__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN TeTeX Security Update [Red Hat RHSA-2007:1027-6] November 9, 2007 18:00 GMT Number S-046 [REVISED 14 Nov 2007] [REVISED 26 Nov 2007] [REVISED 8 Feb 2008] [REVISED 27 Feb 2008] [REVISED 10 Apr 2008] ______________________________________________________________________________ PROBLEM: There are several flaws in TeTeX in the: 1) handling of PDF files; and 2) library, used in the handling of Type 1 fonts. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linus AS, ES, WS (v. 3, v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 4.0 (etch) and 4.0 (stable) DAMAGE: Could cause TeTeX to crash or potentially execute arbitrary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Could cause TeTeX to crash or potentially ASSESSMENT: execute arbitrary code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-046.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-1027.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-1030.html https://rhn.redhat.com/errata/RHSA-2007-1024.html http://www.debian.org/security/2007/dsa-1408 http://www.debian.org/security/2007/dsa-1480 http://www.debian.org/security/2007/dsa-1509 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-4033 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 ______________________________________________________________________________ REVISION HISTORY: 11/14/2007 - revised S-046 to add a link to Red Hat RHSA-2007:1024-6 for Red Hat Desktop (v. 4), Red Hat Enterprise Linux AS, ES, WS (v. 4). 11/26/2007 - revised S-046 to add a link to Debian Security Advisory DSA-1408-1 for Debian GNU/Linux 4.0 (etch). 02/08/2008 - revised S-046 to add a link to Debian Security Advisory DSA-1480-1 for Debian GNU/Linux 4.0 (stable). 02/27/2008 - revised S-046 to add a link to Debian Security Advisory DSA-1509-1 for Debian GNU/Linux 4.0 (etch). 04/10/2008 - revised S-046 to add a link to Debian Security Advisory DSA-1537-1 for Debian GNU/Linux 4.0 (etch). [***** Start Red Hat RHSA-2007:1027-6 *****] Important: tetex security update Advisory: RHSA-2007:1027-6 Type: Security Advisory Severity: Important Issued on: 2007-11-08 Last updated on: 2007-11-08 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20071027.xml CVEs (cve.mitre.org): CVE-2007-4033 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Details Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: tetex-2.0.2-22.0.1.EL4.10.src.rpm ee5da4d13ebc89ca506c862e66a58116 IA-32: tetex-2.0.2-22.0.1.EL4.10.i386.rpm 027c2aebbf12ad46978d7790fa33a564 tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm 2bc6040e0a781e828d6fd6952904b7cd tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm f7f973c9e4302e1dc454241af599a0c0 tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm e526a49d653a71963cc4c6ad83d7d025 tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm 340652dbb31b4ce1002dec39ddb149ac tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm c66a33f1d2ee030179ef30fad803488d tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm efd73b36456c5327ee1b24ef47e26f34 x86_64: tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm 9256a59442be5e16353c6e80c0c6eeb4 tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm 6382a7e46e5ad3d1e329e3620c0c5cb5 tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm 75373e789b643c8fa2fc93765e6970cd tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm f23f9a67113c9dc617423782f7f86d0c tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm 6d9ec577c3ca1a1de2765058437a7176 tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm 0281b2119f411044713b3681d79672e4 tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm 5adea0e5b6eb555d771445594ca09051 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: tetex-3.0-33.2.el5_1.2.src.rpm b1b42ba1708170366ef929542721e792 IA-32: tetex-3.0-33.2.el5_1.2.i386.rpm 1fbc3969e96b466560c90814b25aebe5 tetex-afm-3.0-33.2.el5_1.2.i386.rpm 440c373bdd22150fa5ad4804f078fec6 tetex-doc-3.0-33.2.el5_1.2.i386.rpm b5086ee4832639db57282878a9b4aa4c tetex-dvips-3.0-33.2.el5_1.2.i386.rpm 0568b6191a2f33f0b5ea028e419c0194 tetex-fonts-3.0-33.2.el5_1.2.i386.rpm 31fcdbc3370b30c2c665e86b5ca130a5 tetex-latex-3.0-33.2.el5_1.2.i386.rpm b2aae2adc2955a745774c227e4e335df tetex-xdvi-3.0-33.2.el5_1.2.i386.rpm 6c708669d258dc905000c1d20d18ad91 IA-64: tetex-3.0-33.2.el5_1.2.ia64.rpm f14401b2d2014defb1b54995368948f2 tetex-afm-3.0-33.2.el5_1.2.ia64.rpm 965666eb86b632b64019a082dacd40ba tetex-doc-3.0-33.2.el5_1.2.ia64.rpm 8273756d1787fb0fa59c61520e0b13ef tetex-dvips-3.0-33.2.el5_1.2.ia64.rpm a98808f0b6242a235086ea8995623dfd tetex-fonts-3.0-33.2.el5_1.2.ia64.rpm 4582e88c285f14755def63dbd7b95d70 tetex-latex-3.0-33.2.el5_1.2.ia64.rpm 330c602f426255fca1ce4e9bdda1e9d9 tetex-xdvi-3.0-33.2.el5_1.2.ia64.rpm f781a1659fb4f1edfa733fe478bff0c7 PPC: tetex-3.0-33.2.el5_1.2.ppc.rpm 433c7e0dacb9204070eb4e1b91db5a6d tetex-afm-3.0-33.2.el5_1.2.ppc.rpm 51b25740e8c0a82337015af7c8a7a6b4 tetex-doc-3.0-33.2.el5_1.2.ppc.rpm 85a01809c690a6684b4d39f589cf78ba tetex-dvips-3.0-33.2.el5_1.2.ppc.rpm d36f0865f96879fd8e154d4bb890c092 tetex-fonts-3.0-33.2.el5_1.2.ppc.rpm b2c62aaaa82424cd7c46d39d8d3a7ef2 tetex-latex-3.0-33.2.el5_1.2.ppc.rpm 6e0e98dd3e06ffe93c0c003466c53ffd tetex-xdvi-3.0-33.2.el5_1.2.ppc.rpm a7baac84232ddeddd26bc43719676605 s390x: tetex-3.0-33.2.el5_1.2.s390x.rpm a06beda8f1884944fd8714337b02e5f8 tetex-afm-3.0-33.2.el5_1.2.s390x.rpm d19f6c8e75e73a1aa3f9a5a7227189e6 tetex-doc-3.0-33.2.el5_1.2.s390x.rpm 314aaf805fa9908c5bd8dd066a78ee69 tetex-dvips-3.0-33.2.el5_1.2.s390x.rpm ffeeb98bc3d453d766f6834f681018e2 tetex-fonts-3.0-33.2.el5_1.2.s390x.rpm bc495169336a4193e62573c91ca98e08 tetex-latex-3.0-33.2.el5_1.2.s390x.rpm 27817f1ec00502caa8ab74c0dea42e8b tetex-xdvi-3.0-33.2.el5_1.2.s390x.rpm 051531181be471e4afbea3cc76e0087b x86_64: tetex-3.0-33.2.el5_1.2.x86_64.rpm 7a6307a6176d11dd21ec38a79260d5a1 tetex-afm-3.0-33.2.el5_1.2.x86_64.rpm 3dbdc412d3a9a189af7b62988e984db9 tetex-doc-3.0-33.2.el5_1.2.x86_64.rpm 3b43cf065dbdb05fb6c6114ff73960d2 tetex-dvips-3.0-33.2.el5_1.2.x86_64.rpm ed0a4845c96a539aead363cd53eeee14 tetex-fonts-3.0-33.2.el5_1.2.x86_64.rpm b14ed77067e9d92450b98d2bb5e31008 tetex-latex-3.0-33.2.el5_1.2.x86_64.rpm 291b02f4ab3ce4f51f87bd525b09adef tetex-xdvi-3.0-33.2.el5_1.2.x86_64.rpm a21bff151a307f6c1124f15fc609f0d4 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: tetex-2.0.2-22.0.1.EL4.10.src.rpm ee5da4d13ebc89ca506c862e66a58116 IA-32: tetex-2.0.2-22.0.1.EL4.10.i386.rpm 027c2aebbf12ad46978d7790fa33a564 tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm 2bc6040e0a781e828d6fd6952904b7cd tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm f7f973c9e4302e1dc454241af599a0c0 tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm e526a49d653a71963cc4c6ad83d7d025 tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm 340652dbb31b4ce1002dec39ddb149ac tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm c66a33f1d2ee030179ef30fad803488d tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm efd73b36456c5327ee1b24ef47e26f34 IA-64: tetex-2.0.2-22.0.1.EL4.10.ia64.rpm e06c955aba563a4be1d2b633e32ae112 tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm 597906ed92b23704e8b822a874040272 tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm dbac70370dbf2e15c4cf10a64e0888bd tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm 12e9fb0a0d262e17aec53c700147c704 tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm 60a15ffa5d94e10d5d30735474779695 tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm 424e7335434932c91afbb78068e0b6cc tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm 7ff7f7760f339077f54454a9b5941905 PPC: tetex-2.0.2-22.0.1.EL4.10.ppc.rpm 1362563a88035d1b5e568c3342e4ac27 tetex-afm-2.0.2-22.0.1.EL4.10.ppc.rpm 83244a2db4c8bd99d4cb38cdf4844551 tetex-doc-2.0.2-22.0.1.EL4.10.ppc.rpm 