User: Password:
|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2005:026-01 (tetex)

From:  bugzilla@redhat.com
To:  enterprise-watch-list@redhat.com
Subject:  [RHSA-2005:026-01] Moderate: tetex security update
Date:  Wed, 16 Mar 2005 10:25 -0500

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2005:026-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-026.html Issue date: 2005-03-16 Updated on: 2005-03-16 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0064 CAN-2004-1125 - --------------------------------------------------------------------- 1. Summary: Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144257 - CAN-2004-1125 xpdf buffer overflow 145055 - CAN-2005-0064 xpdf buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tetex... 0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm i386: 4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm 2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm 596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm 023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm 3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm 5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm 36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm ia64: 67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm 5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm 2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm 185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm ppc: b3526bdd4ac4b2645e050eb46b120fef tetex-2.0.2-22.EL4.4.ppc.rpm 4bd4a2d136c614fd12184fa6f975f03d tetex-afm-2.0.2-22.EL4.4.ppc.rpm 324623ce7f83bc85498b3468431f4a34 tetex-doc-2.0.2-22.EL4.4.ppc.rpm 3e6630554d2e6d9d24a3775d53ef05db tetex-dvips-2.0.2-22.EL4.4.ppc.rpm d1524075b8381a43811c37b68a7cadd8 tetex-fonts-2.0.2-22.EL4.4.ppc.rpm df820f28dffdbcd721bb90d002d268c9 tetex-latex-2.0.2-22.EL4.4.ppc.rpm a411d97f10aafe2f1c24f938b0de1b80 tetex-xdvi-2.0.2-22.EL4.4.ppc.rpm s390: 67d1731c40c382b68e6b2e41b459a276 tetex-2.0.2-22.EL4.4.s390.rpm 0e70a1b95bf3057e3cb46f1cd7f96655 tetex-afm-2.0.2-22.EL4.4.s390.rpm d88d319fc363565364316b8c7e34b11f tetex-doc-2.0.2-22.EL4.4.s390.rpm e87976edf77da5d891edec54a2e01dc5 tetex-dvips-2.0.2-22.EL4.4.s390.rpm 7fd9246af62e280513c5cd1a74d960c9 tetex-fonts-2.0.2-22.EL4.4.s390.rpm fce2bd0bd18b996467356235f171e160 tetex-latex-2.0.2-22.EL4.4.s390.rpm d1c6d90df13c9dd8a703a536704a0043 tetex-xdvi-2.0.2-22.EL4.4.s390.rpm s390x: 9efc79c6bb7cfb79afca130230d1df96 tetex-2.0.2-22.EL4.4.s390x.rpm 5e7f852d9d335e553f87ba1f22c84528 tetex-afm-2.0.2-22.EL4.4.s390x.rpm 041948d9d1ab97bb52fc3900feed81eb tetex-doc-2.0.2-22.EL4.4.s390x.rpm a86ef414af5736820b9c2d0692ce6c5b tetex-dvips-2.0.2-22.EL4.4.s390x.rpm 08cfa664c6bbcdc537f869f6f421effe tetex-fonts-2.0.2-22.EL4.4.s390x.rpm d1d15249a5dbe61f48a2ea30fc317597 tetex-latex-2.0.2-22.EL4.4.s390x.rpm c25be003bd1cfccbdf9c0f1f06e19573 tetex-xdvi-2.0.2-22.EL4.4.s390x.rpm x86_64: d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm 5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm 8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm 31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm 211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm 1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/... 0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm i386: 4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm 2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm 596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm 023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm 3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm 5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm 36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm x86_64: d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm 5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm 8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm 31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm 211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm 1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tetex... 0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm i386: 4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm 2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm 596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm 023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm 3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm 5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm 36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm ia64: 67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm 5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm 2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm 185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm x86_64: d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm 5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm 8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm 31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm 211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm 1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tetex... 0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm i386: 4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm 2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm 596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm 023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm 3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm 5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm 36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm ia64: 67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm 5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm 2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm 185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm x86_64: d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm 5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm 8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm 31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm 211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm 1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCOE/wXlSAg2UNWIIRAvdnAKCibUeWo7jUUsjoOnKjY/cnuk9W8gCeNPvu BYAIAW1uNOW6r7unyKudPJI= =sObz -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds