View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Mar 04, 2006 5:26 pm Post subject: [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in |
|
|
Gentoo Linux Security Advisory
Title: teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code (GLSA 200603-02)
Severity: normal
Exploitable: remote
Date: March 04, 2006
Bug(s): #115775
ID: 200603-02
Synopsis
CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.
Background
teTex is a complete TeX distribution. It is used for creating and
manipulating LaTeX documents. CSTeX is a TeX distribution with Czech
and Slovak support. pTeX is and ASCII publishing TeX distribution.
Affected Packages
Package: app-text/tetex
Vulnerable: < 2.0.2-r8
Unaffected: >= 2.0.2-r8
Architectures: All supported architectures
Package: app-text/cstetex
Vulnerable: < 2.0.2-r2
Unaffected: >= 2.0.2-r2
Architectures: All supported architectures
Package: app-text/ptex
Vulnerable: < 3.1.5-r1
Unaffected: >= 3.1.5-r1
Architectures: All supported architectures
Description
CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This
XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as
well as several buffer and integer overflows discovered by Chris Evans
(CESA-2005-003).
Impact
An attacker could entice a user to open a specially crafted PDF
file with teTeX, pTeX or CSTeX, potentially resulting in the execution
of arbitrary code with the rights of the user running the affected
application.
Workaround
There is no known workaround at this time.
Resolution
All teTex users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8" |
All CSTeX users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2" |
All pTeX users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1" |
References
CVE-2005-3193
GLSA 200512-08
CESA-2005-003
Last edited by GLSA on Mon Jun 10, 2013 4:22 am; edited 2 times in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|