MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]
Subject: MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability
Message-Id: <E1CtfBl-0008HD-Vh@updates.mandrakesoft.com.>
Date: Tue, 25 Jan 2005 21:53:57 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: tetex
Advisory ID: MDKSA-2005:021
Date: January 25th, 2005
Affected versions: 10.0, 10.1, Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user
viewing a PDF file. The vulnerability exists due to insufficient bounds
checking while processing a PDF file that provides malicious values in
the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the
same vulnerability.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
40d6aebb8d91f7b04d502c13c0c7988d 10.0/RPMS/jadetex-3.12-93.2.100mdk.i586.rpm
41f2fa1c103e0f52d928082df6092702 10.0/RPMS/tetex-2.0.2-14.2.100mdk.i586.rpm
af3e3902dbb7b92bd17d75266ab19f55 10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.i586.rpm
f5c0808347d158d73c538e33bb16f4eb 10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.i586.rpm
b241d5b5d6642c208c55b25d139ea3db 10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.i586.rpm
ea189c41518751ec76c34892d51fe6fa 10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.i586.rpm
f7c4338ad2fa1577a61f3c9e6d171e78 10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.i586.rpm
2ab382ddc6314e39697703d41287bb85 10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.i586.rpm
0f271b4912b99e8f78b756e28b79e3b7 10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.i586.rpm
e9537b9c894f25be502dd30f8cbb9093 10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.i586.rpm
457cf9e27e637f2af71b3f318bced378 10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.i586.rpm
d589c6473932773c2dae23507b6f8da3 10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.i586.rpm
519f7e12dd92391036eae21474b1f7ea 10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.i586.rpm
7b9f14eefca1f88d17177b326377ae48 10.0/RPMS/xmltex-1.9-41.2.100mdk.i586.rpm
6c10db8e7c4b28f137e925830e0209be 10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
3baa5126a4177a234774aff259885dee amd64/10.0/RPMS/jadetex-3.12-93.2.100mdk.amd64.rpm
8e7f1561dee9f3c7c340c3a0bce0748a amd64/10.0/RPMS/tetex-2.0.2-14.2.100mdk.amd64.rpm
df30facae4620505899124645b3c8d4e amd64/10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.amd64.rpm
f12bb795148163d2bb95d004d4362337 amd64/10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.amd64.rpm
61cdcd9359db5ff35f6544e4d5275798 amd64/10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.amd64.rpm
d211b65dd282fd9bf4fe96bf5b179c20 amd64/10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.amd64.rpm
8e80407a7cd67d10b5530397e0c84825 amd64/10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.amd64.rpm
f380ff2dc335c076d83ec4c7a04296ae amd64/10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.amd64.rpm
725702ea717f0aee358a3f6f8215b44f amd64/10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.amd64.rpm
7823c3937b223d32ca4564d3f89783cc amd64/10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.amd64.rpm
9f2b8571f6aae75f01f5550453a663bd amd64/10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.amd64.rpm
e4e2f03a4175dc115b61835a7d46e730 amd64/10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.amd64.rpm
bf6544e25d3b3814332fed95f503318a amd64/10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.amd64.rpm
e30a3d2c064ac446c630e082e632b4ff amd64/10.0/RPMS/xmltex-1.9-41.2.100mdk.amd64.rpm
6c10db8e7c4b28f137e925830e0209be amd64/10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm
Mandrakelinux 10.1:
eca5fcbe65ed5c3797e06ed9ff1a7f13 10.1/RPMS/jadetex-3.12-98.2.101mdk.i586.rpm
c77f7180326a753e16b32432802a54d4 10.1/RPMS/tetex-2.0.2-19.2.101mdk.i586.rpm
2b911077426596c3fdc2d0f0b001e3d9 10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.i586.rpm
7fc9384f549a69836ceb0a313231cd2f 10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.i586.rpm
ab251e5f024fa5f68418d0ec93ac69c1 10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.i586.rpm
1178eba7e1977da9f2030c8988d952b9 10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.i586.rpm
532aed1e7b7b86d06e920ce7607878f3 10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.i586.rpm
839b4a857a67530927ff53e3ae8d86dc 10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.i586.rpm
9beb5ef910f48934f5502c2dc98213bc 10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.i586.rpm
18cbe96e3029686d99e88b236572a62b 10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.i586.rpm
12ed83277f18fa2bb01335f3e0b010c4 10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.i586.rpm
7a8027ae68b579e471b368c46f3c32ed 10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.i586.rpm
2d37ee84d4f0cde89e4886de9df078b9 10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.i586.rpm
85e3c674ccc6902c03cbc282ed4aa66e 10.1/RPMS/xmltex-1.9-46.2.101mdk.i586.rpm
dde980ea4d7c444ef0d522984fd87633 10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
a62b9a7e1371a93b530985284198e7dd x86_64/10.1/RPMS/jadetex-3.12-98.2.101mdk.x86_64.rpm
64c7cf3a6a022fa496055553405a7c34 x86_64/10.1/RPMS/tetex-2.0.2-19.2.101mdk.x86_64.rpm
6085e92f336de0eda7e285d00a075286 x86_64/10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.x86_64.rpm
d64f00f92cdda49926df9b834b3ba325 x86_64/10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.x86_64.rpm
c28cec8afde1d2f08fe6c43eb3a27811 x86_64/10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.x86_64.rpm
568739e6b166790afbf3de9624a2b8f2 x86_64/10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.x86_64.rpm
7f8b83210a2694d10b4066190cb34a0e x86_64/10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.x86_64.rpm
1ac663acf2c915376a9ce8fd2626a3e1 x86_64/10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.x86_64.rpm
32cb8f7149cf6f886b50fbbc5a9e4377 x86_64/10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.x86_64.rpm
528ec8126e736bd3a21b72ff2d147a20 x86_64/10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.x86_64.rpm
10ebdf7f419cc91c7ab10552e5003e9d x86_64/10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.x86_64.rpm
b13e174640ea86a7da131625812f1003 x86_64/10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.x86_64.rpm
c79803217976d09397864afea0206965 x86_64/10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.x86_64.rpm
adb9f1d3b3bca4d4880578abb39dde1d x86_64/10.1/RPMS/xmltex-1.9-46.2.101mdk.x86_64.rpm
dde980ea4d7c444ef0d522984fd87633 x86_64/10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm
Corporate Server 3.0:
9c2b33053456652155f02b6d03195f15 corporate/3.0/RPMS/jadetex-3.12-93.2.C30mdk.i586.rpm
31297608c24b9a17ad09da551b502f62 corporate/3.0/RPMS/tetex-2.0.2-14.2.C30mdk.i586.rpm
5194001eb838de6d57b4117fc4022bb6 corporate/3.0/RPMS/tetex-afm-2.0.2-14.2.C30mdk.i586.rpm
1384feb89e678fcb1d453a3b58ff2398 corporate/3.0/RPMS/tetex-context-2.0.2-14.2.C30mdk.i586.rpm
9dd1376bed60d332d73678b419974fbb corporate/3.0/RPMS/tetex-devel-2.0.2-14.2.C30mdk.i586.rpm
44040f05b2e7102bbd1a380f664a5467 corporate/3.0/RPMS/tetex-doc-2.0.2-14.2.C30mdk.i586.rpm
a12fcd0d1d32333f3b35db8ed26f700c corporate/3.0/RPMS/tetex-dvilj-2.0.2-14.2.C30mdk.i586.rpm
be5e8c23a2ae789add263c27f5436ee0 corporate/3.0/RPMS/tetex-dvipdfm-2.0.2-14.2.C30mdk.i586.rpm
c860bf20a37e24e3d033b30dec262d47 corporate/3.0/RPMS/tetex-dvips-2.0.2-14.2.C30mdk.i586.rpm
3998ef51524aac72b036a6125b4914a2 corporate/3.0/RPMS/tetex-latex-2.0.2-14.2.C30mdk.i586.rpm
95d5aa79cfcc4b86f0fe675587f0886e corporate/3.0/RPMS/tetex-mfwin-2.0.2-14.2.C30mdk.i586.rpm
15649bafe0fe99d73a3ea76c42de20f3 corporate/3.0/RPMS/tetex-texi2html-2.0.2-14.2.C30mdk.i586.rpm
4316a252663322c106375779825cc04f corporate/3.0/RPMS/tetex-xdvi-2.0.2-14.2.C30mdk.i586.rpm
472b4f90c8c97796a90c8c9f602dbe93 corporate/3.0/RPMS/xmltex-1.9-41.2.C30mdk.i586.rpm
25a861bbcc9bd9b119b022d95b3fa8d0 corporate/3.0/SRPMS/tetex-2.0.2-14.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB9yJlmqjQ0CJFipgRAmRZAJ4oCt3Cp46pUGDlVwNdFLBWlsxZfACgg7RO
IhOLTHvlWob/LZZOjxJo/j4=
=XJ1V
-----END PGP SIGNATURE-----