The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-554-1] teTeX and TeX Live vulnerabilities


<< Previous INDEX Search src / Print Next >>
Date: Thu, 06 Dec 2007 16:04:59 -0500
From: Jamie Strandboge <jamie@ubuntu.com.>
To: [email protected]
Subject: [USN-554-1] teTeX and TeX Live vulnerabilities
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Ubuntu Security Notice USN-554-1 December 06, 2007 tetex-bin, texlive-bin vulnerabilities CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tetex-bin 3.0-13ubuntu6.1 Ubuntu 6.10: tetex-bin 3.0-17ubuntu2.1 Ubuntu 7.04: tetex-bin 3.0-27ubuntu1.2 Ubuntu 7.10: texlive-extra-utils 2007-12ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. (CVE-2007-5935) Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2007-5936) Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program. (CVE-2007-5937) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.diff.gz Size/MD5: 147737 15f1e02a156c82616483c5fe33e3c995 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1.dsc Size/MD5: 1059 48e1181f4ed2d925f5aa735cf4416ee4 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_amd64.deb Size/MD5: 77196 7b98a751a64e10eaaacce4e590be2c8b http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_amd64.deb Size/MD5: 79390 60d5ba566b62b1f1779d3ad25d1c3dea http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_amd64.deb Size/MD5: 3979524 0216c41db9188dc0b125674dfb5d474c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_i386.deb Size/MD5: 68732 dca7cca4022cb7ef79a5309f1c893093 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_i386.deb Size/MD5: 75128 a01b92fc05dffaf6556eec1a1519b715 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_i386.deb Size/MD5: 3392422 e8236dfa44c5e4cc5e0d3c356e79b0d3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_powerpc.deb Size/MD5: 79680 55487a575962d99d0d19d62f5a0c68db http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_powerpc.deb Size/MD5: 80726 c91244b5b53a2003fdd3fec310122a17 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_powerpc.deb Size/MD5: 3953686 e74ba9f82bab3938432d82e06d7d4dd6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4-dev_3.0-13ubuntu6.1_sparc.deb Size/MD5: 75092 bae8d0d0d7c5f3cf0c01e1c51be52f65 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-13ubuntu6.1_sparc.deb Size/MD5: 79094 6b98e992e86c4f1857f8e586aafcd7e3 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-13ubuntu6.1_sparc.deb Size/MD5: 3748932 dda472ccbd1d1f21719cd4332fbdf17b Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.diff.gz Size/MD5: 157517 fd0668b0eecf41d4bf853b68a8eccab5 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1.dsc Size/MD5: 1060 196ac952be9eeb717881c0cce6317515 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_amd64.deb Size/MD5: 76670 195cd45ef787676c67478f0c9123c4fb http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_amd64.deb Size/MD5: 82082 216d7441389fc81c04a3a32b3aca7382 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_amd64.deb Size/MD5: 3993822 e973cb6b2a80d4288e3c98c3731e5c72 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_i386.deb Size/MD5: 69712 ddac9890683113ab4b30eb418d6e7710 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_i386.deb Size/MD5: 79544 d2c47945e852a15c5ba069e32dacee76 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_i386.deb Size/MD5: 3494526 ea3fa09fcd8a12f8b62292c61e8aa8a1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_powerpc.deb Size/MD5: 79316 f499e40bb3376265be7e71c27cf4e30c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_powerpc.deb Size/MD5: 84116 bf5ffbda8b4b67483987c239615e915e http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_powerpc.deb Size/MD5: 4007152 94193a6d53b68c763663fa3d158c1091 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-17ubuntu2.1_sparc.deb Size/MD5: 74786 5761f3dbf0f8ca9b18753c48c82bd691 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-17ubuntu2.1_sparc.deb Size/MD5: 82372 221e0ded51d0bb8532d5c06b51d14454 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-17ubuntu2.1_sparc.deb Size/MD5: 3800582 3b8e579f76d06105a2173364bc1ea1d7 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.diff.gz Size/MD5: 131834 93b2abbb0c3646605f3bb6a276904e84 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2.dsc Size/MD5: 1128 2429c56b9eabda4d30599679b44c25bd http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0.orig.tar.gz Size/MD5: 12749314 944a4641e79e61043fdaf8f38ecbb4b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_amd64.deb Size/MD5: 76608 84056c0827e0686e320be77737a0bef1 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_amd64.deb Size/MD5: 84996 d01f5347200b625d2ad7bf6e5e539528 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_amd64.deb Size/MD5: 3990158 cb8e215c4f30a268cc38c60e338a50ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_i386.deb Size/MD5: 69632 652d23489b76a6f3b0936ddf18d5308f http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_i386.deb Size/MD5: 82264 8fcdbf48f34868afdc08d46b2bc6711c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_i386.deb Size/MD5: 3485146 6c39db7f25db863598208894a05c4892 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_powerpc.deb Size/MD5: 79228 1945f38f7db760104ff8b852a5f93509 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_powerpc.deb Size/MD5: 90224 8c991716a40e9f26ab83529fbb76a06c http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_powerpc.deb Size/MD5: 4063232 2a81799b4ad3103e213715e2907de96f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea-dev_3.0-27ubuntu1.2_sparc.deb Size/MD5: 74718 95d884e8da7d6fc155e544b117b0f826 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/libkpathsea4_3.0-27ubuntu1.2_sparc.deb Size/MD5: 85058 4320f70459c40e203fbedd1fe2c29cb3 http://security.ubuntu.com/ubuntu/pool/main/t/tetex-bin/tetex-bin_3.0-27ubuntu1.2_sparc.deb Size/MD5: 3807886 43c98a06faac03ac3cf79c17fb1bb64f Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.diff.gz Size/MD5: 162600 5544cae80eb695f0c059c3da73d743d7 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007-12ubuntu3.1.dsc Size/MD5: 1254 5f43e5047453d6cf46bbdcfb2a8ff2e3 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.orig.tar.gz Size/MD5: 70676090 11427cda2c5612464e5459b2c7d2b5b6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_amd64.deb Size/MD5: 154306 ae009cb67fdac523d847b62567d42522 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_amd64.deb Size/MD5: 112268 2adc2fa74f2cad535ab26603aff616ef http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_amd64.deb Size/MD5: 11214748 d47427dbfd84ed25e5a58684ab0ee8e6 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_amd64.deb Size/MD5: 645450 3f1f86b95849ea405159c38b1b2ae453 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_amd64.deb Size/MD5: 993532 ee5c597d7d869f5f87c08a9766dc523a http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_amd64.deb Size/MD5: 6699340 45cacd76bae75a2c6199de286bcf0c08 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_amd64.deb Size/MD5: 7444434 17a21db43482aa75ede49f999320e9f6 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_amd64.deb Size/MD5: 1711754 5317c83235b9dd6026ffc529618c6c4e http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_amd64.deb Size/MD5: 2784296 7d7e75a17e254d6f58455b60abce0bfc http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_amd64.deb Size/MD5: 6463618 cf7bf5dcd5bf2b96e441924942f9d350 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_i386.deb Size/MD5: 146586 cde25bc084da07938c645dfed2ba2101 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_i386.deb Size/MD5: 109396 9da1a52ea26394a479bcd19aaebc9d1c http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_i386.deb Size/MD5: 10951142 f17262084f77eb186fcece72d0092203 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_i386.deb Size/MD5: 569516 75deffbcd015bf93f96806c7f4b6252e http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_i386.deb Size/MD5: 958890 401a622b6dec696b25dcb969a539fd7f http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_i386.deb Size/MD5: 6697822 2ae6f7dda0c29176d4cd3b257c19ba9a http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_i386.deb Size/MD5: 7407550 d87ba707a86968f712783d78e3402e39 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_i386.deb Size/MD5: 1711742 c42d3176594477cee2dc60b3401339aa http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_i386.deb Size/MD5: 2665088 bc29392d66594c013bba695131bfba7b http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_i386.deb Size/MD5: 6374640 9fff76a65961ba321d794ac4a3ace849 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_powerpc.deb Size/MD5: 156868 2115d2e1e24202d8c5e6d22960af39cf http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_powerpc.deb Size/MD5: 117166 debacefa4e02bb885d47a4550c271137 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_powerpc.deb Size/MD5: 11230932 2540d73675a0cd411c51155c194a85c6 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_powerpc.deb Size/MD5: 693270 d543b6d627af4d7891329149c9078fc6 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_powerpc.deb Size/MD5: 1013252 ddd508d8cffff0e72afc8e2ca7280939 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_powerpc.deb Size/MD5: 6700794 8c7911cd2d293c66ba25d7b3419d153e http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_powerpc.deb Size/MD5: 7448714 67ae7b80bcac72f74f37fe27e4b78e91 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_powerpc.deb Size/MD5: 1711748 b2b5169ee98cdd85d6e99bfe742305b6 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_powerpc.deb Size/MD5: 2772356 18496c1a4fcd9d31fcad71b27136e7f8 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_powerpc.deb Size/MD5: 6574188 51a0790f07eb68f75deef671925b37e1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007-12ubuntu3.1_sparc.deb Size/MD5: 152220 26550988b56e6a990038fa5b2d4ddc45 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007-12ubuntu3.1_sparc.deb Size/MD5: 112258 68bf9ca38fbbf1e10c76e32a74efdffb http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007-12ubuntu3.1_sparc.deb Size/MD5: 11099194 e658ebf5061ffd1916ef43ee45079e50 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007-12ubuntu3.1_sparc.deb Size/MD5: 619234 d0f0b17894071ff02512bd539081056f http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007-12ubuntu3.1_sparc.deb Size/MD5: 984878 6d025fdb386b04e2cfb54ce1a720d3bf http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007-12ubuntu3.1_sparc.deb Size/MD5: 6699896 d0e7b35c0936177ae4024e7f1279df01 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007-12ubuntu3.1_sparc.deb Size/MD5: 7427240 5f222ef3c58af9f815956dc38f399ae0 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007-12ubuntu3.1_sparc.deb Size/MD5: 1711768 8a4bde0a23927d024048a917ba3c4ba8 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007-12ubuntu3.1_sparc.deb Size/MD5: 2739616 83e1b296a0f0fb404a203b51af7fa383 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007-12ubuntu3.1_sparc.deb Size/MD5: 6471436 b4d454e369af3ac81806c16f114601f5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHWGP7W0JvuRdL8BoRAiSbAJ41pEfko0y1T2p+ADBhUQ1w85YMhQCfcY7Z z6XKpOKzypFwg/ZvCCeOufM= =mIHf -----END PGP SIGNATURE-----

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру