Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Sat Mar 04, 2006 5:26 pm    Post subject: [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in Reply with quote

Gentoo Linux Security Advisory

Title: teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code (GLSA 200603-02)
Severity: normal
Exploitable: remote
Date: March 04, 2006
Bug(s): #115775
ID: 200603-02

Synopsis


CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.


Background


teTex is a complete TeX distribution. It is used for creating and
manipulating LaTeX documents. CSTeX is a TeX distribution with Czech
and Slovak support. pTeX is and ASCII publishing TeX distribution.


Affected Packages

Package: app-text/tetex
Vulnerable: < 2.0.2-r8
Unaffected: >= 2.0.2-r8
Architectures: All supported architectures

Package: app-text/cstetex
Vulnerable: < 2.0.2-r2
Unaffected: >= 2.0.2-r2
Architectures: All supported architectures

Package: app-text/ptex
Vulnerable: < 3.1.5-r1
Unaffected: >= 3.1.5-r1
Architectures: All supported architectures


Description


CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This
XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as
well as several buffer and integer overflows discovered by Chris Evans
(CESA-2005-003).


Impact


An attacker could entice a user to open a specially crafted PDF
file with teTeX, pTeX or CSTeX, potentially resulting in the execution
of arbitrary code with the rights of the user running the affected
application.


Workaround


There is no known workaround at this time.


Resolution


All teTex users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8"

All CSTeX users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2"

All pTeX users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1"


References

CVE-2005-3193
GLSA 200512-08
CESA-2005-003


Last edited by GLSA on Mon Jun 10, 2013 4:22 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum