Mandriva Linux Security Advisory 2012-144 - Multiple vulnerabilities has been found and corrected in tetex. The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
5c8b23cd2ecf83077e06d18f8f80cd038b4b0c331dd6a9baa869678d5a8dcadf-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:144
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tetex
Date : August 28, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in tetex:
The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).
A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document
viewer and other products, processed line tokens from the given input
stream. A remote attacker could provide a DVI file, with embedded
specially-crafted font file, and trick the local user to open it with
an application using the AFM font parser, leading to that particular
application crash or, potentially, arbitrary code execution with the
privileges of the user running the application. Different vulnerability
than CVE-2010-2642 (CVE-2011-0433).
t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with
a dereference operation, which allows remote attackers to execute
arbitrary code via a specially crafted Type 1 font in a PDF document
(CVE-2011-0764).
t1lib 5.1.2 and earlier reads from invalid memory locations, which
allows remote attackers to cause a denial of service (application
crash) via a crafted Type 1 font in a PDF document, a different
vulnerability than CVE-2011-0764 (CVE-2011-1552).
Use-after-free vulnerability in t1lib 5.1.2 and earlier allows
remote attackers to cause a denial of service (application crash)
via a PDF document containing a crafted Type 1 font that triggers an
invalid memory write, a different vulnerability than CVE-2011-0764
(CVE-2011-1553).
Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers
to cause a denial of service (application crash) via a PDF document
containing a crafted Type 1 font that triggers an invalid memory
read, integer overflow, and invalid pointer dereference, a different
vulnerability than CVE-2011-0764 (CVE-2011-1554).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
http://www.toucan-system.com/advisories/tssa-2011-01.txt
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
f7f810e4116f27e959f188bb703c5ea1 mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm
e5bd1bdccaab2c7e2cafec53cacc84d1 mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm
79ba60000da9d48376d0682f83739d3d mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm
2762a01972d571253ec542acc172a93b mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm
04d2e75e3725fb22fe734f3e386f140a mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm
aa4fda2fc5d73e95e1b884ab82ec06ef mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm
188ed09bb211d33436e5c46b33be1a53 mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm
eed48db7403810ae54eea2bca807f327 mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm
e67df6f478840570b2faa773da08f376 mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm
2ae270880967e2497cbc23a515650edf mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm
1c4d957b2bb7186866636a4a16248471 mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm
ce3abdde00968916b2d9fbc84c46899f mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm
49c86d874f6d4f63dff0ea033a3769dc mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm
35baf4b93edcd30c2850d11691cc31f2 mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm
69cf64422423d89a69c96bf28c239a5a mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm
afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
c74b150324e5507584fcf6d0de675540 mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm
ece2f503c3d2d72784a395bde4d4b55f mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm
579a9fd3844da7e5b0ef0745a449d4b7 mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm
06bc60c5f500374c3f3fe24d674d614a mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm
bf8aace57cf58d686bbe3c55fb4141b3 mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm
ecfe9cd5a4a5e03172d01c44c51fb5b5 mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm
8ec49ac5b95d4caba4c2964ad60c7102 mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm
318b50b134c1b78e1fc410f442dcc603 mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm
9c1594242450e651dbccb0f23d985720 mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm
442fa550ce7b17d812c8b821ef3ea6d1 mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm
62aa630345a117725cd2dde5f9e62826 mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm
8534c04f7ac1d14f0f696629da487450 mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm
d18f2d629add6518679ca651522e92c4 mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm
444972fe98ba46addb89212663efdc33 mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm
037d0d760c6df3402b9742898943b021 mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm
afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFQPILgmqjQ0CJFipgRAhKBAKCoEM/F4H4+e23lviOf3CYmM8VXJACfegKO
0W8FQpb3KMbHTudQn9SwMkk=
=y2n2
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed