RedHat: Moderate: tetex security update

    Date16 Mar 2005
    CategoryRed Hat
    5821
    Posted ByJoe Shakespeare
    Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: tetex security update
    Advisory ID:       RHSA-2005:026-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-026.html
    Issue date:        2005-03-16
    Updated on:        2005-03-16
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2005-0064 CAN-2004-1125
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated tetex packages that resolve security issues are now available for Red
    Hat Enterprise Linux 4.
    
    This update has been rated as having moderate security impact by the Red Hat
    Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
    Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
    
    3. Problem description:
    
    The tetex packages (teTeX) contain an implementation of TeX for Linux or
    UNIX systems. 
    
    A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which
    also affects teTeX due to a shared codebase. An attacker could construct a
    carefully crafted PDF file that could cause teTeX to crash or possibly
    execute arbitrary code when opened. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to
    this issue.
    
    A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
    Xpdf which also affects teTeX due to a shared codebase. An attacker could
    construct a carefully crafted PDF file that could cause teTeX to crash or
    possibly execute arbitrary code when opened. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to
    this issue.
    
    Users should update to these erratum packages which contain backported
    patches to correct these issues.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    144257 - CAN-2004-1125 xpdf buffer overflow
    145055 - CAN-2005-0064 xpdf buffer overflow
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
    0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm
    
    i386:
    4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
    2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
    596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
    023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
    3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
    5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
    36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
    
    ia64:
    67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
    5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
    fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
    b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
    2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
    185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
    cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
    
    ppc:
    b3526bdd4ac4b2645e050eb46b120fef  tetex-2.0.2-22.EL4.4.ppc.rpm
    4bd4a2d136c614fd12184fa6f975f03d  tetex-afm-2.0.2-22.EL4.4.ppc.rpm
    324623ce7f83bc85498b3468431f4a34  tetex-doc-2.0.2-22.EL4.4.ppc.rpm
    3e6630554d2e6d9d24a3775d53ef05db  tetex-dvips-2.0.2-22.EL4.4.ppc.rpm
    d1524075b8381a43811c37b68a7cadd8  tetex-fonts-2.0.2-22.EL4.4.ppc.rpm
    df820f28dffdbcd721bb90d002d268c9  tetex-latex-2.0.2-22.EL4.4.ppc.rpm
    a411d97f10aafe2f1c24f938b0de1b80  tetex-xdvi-2.0.2-22.EL4.4.ppc.rpm
    
    s390:
    67d1731c40c382b68e6b2e41b459a276  tetex-2.0.2-22.EL4.4.s390.rpm
    0e70a1b95bf3057e3cb46f1cd7f96655  tetex-afm-2.0.2-22.EL4.4.s390.rpm
    d88d319fc363565364316b8c7e34b11f  tetex-doc-2.0.2-22.EL4.4.s390.rpm
    e87976edf77da5d891edec54a2e01dc5  tetex-dvips-2.0.2-22.EL4.4.s390.rpm
    7fd9246af62e280513c5cd1a74d960c9  tetex-fonts-2.0.2-22.EL4.4.s390.rpm
    fce2bd0bd18b996467356235f171e160  tetex-latex-2.0.2-22.EL4.4.s390.rpm
    d1c6d90df13c9dd8a703a536704a0043  tetex-xdvi-2.0.2-22.EL4.4.s390.rpm
    
    s390x:
    9efc79c6bb7cfb79afca130230d1df96  tetex-2.0.2-22.EL4.4.s390x.rpm
    5e7f852d9d335e553f87ba1f22c84528  tetex-afm-2.0.2-22.EL4.4.s390x.rpm
    041948d9d1ab97bb52fc3900feed81eb  tetex-doc-2.0.2-22.EL4.4.s390x.rpm
    a86ef414af5736820b9c2d0692ce6c5b  tetex-dvips-2.0.2-22.EL4.4.s390x.rpm
    08cfa664c6bbcdc537f869f6f421effe  tetex-fonts-2.0.2-22.EL4.4.s390x.rpm
    d1d15249a5dbe61f48a2ea30fc317597  tetex-latex-2.0.2-22.EL4.4.s390x.rpm
    c25be003bd1cfccbdf9c0f1f06e19573  tetex-xdvi-2.0.2-22.EL4.4.s390x.rpm
    
    x86_64:
    d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
    5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
    8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
    31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
    211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
    ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
    1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
    0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm
    
    i386:
    4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
    2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
    596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
    023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
    3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
    5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
    36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
    
    x86_64:
    d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
    5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
    8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
    31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
    211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
    ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
    1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
    0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm
    
    i386:
    4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
    2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
    596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
    023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
    3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
    5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
    36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
    
    ia64:
    67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
    5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
    fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
    b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
    2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
    185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
    cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
    
    x86_64:
    d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
    5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
    8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
    31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
    211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
    ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
    1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
    0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm
    
    i386:
    4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
    2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
    596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
    023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
    3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
    5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
    36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
    
    ia64:
    67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
    5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
    fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
    b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
    2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
    185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
    cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
    
    x86_64:
    d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
    5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
    8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
    31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
    211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
    ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
    1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.