SciLinux: CVE-2010-2640 Moderate Evince Security Advisory

Date: Fri, 4 Mar 2011 14:38:05 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: evince on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: evince security update
Issue date:	2011-01-06
CVE Names:	CVE-2010-2640 CVE-2010-2641 CVE-2010-2642
 CVE-2010-2643

An array index error was found in the DeVice Independent (DVI)
renderer's PK and VF font file parsers. A DVI file that references a
specially-crafted font file could, when opened, cause Evince to crash
or, potentially, execute arbitrary code with the privileges of the user
running Evince. (CVE-2010-2640, CVE-2010-2641)

A heap-based buffer overflow flaw was found in the DVI renderer's AFM
font file parser. A DVI file that references a specially-crafted font
file could, when opened, cause Evince to crash or, potentially, execute
arbitrary code with the privileges of the user running Evince.
(CVE-2010-2642)

An integer overflow flaw was found in the DVI renderer's TFM font file
parser. A DVI file that references a specially-crafted font file could,
when opened, cause Evince to crash or, potentially, execute arbitrary
code with the privileges of the user running Evince. (CVE-2010-2643)

Note: The above issues are not exploitable unless an attacker can trick
the user into installing a malicious font file.

SL 6.x

 SRPMS:
evince-2.28.2-14.el6_0.1.src.rpm
 i386:
evince-2.28.2-14.el6_0.1.i686.rpm
evince-devel-2.28.2-14.el6_0.1.i686.rpm
evince-dvi-2.28.2-14.el6_0.1.i686.rpm
evince-libs-2.28.2-14.el6_0.1.i686.rpm
 x86_64:
evince-2.28.2-14.el6_0.1.x86_64.rpm
evince-devel-2.28.2-14.el6_0.1.i686.rpm
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm
evince-libs-2.28.2-14.el6_0.1.i686.rpm
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson