Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Enterprise Linux 5 RHSA-2010:0400-01 Moderate: teTeX Buffer Flaws

red hat
Calendar Grey June 5, 2010
Dist Redhat Esm H88
Timely security patch for Debian texlive packages rectifying various vulnerabilities to improve overall system protection and reliability.
Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output.
Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440)
Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829)
teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code:
Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0147, CVE-2009-1179)
Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609)
A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0195)
Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0146, CVE-2009-1182)
Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)
Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0800)
Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia Research, and Chris Rohlf, for responsibly reporting the Xpdf flaws.
All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Topics%20covered

Topics Covered

security advisory security update buffer overflow Red Hat Enterprise Linux moderate severity integer overflow teTeX

References

https://access.redhat.com/security/cve/CVE-2009-0146 https://access.redhat.com/security/cve/CVE-2009-0147 https://access.redhat.com/security/cve/CVE-2009-0166 https://access.redhat.com/security/cve/CVE-2009-0195 https://access.redhat.com/security/cve/CVE-2009-0791 https://access.redhat.com/security/cve/CVE-2009-0799 https://access.redhat.com/security/cve/CVE-2009-0800 https://access.redhat.com/security/cve/CVE-2009-1179 https://access.redhat.com/security/cve/CVE-2009-1180 https://access.redhat.com/security/cve/CVE-2009-1181 https://access.redhat.com/security/cve/CVE-2009-1182 https://access.redhat.com/security/cve/CVE-2009-1183 https://access.redhat.com/security/cve/CVE-2009-3608 https://access.redhat.com/security/cve/CVE-2009-3609 https://access.redhat.com/security/cve/CVE-2010-0739 https://access.redhat.com/security/cve/CVE-2010-0829 https://access.redhat.com/security/cve/CVE-2010-1440 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: tetex-3.0-33.8.el5_5.5.i386.rpm tetex-afm-3.0-33.8.el5_5.5.i386.rpm tetex-debuginfo-3.0-33.8.el5_5.5.i386.rpm tetex-doc-3.0-33.8.el5_5.5.i386.rpm tetex-dvips-3.0-33.8.el5_5.5.i386.rpm tetex-fonts-3.0-33.8.el5_5.5.i386.rpm tetex-latex-3.0-33.8.el5_5.5.i386.rpm tetex-xdvi-3.0-33.8.el5_5.5.i386.rpm
x86_64: tetex-3.0-33.8.el5_5.5.x86_64.rpm tetex-afm-3.0-33.8.el5_5.5.x86_64.rpm tetex-debuginfo-3.0-33.8.el5_5.5.x86_64.rpm tetex-doc-3.0-33.8.el5_5.5.x86_64.rpm tetex-dvips-3.0-33.8.el5_5.5.x86_64.rpm tetex-fonts-3.0-33.8.el5_5.5.x86_64.rpm tetex-latex-3.0-33.8.el5_5.5.x86_64.rpm tetex-xdvi-3.0-33.8.el5_5.5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: tetex-3.0-33.8.el5_5.5.i386.rpm tetex-afm-3.0-33.8.el5_5.5.i386.rpm tetex-debuginfo-3.0-33.8.el5_5.5.i386.rpm tetex-doc-3.0-33.8.el5_5.5.i386.rpm tetex-dvips-3.0-33.8.el5_5.5.i386.rpm tetex-fonts-3.0-33.8.el5_5.5.i386.rpm tetex-latex-3.0-33.8.el5_5.5.i386.rpm tetex-xdvi-3.0-33.8.el5_5.5.i386.rpm
ia64: tetex-3.0-33.8.el5_5.5.ia64.rpm tetex-afm-3.0-33.8.el5_5.5.ia64.rpm tetex-debuginfo-3.0-33.8.el5_5.5.ia64.rpm tetex-doc-3.0-33.8.el5_5.5.ia64.rpm tetex-dvips-3.0-33.8.el5_5.5.ia64.rpm tetex-fonts-3.0-33.8.el5_5.5.ia64.rpm

Read the Full Advisory


Advisory ID: RHSA-2010:0400-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2010:0400.html
Issue date: 2010-05-06

Topic

Updated tetex packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory security update buffer overflow Red Hat Enterprise Linux moderate severity integer overflow teTeX

Relevant Releases Architectures

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Bugs Fixed

490612 - CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)

490614 - CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder

490625 - CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder

491840 - CVE-2009-0791 xpdf: multiple integer overflows

495886 - CVE-2009-0799 PDF JBIG2 decoder OOB read

495887 - CVE-2009-0800 PDF JBIG2 multiple input validation flaws

495889 - CVE-2009-1179 PDF JBIG2 integer overflow

495892 - CVE-2009-1180 PDF JBIG2 invalid free()

495894 - CVE-2009-1181 PDF JBIG2 NULL dereference

495896 - CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows

495899 - CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS

526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)

526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow

572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands

573999 - CVE-2010-0829 tetex, dvipng: Multiple array index errors during DVI-to-PNG translation

586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here