New teTeX packages available

Advisory:	RHSA-2001:102-10
Type:	Security Advisory
Severity:	N/A
Issued on:	2001-08-22
Last updated on:	2001-10-23
Affected Products:	Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux 7.1
CVEs (cve.mitre.org):	CVE-2001-0906 CVE-2001-1002

Details

Updated teTeX packages are available, fixing a temporary file handling
vulnerability and an insecure invocation of dvips in a print filter.

A flaw has been discovered in the temporary file handling of some of
the scripts from the teTeX set of packages. This can, under some
circumstances, lead to a compromise of the groups that LPRng runs as.
Several scripts used the current process ID as
temporary file names and have now been altered to use the 'mktemp'
program instead.

Additionally, an insecure invocation of the 'dvips' program has been
discovered in the print filter used for handling DVI files. This has
been corrected to use the -R option.

The temporary file handling flaw affects Red Hat Linux 7.1 and
earlier. The DVI print filter problem affects Red Hat Linux 7.0 and
earlier. This vulnerability was discovered by zen-parse.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find RHN to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will ultimately upgrade the
appropriate RPMs on your system.

Updated packages

Red Hat Linux 6.2

SRPMS:
tetex-1.0.6-11.1.src.rpm File outdated by: RHSA-2002:194	`MD5: aef5a4e24dcd05f56f42beb26ac9bb5a`

Alpha:
tetex-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 6500e274dcbd173e0a82f70fa23b5053`
tetex-afm-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: d93967f749f446c6657c7384ae460049`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.6-11.1/alpha/tetex-doc-1.0.6-11.1.alpha.rpm Missing file	`MD5: bb59befe9dedff64da8f69f1644b3350`
tetex-dvilj-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 11fdeefc1d28deecaedf09919627f02f`
tetex-dvips-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 01c785b2e4a939a4936052e3b26ae049`
tetex-fonts-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 960f82ec7b8cc96018b5d69fd96cf911`
tetex-latex-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 4ae396e91cae566edb3a24be37d63e4a`
tetex-xdvi-1.0.6-11.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 773d7efe350bb3ab8bfb489e956715ed`

IA-32:
tetex-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 75c25414857669d7a8700317afa0e4c4`
tetex-afm-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: f065a71acf6d2e22d445218d17a3ae44`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.6-11.1/i386/tetex-doc-1.0.6-11.1.i386.rpm Missing file	`MD5: 4e2b6df8471f9f469f74e7cb82776ce9`
tetex-dvilj-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 71c3f51b326961321ec257bed80ed160`
tetex-dvips-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 6c0e52c45f461fbc5047c5e873e4ee94`
tetex-fonts-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 2c74765fc5f40ed510e438d485a32c11`
tetex-latex-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 44ea700ef07cb0fa958285c1c2eec365`
tetex-xdvi-1.0.6-11.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: a5c0634b2a696b7f132fdcec7b87ee9a`

Sparc:
tetex-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: eaa23f1bafc395d0ac072426edcab81e`
tetex-afm-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: 78a2dbf14562ac593c8caeb2e82d0f5f`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.6-11.1/sparc/tetex-doc-1.0.6-11.1.sparc.rpm Missing file	`MD5: 2228d0c56380ebb9c3ac53c2a1178744`
tetex-dvilj-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: 457e20797b19845fec2869102b77ccb5`
tetex-dvips-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: d70595fee3cc60d34ebe37c223d09d67`
tetex-fonts-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: 6d38cf619f240c32598b48ba016aab72`
tetex-latex-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: daf7123bddc69fffaa80863a857ac285`
tetex-xdvi-1.0.6-11.1.sparc.rpm File outdated by: RHSA-2002:194	`MD5: e02e590cd3ba8edc9f5ef50da4a91327`

Red Hat Linux 7.0

SRPMS:
tetex-1.0.7-8.1.src.rpm File outdated by: RHSA-2002:194	`MD5: d85cde2ab06dec1b7a5e98d23560d8fe`

Alpha:
tetex-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 7de66aebfeb6c6dd36301315c9421fd5`
tetex-afm-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: ebbd8bf9fa4ec70885dfb733f7b5f222`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.7-8.1/alpha/tetex-doc-1.0.7-8.1.alpha.rpm Missing file	`MD5: d03643092950c68fcb066f269a54d7b0`
tetex-dvilj-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 7dd2cb6b3ea4f90682cc21e33510fda8`
tetex-dvips-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 3062c54322a2a79a2ed1bbaa9a6e2a94`
tetex-fonts-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: f143a6c022c270ce72c163d367bb5379`
tetex-latex-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 83bc0de2f3cd96d24143c99bb73ca00b`
tetex-xdvi-1.0.7-8.1.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 1b029828980f679478348cbcf9dea700`

IA-32:
tetex-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 6da3c6aea7546ba4d59630fc737b8a1b`
tetex-afm-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 1d1aa0e55a3a74a91c3f1dd8428ac0b3`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.7-8.1/i386/tetex-doc-1.0.7-8.1.i386.rpm Missing file	`MD5: 2da84bc158736986c86df3060204c3c9`
tetex-dvilj-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: c32f025fea1fbe3e510e9b9be5f139b2`
tetex-dvips-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: 7f51251707edb3ac3016c6e92d4b8809`
tetex-fonts-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: b1becddc167f794e3fc79f93a0134aa7`
tetex-latex-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: f055c1e2ee08c4556606269d0c2b2d0d`
tetex-xdvi-1.0.7-8.1.i386.rpm File outdated by: RHSA-2002:194	`MD5: a3d01d06f08d1c2fd392d453be6bc39f`

Red Hat Linux 7.1

SRPMS:
tetex-1.0.7-15.6.src.rpm File outdated by: RHSA-2002:194	`MD5: 7d4880ea02db78178e34e3b9c6611bd8`

Alpha:
tetex-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 8103ae425ff78175ddb4f88de9d1fffc`
tetex-afm-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 73d15bdeb7a646636ee729050bf69964`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.7-15.6/alpha/tetex-doc-1.0.7-15.6.alpha.rpm Missing file	`MD5: 7b3d8f0bb1668633e817fc7769004b8b`
tetex-dvilj-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: a46580527f0c4150f5d4d196381401a4`
tetex-dvips-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 49b131bf3c5c974920990f92d2333299`
tetex-fonts-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: a718b3946344546118f8891f9f127782`
tetex-latex-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 9e62a43808709e6de3032dad523e4eaf`
tetex-xdvi-1.0.7-15.6.alpha.rpm File outdated by: RHSA-2002:194	`MD5: 0996ac5ab924d732c7dfa3d0fbbcad4e`

IA-32:
tetex-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: c0da4a553097190ca54de6cf9fc39f8f`
tetex-afm-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: 13cd3fb9a10f965001cf5b1ede141034`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.7-15.6/i386/tetex-doc-1.0.7-15.6.i386.rpm Missing file	`MD5: 97cf3aba96d8a5fecdd71233a7abbc45`
tetex-dvilj-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: f79667c8fcc01f839878b7c47351cfe8`
tetex-dvips-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: 2ff3c7a17c13dc1b67432f873fbf0495`
tetex-fonts-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: 3411f4ff7f2f8a32f673a31933c752bc`
tetex-latex-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: 932bbebf9588371b1c90fee9f91337ef`
tetex-xdvi-1.0.7-15.6.i386.rpm File outdated by: RHSA-2002:194	`MD5: b06f280362eff944d078569104e45ff0`

IA-64:
tetex-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: a9f6020e55de3eb9a78f1b34d27500a9`
tetex-afm-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: a2f3d2c67f19f9e74fa1734086baff96`
ftp://updates.redhat.com/rhn/repository/NULL/tetex-doc/1.0.7-15.6/ia64/tetex-doc-1.0.7-15.6.ia64.rpm Missing file	`MD5: 5f5c3706adf654d4c3f1fb508d3782e8`
tetex-dvilj-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: ebb6ed36cab0a0b1e7cb9ae333c78cd2`
tetex-dvips-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: a9613ac46520d951e0a9a049d31c4980`
tetex-fonts-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: 8fb620f978e9baa631dfb46c7f142e18`
tetex-latex-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: 0c6cb8674817a62cea95b667f8a2d04c`
tetex-xdvi-1.0.7-15.6.ia64.rpm File outdated by: RHSA-2002:194	`MD5: a48380237cc8db62ab166d69f068a5ee`

Bugs fixed (see bugzilla for more information)

43342 - race condition - possible elevation of privs

References

https://www.redhat.com/security/data/cve/CVE-2001-0906.html
https://www.redhat.com/security/data/cve/CVE-2001-1002.html

Keywords

dvips, files, temporary, tetex

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/