Advisories

Mandriva Advisories

Package name	tetex
Date	January 25th, 2005
Advisory ID	MDKSA-2005:021
Affected versions	10.0, 10.1, CS3.0
Synopsis	Updated tetex packages fix buffer overflow vulnerability

Problem Description

A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user
viewing a PDF file. The vulnerability exists due to insufficient bounds
checking while processing a PDF file that provides malicious values in
the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the
same vulnerability.

The updated packages have been patched to prevent these problems.

Updated Packages

Mandrakelinux 10.0

 40d6aebb8d91f7b04d502c13c0c7988d  10.0/RPMS/jadetex-3.12-93.2.100mdk.i586.rpm
41f2fa1c103e0f52d928082df6092702  10.0/RPMS/tetex-2.0.2-14.2.100mdk.i586.rpm
af3e3902dbb7b92bd17d75266ab19f55  10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.i586.rpm
f5c0808347d158d73c538e33bb16f4eb  10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.i586.rpm
b241d5b5d6642c208c55b25d139ea3db  10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.i586.rpm
ea189c41518751ec76c34892d51fe6fa  10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.i586.rpm
f7c4338ad2fa1577a61f3c9e6d171e78  10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.i586.rpm
2ab382ddc6314e39697703d41287bb85  10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.i586.rpm
0f271b4912b99e8f78b756e28b79e3b7  10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.i586.rpm
e9537b9c894f25be502dd30f8cbb9093  10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.i586.rpm
457cf9e27e637f2af71b3f318bced378  10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.i586.rpm
d589c6473932773c2dae23507b6f8da3  10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.i586.rpm
519f7e12dd92391036eae21474b1f7ea  10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.i586.rpm
7b9f14eefca1f88d17177b326377ae48  10.0/RPMS/xmltex-1.9-41.2.100mdk.i586.rpm
6c10db8e7c4b28f137e925830e0209be  10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 3baa5126a4177a234774aff259885dee  amd64/10.0/RPMS/jadetex-3.12-93.2.100mdk.amd64.rpm
8e7f1561dee9f3c7c340c3a0bce0748a  amd64/10.0/RPMS/tetex-2.0.2-14.2.100mdk.amd64.rpm
df30facae4620505899124645b3c8d4e  amd64/10.0/RPMS/tetex-afm-2.0.2-14.2.100mdk.amd64.rpm
f12bb795148163d2bb95d004d4362337  amd64/10.0/RPMS/tetex-context-2.0.2-14.2.100mdk.amd64.rpm
61cdcd9359db5ff35f6544e4d5275798  amd64/10.0/RPMS/tetex-devel-2.0.2-14.2.100mdk.amd64.rpm
d211b65dd282fd9bf4fe96bf5b179c20  amd64/10.0/RPMS/tetex-doc-2.0.2-14.2.100mdk.amd64.rpm
8e80407a7cd67d10b5530397e0c84825  amd64/10.0/RPMS/tetex-dvilj-2.0.2-14.2.100mdk.amd64.rpm
f380ff2dc335c076d83ec4c7a04296ae  amd64/10.0/RPMS/tetex-dvipdfm-2.0.2-14.2.100mdk.amd64.rpm
725702ea717f0aee358a3f6f8215b44f  amd64/10.0/RPMS/tetex-dvips-2.0.2-14.2.100mdk.amd64.rpm
7823c3937b223d32ca4564d3f89783cc  amd64/10.0/RPMS/tetex-latex-2.0.2-14.2.100mdk.amd64.rpm
9f2b8571f6aae75f01f5550453a663bd  amd64/10.0/RPMS/tetex-mfwin-2.0.2-14.2.100mdk.amd64.rpm
e4e2f03a4175dc115b61835a7d46e730  amd64/10.0/RPMS/tetex-texi2html-2.0.2-14.2.100mdk.amd64.rpm
bf6544e25d3b3814332fed95f503318a  amd64/10.0/RPMS/tetex-xdvi-2.0.2-14.2.100mdk.amd64.rpm
e30a3d2c064ac446c630e082e632b4ff  amd64/10.0/RPMS/xmltex-1.9-41.2.100mdk.amd64.rpm
6c10db8e7c4b28f137e925830e0209be  amd64/10.0/SRPMS/tetex-2.0.2-14.2.100mdk.src.rpm

Mandrakelinux 10.1

 eca5fcbe65ed5c3797e06ed9ff1a7f13  10.1/RPMS/jadetex-3.12-98.2.101mdk.i586.rpm
c77f7180326a753e16b32432802a54d4  10.1/RPMS/tetex-2.0.2-19.2.101mdk.i586.rpm
2b911077426596c3fdc2d0f0b001e3d9  10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.i586.rpm
7fc9384f549a69836ceb0a313231cd2f  10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.i586.rpm
ab251e5f024fa5f68418d0ec93ac69c1  10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.i586.rpm
1178eba7e1977da9f2030c8988d952b9  10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.i586.rpm
532aed1e7b7b86d06e920ce7607878f3  10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.i586.rpm
839b4a857a67530927ff53e3ae8d86dc  10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.i586.rpm
9beb5ef910f48934f5502c2dc98213bc  10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.i586.rpm
18cbe96e3029686d99e88b236572a62b  10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.i586.rpm
12ed83277f18fa2bb01335f3e0b010c4  10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.i586.rpm
7a8027ae68b579e471b368c46f3c32ed  10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.i586.rpm
2d37ee84d4f0cde89e4886de9df078b9  10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.i586.rpm
85e3c674ccc6902c03cbc282ed4aa66e  10.1/RPMS/xmltex-1.9-46.2.101mdk.i586.rpm
dde980ea4d7c444ef0d522984fd87633  10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 a62b9a7e1371a93b530985284198e7dd  x86_64/10.1/RPMS/jadetex-3.12-98.2.101mdk.x86_64.rpm
64c7cf3a6a022fa496055553405a7c34  x86_64/10.1/RPMS/tetex-2.0.2-19.2.101mdk.x86_64.rpm
6085e92f336de0eda7e285d00a075286  x86_64/10.1/RPMS/tetex-afm-2.0.2-19.2.101mdk.x86_64.rpm
d64f00f92cdda49926df9b834b3ba325  x86_64/10.1/RPMS/tetex-context-2.0.2-19.2.101mdk.x86_64.rpm
c28cec8afde1d2f08fe6c43eb3a27811  x86_64/10.1/RPMS/tetex-devel-2.0.2-19.2.101mdk.x86_64.rpm
568739e6b166790afbf3de9624a2b8f2  x86_64/10.1/RPMS/tetex-doc-2.0.2-19.2.101mdk.x86_64.rpm
7f8b83210a2694d10b4066190cb34a0e  x86_64/10.1/RPMS/tetex-dvilj-2.0.2-19.2.101mdk.x86_64.rpm
1ac663acf2c915376a9ce8fd2626a3e1  x86_64/10.1/RPMS/tetex-dvipdfm-2.0.2-19.2.101mdk.x86_64.rpm
32cb8f7149cf6f886b50fbbc5a9e4377  x86_64/10.1/RPMS/tetex-dvips-2.0.2-19.2.101mdk.x86_64.rpm
528ec8126e736bd3a21b72ff2d147a20  x86_64/10.1/RPMS/tetex-latex-2.0.2-19.2.101mdk.x86_64.rpm
10ebdf7f419cc91c7ab10552e5003e9d  x86_64/10.1/RPMS/tetex-mfwin-2.0.2-19.2.101mdk.x86_64.rpm
b13e174640ea86a7da131625812f1003  x86_64/10.1/RPMS/tetex-texi2html-2.0.2-19.2.101mdk.x86_64.rpm
c79803217976d09397864afea0206965  x86_64/10.1/RPMS/tetex-xdvi-2.0.2-19.2.101mdk.x86_64.rpm
adb9f1d3b3bca4d4880578abb39dde1d  x86_64/10.1/RPMS/xmltex-1.9-46.2.101mdk.x86_64.rpm
dde980ea4d7c444ef0d522984fd87633  x86_64/10.1/SRPMS/tetex-2.0.2-19.2.101mdk.src.rpm

Corporate Server 3.0

 9c2b33053456652155f02b6d03195f15  corporate/3.0/RPMS/jadetex-3.12-93.2.C30mdk.i586.rpm
31297608c24b9a17ad09da551b502f62  corporate/3.0/RPMS/tetex-2.0.2-14.2.C30mdk.i586.rpm
5194001eb838de6d57b4117fc4022bb6  corporate/3.0/RPMS/tetex-afm-2.0.2-14.2.C30mdk.i586.rpm
1384feb89e678fcb1d453a3b58ff2398  corporate/3.0/RPMS/tetex-context-2.0.2-14.2.C30mdk.i586.rpm
9dd1376bed60d332d73678b419974fbb  corporate/3.0/RPMS/tetex-devel-2.0.2-14.2.C30mdk.i586.rpm
44040f05b2e7102bbd1a380f664a5467  corporate/3.0/RPMS/tetex-doc-2.0.2-14.2.C30mdk.i586.rpm
a12fcd0d1d32333f3b35db8ed26f700c  corporate/3.0/RPMS/tetex-dvilj-2.0.2-14.2.C30mdk.i586.rpm
be5e8c23a2ae789add263c27f5436ee0  corporate/3.0/RPMS/tetex-dvipdfm-2.0.2-14.2.C30mdk.i586.rpm
c860bf20a37e24e3d033b30dec262d47  corporate/3.0/RPMS/tetex-dvips-2.0.2-14.2.C30mdk.i586.rpm
3998ef51524aac72b036a6125b4914a2  corporate/3.0/RPMS/tetex-latex-2.0.2-14.2.C30mdk.i586.rpm
95d5aa79cfcc4b86f0fe675587f0886e  corporate/3.0/RPMS/tetex-mfwin-2.0.2-14.2.C30mdk.i586.rpm
15649bafe0fe99d73a3ea76c42de20f3  corporate/3.0/RPMS/tetex-texi2html-2.0.2-14.2.C30mdk.i586.rpm
4316a252663322c106375779825cc04f  corporate/3.0/RPMS/tetex-xdvi-2.0.2-14.2.C30mdk.i586.rpm
472b4f90c8c97796a90c8c9f602dbe93  corporate/3.0/RPMS/xmltex-1.9-41.2.C30mdk.i586.rpm
25a861bbcc9bd9b119b022d95b3fa8d0  corporate/3.0/SRPMS/tetex-2.0.2-14.2.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer