RedHat: Moderate: tetex security update

    Date01 Apr 2005
    CategoryRed Hat
    4733
    Posted ByJoe Shakespeare
    Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: tetex security update
    Advisory ID:       RHSA-2005:354-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-354.html
    Issue date:        2005-04-01
    Updated on:        2005-04-01
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0888 CAN-2004-1125
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated tetex packages that fix several integer overflows are now available.
    
    This update has been rated as having moderate security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
    Red Hat Linux Advanced Workstation 2.1 - ia64
    Red Hat Enterprise Linux ES version 2.1 - i386
    Red Hat Enterprise Linux WS version 2.1 - i386
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    
    3. Problem description:
    
    TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
    a text file and a set of formatting commands as input and creates a
    typesetter-independent .dvi (DeVice Independent) file as output.
    
    A number of security flaws have been found affecting libraries used
    internally within teTeX.  An attacker who has the ability to trick a user
    into processing a malicious file with teTeX could cause teTeX to crash or
    possibly execute arbitrary code. 
    
    A number of integer overflow bugs that affect Xpdf were discovered. The
    teTeX package contains a copy of the Xpdf code used for parsing PDF files
    and is therefore affected by these bugs. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the names CAN-2004-0888 and
    CAN-2004-1125 to these issues.
    
    A number of integer overflow bugs that affect libtiff were discovered.  The
    teTeX package contains an internal copy of libtiff used for parsing TIFF
    image files and is therefore affected by these bugs.  The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    names CAN-2004-0803, CAN-2004-0804 and CAN-2004-0886 to these issues.
    
    Also latex2html is added to package tetex-latex for 64bit platforms.
    
    Users of teTeX should upgrade to these updated packages, which contain
    backported patches and are not vulnerable to these issues.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    137475 - CAN-2004-0888 xpdf integer overflows
    137607 - CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
    137973 - tetex-latex package missing latex2html
    145129 - CAN-2004-1125 xpdf buffer overflow
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
    efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm
    
    i386:
    87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
    99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
    774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
    6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
    21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
    b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
    93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
    4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm
    
    ia64:
    65fa9f50ff34d83f16d930f4be8fd09f  tetex-1.0.7-38.5E.8.ia64.rpm
    32cab33699c3928e2c743538b02fb568  tetex-afm-1.0.7-38.5E.8.ia64.rpm
    d2530b745bca8e100b10c351b07db66e  tetex-doc-1.0.7-38.5E.8.ia64.rpm
    088cf8bde9281498821c578418ba2c7b  tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
    759261d6cb19e58d5ccd84aa4b8ff77f  tetex-dvips-1.0.7-38.5E.8.ia64.rpm
    aa145c8fc8f88176ca9958b1d25969c7  tetex-fonts-1.0.7-38.5E.8.ia64.rpm
    59dd10dbea7a5761f0708faf38924b4d  tetex-latex-1.0.7-38.5E.8.ia64.rpm
    146fa129f82b229b3736de8646c88bba  tetex-xdvi-1.0.7-38.5E.8.ia64.rpm
    
    Red Hat Linux Advanced Workstation 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
    efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm
    
    ia64:
    65fa9f50ff34d83f16d930f4be8fd09f  tetex-1.0.7-38.5E.8.ia64.rpm
    32cab33699c3928e2c743538b02fb568  tetex-afm-1.0.7-38.5E.8.ia64.rpm
    d2530b745bca8e100b10c351b07db66e  tetex-doc-1.0.7-38.5E.8.ia64.rpm
    088cf8bde9281498821c578418ba2c7b  tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
    759261d6cb19e58d5ccd84aa4b8ff77f  tetex-dvips-1.0.7-38.5E.8.ia64.rpm
    aa145c8fc8f88176ca9958b1d25969c7  tetex-fonts-1.0.7-38.5E.8.ia64.rpm
    59dd10dbea7a5761f0708faf38924b4d  tetex-latex-1.0.7-38.5E.8.ia64.rpm
    146fa129f82b229b3736de8646c88bba  tetex-xdvi-1.0.7-38.5E.8.ia64.rpm
    
    Red Hat Enterprise Linux ES version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
    efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm
    
    i386:
    87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
    99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
    774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
    6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
    21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
    b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
    93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
    4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm
    
    Red Hat Enterprise Linux WS version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
    efdc50c77f165e2f8983817fc547a972  tetex-1.0.7-38.5E.8.src.rpm
    
    i386:
    87812010eb54719fa75946a9f422028f  tetex-1.0.7-38.5E.8.i386.rpm
    99979e8cb09dbc5f656c03b048f07a4a  tetex-afm-1.0.7-38.5E.8.i386.rpm
    774cb4e1b460beccd4f68e4d50253c6b  tetex-doc-1.0.7-38.5E.8.i386.rpm
    6d1f1ebf300610c4a91d45bde42ca564  tetex-dvilj-1.0.7-38.5E.8.i386.rpm
    21726aabfaaadd6d35fb3b35bf9542f3  tetex-dvips-1.0.7-38.5E.8.i386.rpm
    b5197b336e0d80217cf1b6a7578f60d5  tetex-fonts-1.0.7-38.5E.8.i386.rpm
    93da69b331bc13c0092eed64184a213f  tetex-latex-1.0.7-38.5E.8.i386.rpm
    4abe6bf82b846b69a5278374f549243d  tetex-xdvi-1.0.7-38.5E.8.i386.rpm
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
    854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm
    
