1daa26031 ppc/tetex-doc-3.0-9.FC4.ppc.rpm

4d054f78d197154f5de87f7118de6a01dd65230e ppc/debug/tetex-debuginfo-3.0-9.FC4.ppc.rpm

aa56a1fce1d8d1b5213a588612bfbea03d2e18d8 x86_64/tetex-3.0-9.FC4.x86_64.rpm

ccd10c08e3342efd7e0345e3d6bf030574066262 x86_64/tetex-latex-3.0-9.FC4.x86_64.rpm

2abd94209f969ffad4e152d5fa84d9724495886c x86_64/tetex-xdvi-3.0-9.FC4.x86_64.rpm

4a966b11d187f743445bf0a9193eab5e021bcc7b x86_64/tetex-dvips-3.0-9.FC4.x86_64.rpm

9b0b54e67982188e20dcbafdd1c25cc559306345 x86_64/tetex-afm-3.0-9.FC4.x86_64.rpm

81c804112f3f557950f618a4d7d459f6d3683298 x86_64/tetex-fonts-3.0-9.FC4.x86_64.rpm

a3905125347b27476119eb2109f533f868898f00 x86_64/tetex-doc-3.0-9.FC4.x86_64.rpm

8c50c8246b1cd2eb16dc03f9f45ebbcb31470c87 x86_64/debug/tetex-debuginfo-3.0-9.FC4.x86_64.rpm

7afe7adda01e3a4cef49c7ff05975c1a2ebf4d8a i386/tetex-3.0-9.FC4.i386.rpm

de7db2f913951772d3ea106472bc390b3bd6a391 i386/tetex-latex-3.0-9.FC4.i386.rpm

af8d0c5026e4fbd557cc06024af2952025c8ba5b i386/tetex-xdvi-3.0-9.FC4.i386.rpm

3d7837c759ec17ac25a3ba82cc038eb0eab25558 i386/tetex-dvips-3.0-9.FC4.i386.rpm

cb11ce07500fe9f978f8d372358eb4dd664bd03a i386/tetex-afm-3.0-9.FC4.i386.rpm

c483b2892a7b02e22ac96c91e39e24f0fb783a26 i386/tetex-fonts-3.0-9.FC4.i386.rpm

31592fdca8509bc0412293b707eaf02485640b8e i386/tetex-doc-3.0-9.FC4.i386.rpm

d706dba1b43706096b7dcd29c8ef203d72c48731 i386/debug/tetex-debuginfo-3.0-9.FC4.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com