MDKSA-2006:113

Package name

tetex

Date

2006-06-27

Advisory ID

MDKSA-2006:113

Affected versions

2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Integer overflows were reported in the GD Graphics Library (libgd)
2.0.28, and possibly other versions. These overflows allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via PNG image files with large image rows values that lead to a
heap-based buffer overflow in the gdImageCreateFromPngCtx() function.
Tetex contains an embedded copy of the GD library code. (CVE-2004-0990)

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers
to cause a denial of service (CPU consumption) via malformed GIF data that
causes an infinite loop. Tetex contains an embedded copy of the GD library
code. (CVE-2006-2906)

Updated packages have been patched to address both issues.

Updated packages

2006.0 i586

 c0cc16cb92ca140fa0cd77ab3082334c  2006.0/RPMS/jadetex-3.12-110.2.20060mdk.i586.rpm
 2a599e06878cfd913ee2460352d18833  2006.0/RPMS/tetex-3.0-12.2.20060mdk.i586.rpm
 80577accadf3ccede359d1c305e3cb62  2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.i586.rpm
 b1e27b6283a17194ef4feead5033b939  2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.i586.rpm
 e735ccd87def0f4a8bf1262aa3d92ca6  2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.i586.rpm
 dbd71f3daf27a1bafba42eb0051f2fab  2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.i586.rpm
 eea80943eaef26d2d0d40d4ef7e183aa  2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.i586.rpm
 05ce22c18eb82c10a6306cbe8d2446fa  2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.i586.rpm
 0d1270c9b9f940d3206aaa1be682b1cf  2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.i586.rpm
 962a78f23d0607544ffa35045b7af955  2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.i586.rpm
 4e823ca61b25f0285c75dc1886947e73  2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.i586.rpm
 44df21439b36aa5e9b60055b4f77936d  2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.i586.rpm
 8eab912c43ee68f35cdd1f9480d5951c  2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.i586.rpm
 6d8ba515e52f4abfd54dd306174462c7  2006.0/RPMS/xmltex-1.9-58.2.20060mdk.i586.rpm
 81d035449228282e7a72419f4b260e7a  2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm

10.2 i586

 5bcf729ccb4caca85d8d2142293b2d77  10.2/RPMS/jadetex-3.12-106.2.102mdk.i586.rpm
 bc31e31b117e2a751da7849907df917c  10.2/RPMS/tetex-3.0-8.2.102mdk.i586.rpm
 0910bcc1bce95b11963262c3b722fc47  10.2/RPMS/tetex-afm-3.0-8.2.102mdk.i586.rpm
 a3eac32b19e1c212c6ec8bf5ba6ca34a  10.2/RPMS/tetex-context-3.0-8.2.102mdk.i586.rpm
 b4a7db5b9c127e2399afdaf478f1141f  10.2/RPMS/tetex-devel-3.0-8.2.102mdk.i586.rpm
 9679b875893e7a5d283802472cf784eb  10.2/RPMS/tetex-doc-3.0-8.2.102mdk.i586.rpm
 3b250dbb1aa85b427f149eeb7b93bee5  10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.i586.rpm
 2af97694741d1589b9d4f4e9e2fff794  10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.i586.rpm
 713efa8fa744a3cb344ec016c7892be3  10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.i586.rpm
 8646db9366788d889c03333975a58fb3  10.2/RPMS/tetex-latex-3.0-8.2.102mdk.i586.rpm
 4b2bb6743bdda9afc4acaa5e9886eaf5  10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.i586.rpm
 b2f6632e88505d5449369f352bd3defe  10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.i586.rpm
 4c6665db413bc2763e671368c594b96d  10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.i586.rpm
 95689eb1cd6a82f24063af60dd6f6427  10.2/RPMS/xmltex-1.9-54.2.102mdk.i586.rpm
 73dffa296703ab7de146d3fbe811ab10  10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

10.2 x86_64

 e67d983720943369fde6b38fadae015a  x86_64/10.2/RPMS/jadetex-3.12-106.2.102mdk.x86_64.rpm
 75416081cfc3cdf6a8ccfe689618cae8  x86_64/10.2/RPMS/tetex-3.0-8.2.102mdk.x86_64.rpm
 81ad797551550873a29f408bd0740ac7  x86_64/10.2/RPMS/tetex-afm-3.0-8.2.102mdk.x86_64.rpm
 37f969186982784662e8ea84acd93713  x86_64/10.2/RPMS/tetex-context-3.0-8.2.102mdk.x86_64.rpm
 d20f39d3ef368502677cb5e137c41831  x86_64/10.2/RPMS/tetex-devel-3.0-8.2.102mdk.x86_64.rpm
 29717e89753a6566846d77c38d0ea661  x86_64/10.2/RPMS/tetex-doc-3.0-8.2.102mdk.x86_64.rpm
 ed84f2352218a281b3e926a00be8503c  x86_64/10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.x86_64.rpm
 09c946780c1bee9c2c66fbc0456d3225  x86_64/10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.x86_64.rpm
 dbd732fc3fbd6b95d4cdf819ce5229a2  x86_64/10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.x86_64.rpm
 b0c55dba84cf1c9be4f3e04d2ce53e41  x86_64/10.2/RPMS/tetex-latex-3.0-8.2.102mdk.x86_64.rpm
 73dcdebb1514d70b2bba997ce3562453  x86_64/10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.x86_64.rpm
 95f4fa468924bd6be520da4dde69d379  x86_64/10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.x86_64.rpm
 54cfa5d726e5b53a2811e601c351b8c9  x86_64/10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.x86_64.rpm
 1ed4d39c162d2153a7741effdedcd7ad  x86_64/10.2/RPMS/xmltex-1.9-54.2.102mdk.x86_64.rpm
 73dffa296703ab7de146d3fbe811ab10  x86_64/10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

2006.0 x86_64

 0466f60289f9ce688130e6d0a508e8bc  x86_64/2006.0/RPMS/jadetex-3.12-110.2.20060mdk.x86_64.rpm
 faf6465bf63a2f6719def5d3fb17ef17  x86_64/2006.0/RPMS/tetex-3.0-12.2.20060mdk.x86_64.rpm
 32f99226647319d5347d19077788bd5b  x86_64/2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.x86_64.rpm
 1d1aaee40dad532423173ccea3849e75  x86_64/2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.x86_64.rpm
 10d68d89752022e5bdf74ff0b07f1884  x86_64/2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.x86_64.rpm
 309c4b8d26fd7b6531b9ab183256191c  x86_64/2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.x86_64.rpm
 1afd5620adaad5e7a43a5f5b08aec37d  x86_64/2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.x86_64.rpm
 db2d9cc973c213cc3abe78bdf919c4bc  x86_64/2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.x86_64.rpm
 e1dffcb652dc8d246d0da1ec6620bd05  x86_64/2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.x86_64.rpm
 e792f17a436aae19883b979f32c08a33  x86_64/2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.x86_64.rpm
 b992bf51cb291e396a4a7f5d75bd2e84  x86_64/2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.x86_64.rpm
 eade7aa0e9665969c8d73bb7909da672  x86_64/2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.x86_64.rpm
 f1e9462e7213c74bcc59c27242b8d03b  x86_64/2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.x86_64.rpm
 4d1ade13bb2ffed71cb2f6d45165a672  x86_64/2006.0/RPMS/xmltex-1.9-58.2.20060mdk.x86_64.rpm
 81d035449228282e7a72419f4b260e7a  x86_64/2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0990