Nom du paquet
tetex
Date
2012-08-28
Advisory ID
MDVSA-2012:144
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in tetex:

The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document
viewer and other products, processed line tokens from the given input
stream. A remote attacker could provide a DVI file, with embedded
specially-crafted font file, and trick the local user to open it with
an application using the AFM font parser, leading to that particular
application crash or, potentially, arbitrary code execution with the
privileges of the user running the application. Different vulnerability
than CVE-2010-2642 (CVE-2011-0433).

t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with
a dereference operation, which allows remote attackers to execute
arbitrary code via a specially crafted Type 1 font in a PDF document
(CVE-2011-0764).

t1lib 5.1.2 and earlier reads from invalid memory locations, which
allows remote attackers to cause a denial of service (application
crash) via a crafted Type 1 font in a PDF document, a different
vulnerability than CVE-2011-0764 (CVE-2011-1552).

Use-after-free vulnerability in t1lib 5.1.2 and earlier allows
remote attackers to cause a denial of service (application crash)
via a PDF document containing a crafted Type 1 font that triggers an
invalid memory write, a different vulnerability than CVE-2011-0764
(CVE-2011-1553).

Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers
to cause a denial of service (application crash) via a PDF document
containing a crafted Type 1 font that triggers an invalid memory
read, integer overflow, and invalid pointer dereference, a different
vulnerability than CVE-2011-0764 (CVE-2011-1554).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 f7f810e4116f27e959f188bb703c5ea1  mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm
 e5bd1bdccaab2c7e2cafec53cacc84d1  mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm
 79ba60000da9d48376d0682f83739d3d  mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm
 2762a01972d571253ec542acc172a93b  mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm
 04d2e75e3725fb22fe734f3e386f140a  mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm
 aa4fda2fc5d73e95e1b884ab82ec06ef  mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm
 188ed09bb211d33436e5c46b33be1a53  mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm
 eed48db7403810ae54eea2bca807f327  mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm
 e67df6f478840570b2faa773da08f376  mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm
 2ae270880967e2497cbc23a515650edf  mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm
 1c4d957b2bb7186866636a4a16248471  mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm
 ce3abdde00968916b2d9fbc84c46899f  mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm
 49c86d874f6d4f63dff0ea033a3769dc  mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm
 35baf4b93edcd30c2850d11691cc31f2  mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm
 69cf64422423d89a69c96bf28c239a5a  mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm 
 afa6531e584b746b4b49ab40be16855a  mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm

MES5 x86_64

 c74b150324e5507584fcf6d0de675540  mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm
 ece2f503c3d2d72784a395bde4d4b55f  mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm
 579a9fd3844da7e5b0ef0745a449d4b7  mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm
 06bc60c5f500374c3f3fe24d674d614a  mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm
 bf8aace57cf58d686bbe3c55fb4141b3  mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm
 ecfe9cd5a4a5e03172d01c44c51fb5b5  mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm
 8ec49ac5b95d4caba4c2964ad60c7102  mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm
 318b50b134c1b78e1fc410f442dcc603  mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm
 9c1594242450e651dbccb0f23d985720  mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm
 442fa550ce7b17d812c8b821ef3ea6d1  mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm
 62aa630345a117725cd2dde5f9e62826  mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm
 8534c04f7ac1d14f0f696629da487450  mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm
 d18f2d629add6518679ca651522e92c4  mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm
 444972fe98ba46addb89212663efdc33  mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm
 037d0d760c6df3402b9742898943b021  mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm 
 afa6531e584b746b4b49ab40be16855a  mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm

References