MDKSA-2007:164

Package name

tetex

Date

2007-08-14

Advisory ID

MDKSA-2007:164

Affected versions

2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2007.1 x86_64

Problem description

Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause tetex to crash and possibly
execute arbitrary code open a user opening the file.

In addition, tetex contains an embedded copy of the GD library which
suffers from a number of bugs which potentially lead to denial of
service and possibly other issues.

Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)

Updated packages have been patched to prevent these issues.

Updated packages

2007.0 x86_64

 3ba044a5b0cbd36b27fa8ebd60d51e8d  2007.0/x86_64/jadetex-3.12-116.4mdv2007.0.x86_64.rpm
 94b050b17693804a81e68107b37aade8  2007.0/x86_64/tetex-3.0-18.4mdv2007.0.x86_64.rpm
 dca2d262c4345720681e776de7aaf3b5  2007.0/x86_64/tetex-afm-3.0-18.4mdv2007.0.x86_64.rpm
 6387c4e3923b174732ea42e1c1961f31  2007.0/x86_64/tetex-context-3.0-18.4mdv2007.0.x86_64.rpm
 9e31f83c40c6bf2bd0528fd8debc7da0  2007.0/x86_64/tetex-devel-3.0-18.4mdv2007.0.x86_64.rpm
 b61e81383f6becccb285e0e9e3c04fc8  2007.0/x86_64/tetex-doc-3.0-18.4mdv2007.0.x86_64.rpm
 ff32dc4e3ee6c9ce2e7160e0e2e8d000  2007.0/x86_64/tetex-dvilj-3.0-18.4mdv2007.0.x86_64.rpm
 d4bf450a8fc9da8d97cb03a5fd895e5d  2007.0/x86_64/tetex-dvipdfm-3.0-18.4mdv2007.0.x86_64.rpm
 9bb0bb329efda5960b7c43cab4bb60a8  2007.0/x86_64/tetex-dvips-3.0-18.4mdv2007.0.x86_64.rpm
 a6e2b2af59a022db1ccc897d78fd3df1  2007.0/x86_64/tetex-latex-3.0-18.4mdv2007.0.x86_64.rpm
 6fdee1957e97c37034bafd9546071553  2007.0/x86_64/tetex-mfwin-3.0-18.4mdv2007.0.x86_64.rpm
 a10d83249b768f676eabcbdc8d1def85  2007.0/x86_64/tetex-texi2html-3.0-18.4mdv2007.0.x86_64.rpm
 71907f30dc7beb72245329e3df4f3d13  2007.0/x86_64/tetex-xdvi-3.0-18.4mdv2007.0.x86_64.rpm
 824f5631d126e96851540ce059f378a6  2007.0/x86_64/xmltex-1.9-64.4mdv2007.0.x86_64.rpm 
 63549bc50b3b654e72be1947d1b3d79b  2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm

2007.1 i586

 81f9fad03bffde4848b2684b0beaf1be  2007.1/i586/jadetex-3.12-129.3mdv2007.1.i586.rpm
 240f0698cc266be75607780ca95f7df9  2007.1/i586/tetex-3.0-31.3mdv2007.1.i586.rpm
 adaa2d6fa7128e0c1ef125c5b2a27bd1  2007.1/i586/tetex-afm-3.0-31.3mdv2007.1.i586.rpm
 143aa48143998f5ffd5877fb348c06c3  2007.1/i586/tetex-context-3.0-31.3mdv2007.1.i586.rpm
 3a3b1e82a1fb3e2260eeac49bd038d44  2007.1/i586/tetex-devel-3.0-31.3mdv2007.1.i586.rpm
 98781fd21fae15a9d190387bb7c894fa  2007.1/i586/tetex-doc-3.0-31.3mdv2007.1.i586.rpm
 162cc4138d291f34e17589dcbaf47e02  2007.1/i586/tetex-dvilj-3.0-31.3mdv2007.1.i586.rpm
 c290665965a32365750302b66998cf9c  2007.1/i586/tetex-dvipdfm-3.0-31.3mdv2007.1.i586.rpm
 521a43054786848837cadf65d7373adb  2007.1/i586/tetex-dvips-3.0-31.3mdv2007.1.i586.rpm
 db59616b644d2d040bf20bba50b98a52  2007.1/i586/tetex-latex-3.0-31.3mdv2007.1.i586.rpm
 42b078d4e8b5ecfa43cecd105cfd9973  2007.1/i586/tetex-mfwin-3.0-31.3mdv2007.1.i586.rpm
 d80a680507279c769af4eac68342779e  2007.1/i586/tetex-texi2html-3.0-31.3mdv2007.1.i586.rpm
 6ad4a6a5df7c31302c0d8f0294b441fe  2007.1/i586/tetex-usrlocal-3.0-31.3mdv2007.1.i586.rpm
 a636c345e691cfcad8bb057aa724ca32  2007.1/i586/tetex-xdvi-3.0-31.3mdv2007.1.i586.rpm
 81cb470114d43d4ba480c7ef38ad8f9b  2007.1/i586/xmltex-1.9-77.3mdv2007.1.i586.rpm 
 1fe7e7ec1366f1c03208b9acf2c6e4dc  2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm

2007.0 i586

 fb959e3f6f872b50954fa8da4fe3c419  2007.0/i586/jadetex-3.12-116.4mdv2007.0.i586.rpm
 02e7b28c729ec9f57d5268daedee85e7  2007.0/i586/tetex-3.0-18.4mdv2007.0.i586.rpm
 8b89557fbac6f6b37f78f2a2aee16569  2007.0/i586/tetex-afm-3.0-18.4mdv2007.0.i586.rpm
 f5169a380ec30b11a69b37c38e81555f  2007.0/i586/tetex-context-3.0-18.4mdv2007.0.i586.rpm
 f4dbfde981fd4658044222bc159ecd41  2007.0/i586/tetex-devel-3.0-18.4mdv2007.0.i586.rpm
 e0f85c8410194f78ba2aea95e4f9483b  2007.0/i586/tetex-doc-3.0-18.4mdv2007.0.i586.rpm
 9753cb8ba53e41a19bdd46bd21d149e0  2007.0/i586/tetex-dvilj-3.0-18.4mdv2007.0.i586.rpm
 bf28b703c43dea8ddedd6b3dd31d6d4d  2007.0/i586/tetex-dvipdfm-3.0-18.4mdv2007.0.i586.rpm
 456feadedb60e9b8f0fa653a4b8c242c  2007.0/i586/tetex-dvips-3.0-18.4mdv2007.0.i586.rpm
 596d3a551105ed4ae7504069d97ea15b  2007.0/i586/tetex-latex-3.0-18.4mdv2007.0.i586.rpm
 0fa6f2279adff2c0e49e021342684962  2007.0/i586/tetex-mfwin-3.0-18.4mdv2007.0.i586.rpm
 4dfbc03ccff172c0031f3b66f49f2e67  2007.0/i586/tetex-texi2html-3.0-18.4mdv2007.0.i586.rpm
 3fe94235dcf1d60559c5e22dcb661135  2007.0/i586/tetex-xdvi-3.0-18.4mdv2007.0.i586.rpm
 50face08da8982afdcaa653c46d23893  2007.0/i586/xmltex-1.9-64.4mdv2007.0.i586.rpm 
 63549bc50b3b654e72be1947d1b3d79b  2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm

CS4.0 i586

 ded203c11a86b123fb65dccf7ebefe7b  corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm
 02ca90145d6b09cdd92bc9906a9dfa41  corporate/4.0/i586/tetex-3.0-12.6.20060mlcs4.i586.rpm
 9af4a0c59bf34cb69ec03feeecc10b51  corporate/4.0/i586/tetex-afm-3.0-12.6.20060mlcs4.i586.rpm
 c4a7cdb06beb70e2652fee997cd5acd1  corporate/4.0/i586/tetex-context-3.0-12.6.20060mlcs4.i586.rpm
 4d4e89d588e0ec5a1a30659b194e53a7  corporate/4.0/i586/tetex-devel-3.0-12.6.20060mlcs4.i586.rpm
 7ae26e309360bdfdb9c5c503b0d4edf9  corporate/4.0/i586/tetex-doc-3.0-12.6.20060mlcs4.i586.rpm
 302004f96913e500079054ecb03adda9  corporate/4.0/i586/tetex-dvilj-3.0-12.6.20060mlcs4.i586.rpm
 00cd5bce374228d46b18d5b2210639f9  corporate/4.0/i586/tetex-dvipdfm-3.0-12.6.20060mlcs4.i586.rpm
 f216bf18966462b172832a6f8a27fd78  corporate/4.0/i586/tetex-dvips-3.0-12.6.20060mlcs4.i586.rpm
 f1b3b6fcb547e477570f1311fa7367a0  corporate/4.0/i586/tetex-latex-3.0-12.6.20060mlcs4.i586.rpm
 86eb52c3286302e3343928a7bdeb9548  corporate/4.0/i586/tetex-mfwin-3.0-12.6.20060mlcs4.i586.rpm
 a769eab0038bac03e47a72b634f79e19  corporate/4.0/i586/tetex-texi2html-3.0-12.6.20060mlcs4.i586.rpm
 fd8530a3177047b3dd9ad9f5c1116020  corporate/4.0/i586/tetex-xdvi-3.0-12.6.20060mlcs4.i586.rpm
 7d647f0f6d3db2a9a0f3b6be1fcb672c  corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm 
 8118fdc39814ac5d79b8763a5eaeee61  corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm

CS4.0 x86_64

 03656d00a3a0ab1847acb665ef68d947  corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm
 df2818955a171b5e682b2e481ea456f0  corporate/4.0/x86_64/tetex-3.0-12.6.20060mlcs4.x86_64.rpm
 b33cd2edda19f78a7fc67d5fff165b0a  corporate/4.0/x86_64/tetex-afm-3.0-12.6.20060mlcs4.x86_64.rpm
 7d5818ed21c76ed6ea5db364fb4e9693  corporate/4.0/x86_64/tetex-context-3.0-12.6.20060mlcs4.x86_64.rpm
 58f46f75a1d4df827911727ebacbc352  corporate/4.0/x86_64/tetex-devel-3.0-12.6.20060mlcs4.x86_64.rpm
 edc968cfaa147eb6c0a44d367945cdee  corporate/4.0/x86_64/tetex-doc-3.0-12.6.20060mlcs4.x86_64.rpm
 cbb35ba57e6b7e4ff5e1f7746a556dba  corporate/4.0/x86_64/tetex-dvilj-3.0-12.6.20060mlcs4.x86_64.rpm
 64037dfd41b52942db831d5d1db263ae  corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.6.20060mlcs4.x86_64.rpm
 521ac94898d0dd328a72b41a897cac77  corporate/4.0/x86_64/tetex-dvips-3.0-12.6.20060mlcs4.x86_64.rpm
 7b08d2c8978a0d020d8bd29478e9300c  corporate/4.0/x86_64/tetex-latex-3.0-12.6.20060mlcs4.x86_64.rpm
 2c8045b7090444ae36576040d4106399  corporate/4.0/x86_64/tetex-mfwin-3.0-12.6.20060mlcs4.x86_64.rpm
 3124bf387e243377003b3bf21d34b6b9  corporate/4.0/x86_64/tetex-texi2html-3.0-12.6.20060mlcs4.x86_64.rpm
 88ea09f36b9281e64061a2ca25d10719  corporate/4.0/x86_64/tetex-xdvi-3.0-12.6.20060mlcs4.x86_64.rpm
 e34498cb80e93ccd2b592ff8a722b985  corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm 
 8118fdc39814ac5d79b8763a5eaeee61  corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm

2007.1 x86_64

 931bdcfab39b511372c0fe1667cdec9b  2007.1/x86_64/jadetex-3.12-129.3mdv2007.1.x86_64.rpm
 be2917b026909b9fe2d6f54425f0ae01  2007.1/x86_64/tetex-3.0-31.3mdv2007.1.x86_64.rpm
 3927b9a088b3dbbb035ab504724224fa  2007.1/x86_64/tetex-afm-3.0-31.3mdv2007.1.x86_64.rpm
 5e0dc9457f6e864bfd097e52540ca691  2007.1/x86_64/tetex-context-3.0-31.3mdv2007.1.x86_64.rpm
 c360e8b3bb98ee7f7467028038e97e1a  2007.1/x86_64/tetex-devel-3.0-31.3mdv2007.1.x86_64.rpm
 d48d985a35aa93c17c45349c28c0b243  2007.1/x86_64/tetex-doc-3.0-31.3mdv2007.1.x86_64.rpm
 eb67ec1e91e422ecfa36f1cbbac8971a  2007.1/x86_64/tetex-dvilj-3.0-31.3mdv2007.1.x86_64.rpm
 851858c723458b732e522a3c0e61369c  2007.1/x86_64/tetex-dvipdfm-3.0-31.3mdv2007.1.x86_64.rpm
 a0eda317da29934a5633f42b177a530f  2007.1/x86_64/tetex-dvips-3.0-31.3mdv2007.1.x86_64.rpm
 753c701f03329627fb9e39753981e843  2007.1/x86_64/tetex-latex-3.0-31.3mdv2007.1.x86_64.rpm
 d994a4854aba90786bbd9a4ec3c12019  2007.1/x86_64/tetex-mfwin-3.0-31.3mdv2007.1.x86_64.rpm
 e655586388e11bf71063402efc3a7753  2007.1/x86_64/tetex-texi2html-3.0-31.3mdv2007.1.x86_64.rpm
 9d5f65b626bd71949a07e6c7431817e0  2007.1/x86_64/tetex-usrlocal-3.0-31.3mdv2007.1.x86_64.rpm
 55315fd53192e1d99eee611c658d803e  2007.1/x86_64/tetex-xdvi-3.0-31.3mdv2007.1.x86_64.rpm
 64af62bd89fcac2a4ffad45a8eae77d6  2007.1/x86_64/xmltex-1.9-77.3mdv2007.1.x86_64.rpm 
 1fe7e7ec1366f1c03208b9acf2c6e4dc  2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478