    i386:
    c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
    805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
    1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
    2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
    deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
    0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm
    
    ia64:
    3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
    4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
    8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
    f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
    3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
    e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm
    
    ppc:
    6840b4b9525d995f6a8d0cff49ad342d  tetex-1.0.7-67.7.ppc.rpm
    686b36322cced7700b251cb799a149d9  tetex-afm-1.0.7-67.7.ppc.rpm
    4864ff1dfb6fe6b0c487051272e598be  tetex-dvips-1.0.7-67.7.ppc.rpm
    f49ebe65c04f7a6ef1758fe4bae993ed  tetex-fonts-1.0.7-67.7.ppc.rpm
    1ea30cb22124b4293d92ebf171b18372  tetex-latex-1.0.7-67.7.ppc.rpm
    e4d2624d104cfcae449e86939df8f100  tetex-xdvi-1.0.7-67.7.ppc.rpm
    
    s390:
    06c6b4779930bb803b591af8f82014b7  tetex-1.0.7-67.7.s390.rpm
    0cc859f1c101b0283cac22c8fa1f7029  tetex-afm-1.0.7-67.7.s390.rpm
    82f0c5d4edc43b5592ee31580d3d2598  tetex-dvips-1.0.7-67.7.s390.rpm
    5e24afa95c0c81b3f37ef9d58272a556  tetex-fonts-1.0.7-67.7.s390.rpm
    3606c37243a599ed81b9193a9f7e2315  tetex-latex-1.0.7-67.7.s390.rpm
    422d88e7e25fd240b2c58ec8f3454043  tetex-xdvi-1.0.7-67.7.s390.rpm
    
    s390x:
    fc0447b2810a6c4b88d3846b55eef1f7  tetex-1.0.7-67.7.s390x.rpm
    01834580509ce3faa5f9ec40a50d9437  tetex-afm-1.0.7-67.7.s390x.rpm
    8be653ea8a54e38df44405727b97221d  tetex-dvips-1.0.7-67.7.s390x.rpm
    2d9b29929e9e1e93e4b3054be00b109e  tetex-fonts-1.0.7-67.7.s390x.rpm
    9c693a28ad4f210e4a80faebe2610256  tetex-latex-1.0.7-67.7.s390x.rpm
    54323c111589e10d0d19f62a45ae9e19  tetex-xdvi-1.0.7-67.7.s390x.rpm
    
    x86_64:
    f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
    4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
    ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
    5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
    d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
    20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
    854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm
    
    i386:
    c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
    805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
    1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
    2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
    deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
    0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm
    
    x86_64:
    f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
    4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
    ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
    5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
    d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
    20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
    854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm
    
    i386:
    c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
    805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
    1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
    2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
    deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
    0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm
    
    ia64:
    3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
    4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
    8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
    f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
    3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
    e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm
    
    x86_64:
    f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
    4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
    ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
    5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
    d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
    20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
    854d764fdb5f6e46643ecbf99e6e731d  tetex-1.0.7-67.7.src.rpm
    
    i386:
    c6585335e6d36db0949c1735d63b147b  tetex-1.0.7-67.7.i386.rpm
    805f8b3bd65b991f37d592cb4bf6f3fe  tetex-afm-1.0.7-67.7.i386.rpm
    1aa30f4a4d8453a25b71a3d49b1a5123  tetex-dvips-1.0.7-67.7.i386.rpm
    2ba001752f221c3f66da9dd57b9482e8  tetex-fonts-1.0.7-67.7.i386.rpm
    deab3926c5684a456421593440b5402d  tetex-latex-1.0.7-67.7.i386.rpm
    0cb399b58499b90c1b821c5d2c5de310  tetex-xdvi-1.0.7-67.7.i386.rpm
    
    ia64:
    3bfec159ab70183f6ec3cf6da7adbbf6  tetex-1.0.7-67.7.ia64.rpm
    4e1e12be30d26c8e9da3f2ccd94f6b83  tetex-afm-1.0.7-67.7.ia64.rpm
    8678f4ff52a508079c8c5d52073b0db3  tetex-dvips-1.0.7-67.7.ia64.rpm
    f2e647528bce1e99699ce688e780b3a6  tetex-fonts-1.0.7-67.7.ia64.rpm
    3648e058c29ff1f2ed8b465aa6c761b1  tetex-latex-1.0.7-67.7.ia64.rpm
    e647055161692a9e8e9e0086443024be  tetex-xdvi-1.0.7-67.7.ia64.rpm
    
    x86_64:
    f92595d5f66bc756925d8b7d4c3ce21e  tetex-1.0.7-67.7.x86_64.rpm
    4e422593568d8571c85e55e0ac863f78  tetex-afm-1.0.7-67.7.x86_64.rpm
    ff48c2cac6f376a8de35153d66584385  tetex-dvips-1.0.7-67.7.x86_64.rpm
    5f5920b9b756fe6fdde41a93765d948b  tetex-fonts-1.0.7-67.7.x86_64.rpm
    d5b5e98e220faf0c9a8c427ee9001f08  tetex-latex-1.0.7-67.7.x86_64.rpm
    20fced0afb71e52bcdba17c96754daf4  tetex-xdvi-1.0.7-67.7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.