Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Sun Nov 25, 2007 11:26 pm    Post subject: [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: CSTeX: Multiple vulnerabilities (GLSA 200711-34)
Severity: normal
Exploitable: remote
Date: November 25, 2007
Bug(s): #196673
ID: 200711-34

Synopsis


Multiple vulnerabilities were discovered in CSTeX, possibly allowing to
execute arbitrary code or overwrite arbitrary files.


Background


CSTeX is a TeX distribution with Czech and Slovak support. It is used
for creating and manipulating LaTeX documents.


Affected Packages

Package: app-text/cstetex
Vulnerable: < 2.0.2-r2
Architectures: All supported architectures


Description


Multiple issues were found in the teTeX 2 codebase that CSTeX builds
upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable
code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
GLSA 200711-22) and from T1Lib (GLSA 200710-12).


Impact


Remote attackers could possibly execute arbitrary code and local
attackers could possibly overwrite arbitrary files with the privileges
of the user running CSTeX via multiple vectors.


Workaround


There is no known workaround at this time.


Resolution


CSTeX is not maintained upstream, so the package was masked in Portage.
We recommend that users unmerge CSTeX:
Code:
# emerge --unmerge app-text/cstetex

As an alternative, users should upgrade their systems to use teTeX or
TeX Live with its Babel packages.


References

GLSA 200708-05
GLSA 200709-12
GLSA 200709-17
GLSA 200710-12
GLSA 200711-22
GLSA 200711-26


Last edited by GLSA on Mon Jun 10, 2013 4:26 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum