Security Advisory New teTeX packages available

Advisory: RHSA-2001:102-10
Type: Security Advisory
Severity: N/A
Issued on: 2001-08-22
Last updated on: 2001-10-23
Affected Products: Other
Red Hat Linux 5.2
Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
OVAL: N/A
CVEs (cve.mitre.org): CVE-2001-0906
CVE-2001-1002

Details

Updated teTeX packages are available, fixing a temporary file handling
vulnerability and an insecure invocation of dvips in a print filter.

A flaw has been discovered in the temporary file handling of some of
the scripts from the teTeX set of packages. This can, under some
circumstances, lead to a compromise of the groups that LPRng runs as.
Several scripts used the current process ID as
temporary file names and have now been altered to use the 'mktemp'
program instead.

Additionally, an insecure invocation of the 'dvips' program has been
discovered in the print filter used for handling DVI files. This has
been corrected to use the -R option.

The temporary file handling flaw affects Red Hat Linux 7.1 and
earlier. The DVI print filter problem affects Red Hat Linux 7.0 and
earlier. This vulnerability was discovered by zen-parse.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find RHN to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will ultimately upgrade the
appropriate RPMs on your system.

Updated packages

Other
SRPMS:
ftp://updates.redhat.com/7.0J/ja/os/SRPMS/tetex-1.0.7-7j3.1.src.rpm
Missing file		     08a1e6792eba338380c9a2d1f36ad674
 
i386:
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-1.0.7-7j3.1.i386.rpm
Missing file		     6005314550c84694a1cc1754c96d284f
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-afm-1.0.7-7j3.1.i386.rpm
Missing file		     eac107028f728885cd7ce2c2a675aac0
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-doc-1.0.7-7j3.1.i386.rpm
Missing file		     0a90c87a12de1facdeb5c668a0122702
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-dvilj-1.0.7-7j3.1.i386.rpm
Missing file		     c13074d5cb0eaf7c4f62bfa4bc5f0d2d
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-dvips-1.0.7-7j3.1.i386.rpm
Missing file		     9dc0043ddb1c4c005fdb4c630f1ad0ae
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-fonts-1.0.7-7j3.1.i386.rpm
Missing file		     2a12b1f111717e87c02448d6d50a3b1f
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-latex-1.0.7-7j3.1.i386.rpm
Missing file		     4dc2ad7dce51b863774dae17324ff4af
ftp://updates.redhat.com/7.0J/ja/os/i386/tetex-xdvi-1.0.7-7j3.1.i386.rpm
Missing file		     8cb98ee3ec80ce9388ddca4b400514b9
 
Red Hat Linux 5.2
SRPMS:
ftp://updates.redhat.com/5.2/en/os/SRPMS/tetex-0.9-6.1.src.rpm
Missing file		     6919da4f81c2172ad0cdb2ca74206c02
 
alpha:
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-0.9-6.1.alpha.rpm
Missing file		     5398db8e28a284ddc9dcbdad7a0274af
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-afm-0.9-6.1.alpha.rpm
Missing file		     4d48f95f675c6043abe90c8989b4bf23
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-doc-0.9-6.1.alpha.rpm
Missing file		     bd9853b26f8e274a11df76004943c4b4
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-dvilj-0.9-6.1.alpha.rpm
Missing file		     9ec723b0d226dcfbf391cc01c269d01a
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-dvips-0.9-6.1.alpha.rpm
Missing file		     3d9327b92744c2005b7ba4ced74324e3
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-latex-0.9-6.1.alpha.rpm
Missing file		     502c560430969d079d6e40ebe765a15a
ftp://updates.redhat.com/5.2/en/os/alpha/tetex-xdvi-0.9-6.1.alpha.rpm
Missing file		     e311b25332f8565b578cc6d6302b071a
 
i386:
ftp://updates.redhat.com/5.2/en/os/i386/tetex-0.9-6.1.i386.rpm
Missing file		     ec6688323ed83d8f463c341ea99c54d0
ftp://updates.redhat.com/5.2/en/os/i386/tetex-afm-0.9-6.1.i386.rpm
Missing file		     7828199233cc7af19742047b4da6a8cd
ftp://updates.redhat.com/5.2/en/os/i386/tetex-doc-0.9-6.1.i386.rpm
Missing file		     224d73b38eeaa3a80687a5541ae98834
ftp://updates.redhat.com/5.2/en/os/i386/tetex-dvilj-0.9-6.1.i386.rpm
Missing file		     55c41e0b073ca5a90bd8efe40859c5ca
ftp://updates.redhat.com/5.2/en/os/i386/tetex-dvips-0.9-6.1.i386.rpm
Missing file		     ece426e44fd0ea40b2924f942c0b5da2
ftp://updates.redhat.com/5.2/en/os/i386/tetex-latex-0.9-6.1.i386.rpm
Missing file		     aa5660376f1b4ffe73ad6f5719fb744b
ftp://updates.redhat.com/5.2/en/os/i386/tetex-xdvi-0.9-6.1.i386.rpm
Missing file		     d12b42288dd4fa34283a8a8c4d64d1b0
 
Red Hat Linux 6.2
SRPMS:
tetex-1.0.6-11.1.src.rpm
File outdated by:  RHSA-2002:194		     aef5a4e24dcd05f56f42beb26ac9bb5a
 
Alpha:
tetex-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     6500e274dcbd173e0a82f70fa23b5053
tetex-afm-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     d93967f749f446c6657c7384ae460049
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-doc-1.0.6-11.1.alpha.rpm
Missing file		     bb59befe9dedff64da8f69f1644b3350
tetex-dvilj-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     11fdeefc1d28deecaedf09919627f02f
tetex-dvips-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     01c785b2e4a939a4936052e3b26ae049
tetex-fonts-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     960f82ec7b8cc96018b5d69fd96cf911
tetex-latex-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     4ae396e91cae566edb3a24be37d63e4a
tetex-xdvi-1.0.6-11.1.alpha.rpm
File outdated by:  RHSA-2002:194		     773d7efe350bb3ab8bfb489e956715ed
 
IA-32:
tetex-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     75c25414857669d7a8700317afa0e4c4
tetex-afm-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     f065a71acf6d2e22d445218d17a3ae44
ftp://updates.redhat.com/6.2/en/os/i386/tetex-doc-1.0.6-11.1.i386.rpm
Missing file		     4e2b6df8471f9f469f74e7cb82776ce9
tetex-dvilj-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     71c3f51b326961321ec257bed80ed160
tetex-dvips-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     6c0e52c45f461fbc5047c5e873e4ee94
tetex-fonts-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     2c74765fc5f40ed510e438d485a32c11
tetex-latex-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     44ea700ef07cb0fa958285c1c2eec365
tetex-xdvi-1.0.6-11.1.i386.rpm
File outdated by:  RHSA-2002:194		     a5c0634b2a696b7f132fdcec7b87ee9a
 
Sparc:
tetex-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     eaa23f1bafc395d0ac072426edcab81e
tetex-afm-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     78a2dbf14562ac593c8caeb2e82d0f5f
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-doc-1.0.6-11.1.sparc.rpm
Missing file		     2228d0c56380ebb9c3ac53c2a1178744
tetex-dvilj-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     457e20797b19845fec2869102b77ccb5
tetex-dvips-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     d70595fee3cc60d34ebe37c223d09d67
tetex-fonts-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     6d38cf619f240c32598b48ba016aab72
tetex-latex-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     daf7123bddc69fffaa80863a857ac285
tetex-xdvi-1.0.6-11.1.sparc.rpm
File outdated by:  RHSA-2002:194		     e02e590cd3ba8edc9f5ef50da4a91327
 
Red Hat Linux 7.0
SRPMS:
tetex-1.0.7-8.1.src.rpm
File outdated by:  RHSA-2002:194		     d85cde2ab06dec1b7a5e98d23560d8fe
 
Alpha:
tetex-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     7de66aebfeb6c6dd36301315c9421fd5
tetex-afm-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     ebbd8bf9fa4ec70885dfb733f7b5f222
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-doc-1.0.7-8.1.alpha.rpm
Missing file		     d03643092950c68fcb066f269a54d7b0
tetex-dvilj-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     7dd2cb6b3ea4f90682cc21e33510fda8
tetex-dvips-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     3062c54322a2a79a2ed1bbaa9a6e2a94
tetex-fonts-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     f143a6c022c270ce72c163d367bb5379
tetex-latex-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     83bc0de2f3cd96d24143c99bb73ca00b
tetex-xdvi-1.0.7-8.1.alpha.rpm
File outdated by:  RHSA-2002:194		     1b029828980f679478348cbcf9dea700
 
IA-32:
tetex-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     6da3c6aea7546ba4d59630fc737b8a1b
tetex-afm-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     1d1aa0e55a3a74a91c3f1dd8428ac0b3
ftp://updates.redhat.com/7.0/en/os/i386/tetex-doc-1.0.7-8.1.i386.rpm
Missing file		     2da84bc158736986c86df3060204c3c9
tetex-dvilj-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     c32f025fea1fbe3e510e9b9be5f139b2
tetex-dvips-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     7f51251707edb3ac3016c6e92d4b8809
tetex-fonts-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     b1becddc167f794e3fc79f93a0134aa7
tetex-latex-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     f055c1e2ee08c4556606269d0c2b2d0d
tetex-xdvi-1.0.7-8.1.i386.rpm
File outdated by:  RHSA-2002:194		     a3d01d06f08d1c2fd392d453be6bc39f
 
Red Hat Linux 7.1
SRPMS:
tetex-1.0.7-15.6.src.rpm
File outdated by:  RHSA-2002:194		     7d4880ea02db78178e34e3b9c6611bd8
 
Alpha:
tetex-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     8103ae425ff78175ddb4f88de9d1fffc
tetex-afm-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     73d15bdeb7a646636ee729050bf69964
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-doc-1.0.7-15.6.alpha.rpm
Missing file		     7b3d8f0bb1668633e817fc7769004b8b
tetex-dvilj-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     a46580527f0c4150f5d4d196381401a4
tetex-dvips-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     49b131bf3c5c974920990f92d2333299
tetex-fonts-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     a718b3946344546118f8891f9f127782
tetex-latex-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     9e62a43808709e6de3032dad523e4eaf
tetex-xdvi-1.0.7-15.6.alpha.rpm
File outdated by:  RHSA-2002:194		     0996ac5ab924d732c7dfa3d0fbbcad4e
 
IA-32:
tetex-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     c0da4a553097190ca54de6cf9fc39f8f
tetex-afm-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     13cd3fb9a10f965001cf5b1ede141034
ftp://updates.redhat.com/7.1/en/os/i386/tetex-doc-1.0.7-15.6.i386.rpm
Missing file		     97cf3aba96d8a5fecdd71233a7abbc45
tetex-dvilj-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     f79667c8fcc01f839878b7c47351cfe8
tetex-dvips-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     2ff3c7a17c13dc1b67432f873fbf0495
tetex-fonts-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     3411f4ff7f2f8a32f673a31933c752bc
tetex-latex-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     932bbebf9588371b1c90fee9f91337ef
tetex-xdvi-1.0.7-15.6.i386.rpm
File outdated by:  RHSA-2002:194		     b06f280362eff944d078569104e45ff0
 
IA-64:
tetex-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     a9f6020e55de3eb9a78f1b34d27500a9
tetex-afm-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     a2f3d2c67f19f9e74fa1734086baff96
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-doc-1.0.7-15.6.ia64.rpm
Missing file		     5f5c3706adf654d4c3f1fb508d3782e8
tetex-dvilj-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     ebb6ed36cab0a0b1e7cb9ae333c78cd2
tetex-dvips-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     a9613ac46520d951e0a9a049d31c4980
tetex-fonts-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     8fb620f978e9baa631dfb46c7f142e18
tetex-latex-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     0c6cb8674817a62cea95b667f8a2d04c
tetex-xdvi-1.0.7-15.6.ia64.rpm
File outdated by:  RHSA-2002:194		     a48380237cc8db62ab166d69f068a5ee
 

Bugs fixed (see bugzilla for more information)

43342 - race condition - possible elevation of privs


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1002

Keywords

dvips, files, temporary, tetex

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/