Date:         Fri, 7 May 2010 13:48:16 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: tetex on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: tetex security update
Issue date:	2010-05-06
CVE Names:	CVE-2007-5935 CVE-2009-0146 CVE-2009-0147
                   CVE-2009-0166 CVE-2009-0195 CVE-2009-0791
                   CVE-2009-0799 CVE-2009-0800 CVE-2009-1179
                   CVE-2009-1180 CVE-2009-1181 CVE-2009-1182
                   CVE-2009-1183 CVE-2009-3609 CVE-2010-0739
                   CVE-2010-0827 CVE-2010-1440

A buffer overflow flaw was found in the way teTeX processed virtual font
files when converting DVI files into PostScript. An attacker could 
create a malicious DVI file that would cause the dvips executable to 
crash or, potentially, execute arbitrary code. (CVE-2010-0827)

Multiple integer overflow flaws were found in the way teTeX processed
special commands when converting DVI files into PostScript. An attacker
could create a malicious DVI file that would cause the dvips executable 
to crash or, potentially, execute arbitrary code. (CVE-2010-0739,
CVE-2010-1440)

A stack-based buffer overflow flaw was found in the way teTeX processed 
DVI files containing HyperTeX references with long titles, when 
converting them into PostScript. An attacker could create a malicious 
DVI file that would cause the dvips executable to crash. (CVE-2007-5935)

teTeX embeds a copy of Xpdf, an open source Portable Document Format 
(PDF) file viewer, to allow adding images in PDF format to the generated 
PDF documents. The following issues affect Xpdf code:

Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0147, CVE-2009-1179)

Multiple integer overflow flaws were found in Xpdf. If a local user
generated a PDF file from a TeX document, referencing a 
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0791, CVE-2009-3609)

A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If 
a local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0195)

Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0146, CVE-2009-1182)

Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the
freeing of arbitrary memory. If a local user generated a PDF file from a
TeX document, referencing a specially-crafted PDF file, it would cause
Xpdf to crash or, potentially, execute arbitrary code with the 
privileges of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running pdflatex. (CVE-2009-0800)

Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If 
a local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash. 
(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)


SL 4.x

     SRPMS:
tetex-2.0.2-22.0.1.EL4.16.src.rpm
     i386:
tetex-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-afm-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-doc-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-dvips-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-fonts-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-latex-2.0.2-22.0.1.EL4.16.i386.rpm
tetex-xdvi-2.0.2-22.0.1.EL4.16.i386.rpm
     x86_64:
tetex-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-afm-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-doc-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-dvips-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-fonts-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-latex-2.0.2-22.0.1.EL4.16.x86_64.rpm
tetex-xdvi-2.0.2-22.0.1.EL4.16.x86_64.rpm

-Connie Sieh
-Troy Dawson