4707560e62f573407de9c3f611e06004 tetex-dvips-2.0.2-22.0.1.EL4.10.ppc.rpm 1a4a981d8f4d1627207eec38d5b7b23b tetex-fonts-2.0.2-22.0.1.EL4.10.ppc.rpm d8fd2d03c0c02c8f2e7f31560d8ea937 tetex-latex-2.0.2-22.0.1.EL4.10.ppc.rpm 5820a8afd235502f0a398a689dd6a62d tetex-xdvi-2.0.2-22.0.1.EL4.10.ppc.rpm 4f3648c6fc71c75e6b86836a98c4866a s390: tetex-2.0.2-22.0.1.EL4.10.s390.rpm a3b525ffbd450b2167e68831c2b55b73 tetex-afm-2.0.2-22.0.1.EL4.10.s390.rpm 4b0d73456a23c998c4ec04fb22c23ddb tetex-doc-2.0.2-22.0.1.EL4.10.s390.rpm f29a2b2a4c21c9cf104be216c6a5b0fe tetex-dvips-2.0.2-22.0.1.EL4.10.s390.rpm d41e8fd19df69be9e1f34fb1dada735f tetex-fonts-2.0.2-22.0.1.EL4.10.s390.rpm ff2526d5aa53852065ffee38b490cd67 tetex-latex-2.0.2-22.0.1.EL4.10.s390.rpm baa804414ce7c1a7cdc443dd8e0a0dcd tetex-xdvi-2.0.2-22.0.1.EL4.10.s390.rpm 0b7943a6d9800d90d4dbacac0302d531 s390x: tetex-2.0.2-22.0.1.EL4.10.s390x.rpm 43976716352f385d87865db38ea615af tetex-afm-2.0.2-22.0.1.EL4.10.s390x.rpm c644606a45f5a83ef9818973990325ea tetex-doc-2.0.2-22.0.1.EL4.10.s390x.rpm abacd59736f4169de95bfcf2382afa55 tetex-dvips-2.0.2-22.0.1.EL4.10.s390x.rpm f99dbe4de2733668786ee110f4896ed7 tetex-fonts-2.0.2-22.0.1.EL4.10.s390x.rpm b39ab1c0dc6a27c50f1611475402c26a tetex-latex-2.0.2-22.0.1.EL4.10.s390x.rpm 4ce12256a2a348f11cbfa9e368e2c734 tetex-xdvi-2.0.2-22.0.1.EL4.10.s390x.rpm 92b7f3c840d5523de4f979f015a3d062 x86_64: tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm 9256a59442be5e16353c6e80c0c6eeb4 tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm 6382a7e46e5ad3d1e329e3620c0c5cb5 tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm 75373e789b643c8fa2fc93765e6970cd tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm f23f9a67113c9dc617423782f7f86d0c tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm 6d9ec577c3ca1a1de2765058437a7176 tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm 0281b2119f411044713b3681d79672e4 tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm 5adea0e5b6eb555d771445594ca09051 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: tetex-3.0-33.2.el5_1.2.src.rpm b1b42ba1708170366ef929542721e792 IA-32: tetex-3.0-33.2.el5_1.2.i386.rpm 1fbc3969e96b466560c90814b25aebe5 tetex-afm-3.0-33.2.el5_1.2.i386.rpm 440c373bdd22150fa5ad4804f078fec6 tetex-doc-3.0-33.2.el5_1.2.i386.rpm b5086ee4832639db57282878a9b4aa4c tetex-dvips-3.0-33.2.el5_1.2.i386.rpm 0568b6191a2f33f0b5ea028e419c0194 tetex-fonts-3.0-33.2.el5_1.2.i386.rpm 31fcdbc3370b30c2c665e86b5ca130a5 tetex-latex-3.0-33.2.el5_1.2.i386.rpm b2aae2adc2955a745774c227e4e335df tetex-xdvi-3.0-33.2.el5_1.2.i386.rpm 6c708669d258dc905000c1d20d18ad91 x86_64: tetex-3.0-33.2.el5_1.2.x86_64.rpm 7a6307a6176d11dd21ec38a79260d5a1 tetex-afm-3.0-33.2.el5_1.2.x86_64.rpm 3dbdc412d3a9a189af7b62988e984db9 tetex-doc-3.0-33.2.el5_1.2.x86_64.rpm 3b43cf065dbdb05fb6c6114ff73960d2 tetex-dvips-3.0-33.2.el5_1.2.x86_64.rpm ed0a4845c96a539aead363cd53eeee14 tetex-fonts-3.0-33.2.el5_1.2.x86_64.rpm b14ed77067e9d92450b98d2bb5e31008 tetex-latex-3.0-33.2.el5_1.2.x86_64.rpm 291b02f4ab3ce4f51f87bd525b09adef tetex-xdvi-3.0-33.2.el5_1.2.x86_64.rpm a21bff151a307f6c1124f15fc609f0d4 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: tetex-2.0.2-22.0.1.EL4.10.src.rpm ee5da4d13ebc89ca506c862e66a58116 IA-32: tetex-2.0.2-22.0.1.EL4.10.i386.rpm 027c2aebbf12ad46978d7790fa33a564 tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm 2bc6040e0a781e828d6fd6952904b7cd tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm f7f973c9e4302e1dc454241af599a0c0 tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm e526a49d653a71963cc4c6ad83d7d025 tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm 340652dbb31b4ce1002dec39ddb149ac tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm c66a33f1d2ee030179ef30fad803488d tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm efd73b36456c5327ee1b24ef47e26f34 IA-64: tetex-2.0.2-22.0.1.EL4.10.ia64.rpm e06c955aba563a4be1d2b633e32ae112 tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm 597906ed92b23704e8b822a874040272 tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm dbac70370dbf2e15c4cf10a64e0888bd tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm 12e9fb0a0d262e17aec53c700147c704 tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm 60a15ffa5d94e10d5d30735474779695 tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm 424e7335434932c91afbb78068e0b6cc tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm 7ff7f7760f339077f54454a9b5941905 x86_64: tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm 9256a59442be5e16353c6e80c0c6eeb4 tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm 6382a7e46e5ad3d1e329e3620c0c5cb5 tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm 75373e789b643c8fa2fc93765e6970cd tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm f23f9a67113c9dc617423782f7f86d0c tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm 6d9ec577c3ca1a1de2765058437a7176 tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm 0281b2119f411044713b3681d79672e4 tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm 5adea0e5b6eb555d771445594ca09051 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: tetex-2.0.2-22.0.1.EL4.10.src.rpm ee5da4d13ebc89ca506c862e66a58116 IA-32: tetex-2.0.2-22.0.1.EL4.10.i386.rpm 027c2aebbf12ad46978d7790fa33a564 tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm 2bc6040e0a781e828d6fd6952904b7cd tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm f7f973c9e4302e1dc454241af599a0c0 tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm e526a49d653a71963cc4c6ad83d7d025 tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm 340652dbb31b4ce1002dec39ddb149ac tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm c66a33f1d2ee030179ef30fad803488d tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm efd73b36456c5327ee1b24ef47e26f34 IA-64: tetex-2.0.2-22.0.1.EL4.10.ia64.rpm e06c955aba563a4be1d2b633e32ae112 tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm 597906ed92b23704e8b822a874040272 tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm dbac70370dbf2e15c4cf10a64e0888bd tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm 12e9fb0a0d262e17aec53c700147c704 tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm 60a15ffa5d94e10d5d30735474779695 tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm 424e7335434932c91afbb78068e0b6cc tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm 7ff7f7760f339077f54454a9b5941905 x86_64: tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm 9256a59442be5e16353c6e80c0c6eeb4 tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm 6382a7e46e5ad3d1e329e3620c0c5cb5 tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm 75373e789b643c8fa2fc93765e6970cd tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm f23f9a67113c9dc617423782f7f86d0c tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm 6d9ec577c3ca1a1de2765058437a7176 tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm 0281b2119f411044713b3681d79672e4 tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm 5adea0e5b6eb555d771445594ca09051 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit() 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset() 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar() 352271 - CVE-2007-4033 t1lib font filename string overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:1027-6 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-036: Mono Vulnerability S-037: Perl-Compatible Regular Expression (PCRE) Vulnerabilities S-038: Perl Security Update S-039: httpd Security Update S-040: Vulnerability in Macrovision SECDRV.SYS Driver on Windows S-041: Wireshark Security Update S-042: CoolKey Security and Bug Fix Update S-043: OpenSSH Security and Bug Fix Update S-044: Apple QuickTime 7.3 Security Update S-045: OpenLDAP Security and Enhancement Update