Bugtraqmailing list archives
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
From: Thierry Carrez <koon () gentoo org>
Date: Sun, 23 Jan 2005 13:14:41 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory GLSA 200501-31- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -http://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: teTeX, pTeX, CSTeX: Multiple vulnerabilities Date: January 23, 2005 Bugs: #75801 ID: 200501-31- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allowthe remote execution of arbitrary code. Furthermore, the xdvizillascript is vulnerable to temporary file handling issues.Background==========teTeX is a complete and open source TeX distribution. CSTeX is anotherTeX distribution including Czech and Slovak support. pTeX is anotheralternative that allows Japanese publishing with TeX. xdvizilla is anauxiliary script used to integrate DVI file viewing in Mozilla-basedbrowsers.Affected packages================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/tetex < 2.0.2-r5 >= 2.0.2-r5 2 app-text/cstetex < 2.0.2-r1 >= 2.0.2-r1 3 app-text/ptex < 3.1.4-r2 >= 3.1.4-r2 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. -------------------------------------------------------------------Description===========teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore bevulnerable to the various overflows that were discovered in Xpdf code(CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064).Furthermore, Javier Fernandez-Sanguino Pena discovered that thexdvizilla script does not handle temporary files correctly.Impact======An attacker could design a malicious input file which, when processedusing one of the TeX distributions, could lead to the execution ofarbitrary code. Furthermore, a local attacker could create symboliclinks in the temporary files directory, pointing to a valid filesomewhere on the filesystem. When xdvizilla is called, this wouldresult in the file being overwritten with the rights of the userrunning the script.Workaround==========There is no known workaround at this time.Resolution==========All teTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r5"All CSTeX users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r1"Finally, all pTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.4-r2"References========== [ 1 ] CAN-2004-0888http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 [ 2 ] CAN-2004-0889http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889 [ 3 ] CAN-2004-1125http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 [ 4 ] CAN-2005-0064http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:http://security.gentoo.org/glsa/glsa-200501-31.xmlConcerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity () gentoo org or alternatively, you may file a bug athttp://bugs.gentoo.org.License=======Copyright 2005 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.http://creativecommons.org/licenses/by-sa/2.0
Attachment:signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilitiesThierry Carrez (Jan 25)