Security Advisory Important: tetex security update

Advisory: RHSA-2007:1027-6
Type: Security Advisory
Severity: Important
Issued on: 2007-11-08
Last updated on: 2007-11-08
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20071027.xml
CVEs (cve.mitre.org): CVE-2007-4033
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393

Details

Updated tetex packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

TeTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (dvi) file as output.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause TeTeX to crash
or potentially execute arbitrary code when opened.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

A flaw was found in the t1lib library, used in the handling of Type 1
fonts. An attacker could create a malicious file that would cause TeTeX to
crash, or potentially execute arbitrary code when opened. (CVE-2007-4033)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
tetex-2.0.2-22.0.1.EL4.10.src.rpm     ee5da4d13ebc89ca506c862e66a58116
 
IA-32:
tetex-2.0.2-22.0.1.EL4.10.i386.rpm     027c2aebbf12ad46978d7790fa33a564
tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm     2bc6040e0a781e828d6fd6952904b7cd
tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm     f7f973c9e4302e1dc454241af599a0c0
tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm     e526a49d653a71963cc4c6ad83d7d025
tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm     340652dbb31b4ce1002dec39ddb149ac
tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm     c66a33f1d2ee030179ef30fad803488d
tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm     efd73b36456c5327ee1b24ef47e26f34
 
x86_64:
tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm     9256a59442be5e16353c6e80c0c6eeb4
tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm     6382a7e46e5ad3d1e329e3620c0c5cb5
tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm     75373e789b643c8fa2fc93765e6970cd
tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm     f23f9a67113c9dc617423782f7f86d0c
tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm     6d9ec577c3ca1a1de2765058437a7176
tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm     0281b2119f411044713b3681d79672e4
tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm     5adea0e5b6eb555d771445594ca09051
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
tetex-3.0-33.2.el5_1.2.src.rpm     b1b42ba1708170366ef929542721e792
 
IA-32:
tetex-3.0-33.2.el5_1.2.i386.rpm     1fbc3969e96b466560c90814b25aebe5
tetex-afm-3.0-33.2.el5_1.2.i386.rpm     440c373bdd22150fa5ad4804f078fec6
tetex-doc-3.0-33.2.el5_1.2.i386.rpm     b5086ee4832639db57282878a9b4aa4c
tetex-dvips-3.0-33.2.el5_1.2.i386.rpm     0568b6191a2f33f0b5ea028e419c0194
tetex-fonts-3.0-33.2.el5_1.2.i386.rpm     31fcdbc3370b30c2c665e86b5ca130a5
tetex-latex-3.0-33.2.el5_1.2.i386.rpm     b2aae2adc2955a745774c227e4e335df
tetex-xdvi-3.0-33.2.el5_1.2.i386.rpm     6c708669d258dc905000c1d20d18ad91
 
IA-64:
tetex-3.0-33.2.el5_1.2.ia64.rpm     f14401b2d2014defb1b54995368948f2
tetex-afm-3.0-33.2.el5_1.2.ia64.rpm     965666eb86b632b64019a082dacd40ba
tetex-doc-3.0-33.2.el5_1.2.ia64.rpm     8273756d1787fb0fa59c61520e0b13ef
tetex-dvips-3.0-33.2.el5_1.2.ia64.rpm     a98808f0b6242a235086ea8995623dfd
tetex-fonts-3.0-33.2.el5_1.2.ia64.rpm     4582e88c285f14755def63dbd7b95d70
tetex-latex-3.0-33.2.el5_1.2.ia64.rpm     330c602f426255fca1ce4e9bdda1e9d9
tetex-xdvi-3.0-33.2.el5_1.2.ia64.rpm     f781a1659fb4f1edfa733fe478bff0c7
 
PPC:
tetex-3.0-33.2.el5_1.2.ppc.rpm     433c7e0dacb9204070eb4e1b91db5a6d
tetex-afm-3.0-33.2.el5_1.2.ppc.rpm     51b25740e8c0a82337015af7c8a7a6b4
tetex-doc-3.0-33.2.el5_1.2.ppc.rpm     85a01809c690a6684b4d39f589cf78ba
tetex-dvips-3.0-33.2.el5_1.2.ppc.rpm     d36f0865f96879fd8e154d4bb890c092
tetex-fonts-3.0-33.2.el5_1.2.ppc.rpm     b2c62aaaa82424cd7c46d39d8d3a7ef2
tetex-latex-3.0-33.2.el5_1.2.ppc.rpm     6e0e98dd3e06ffe93c0c003466c53ffd
tetex-xdvi-3.0-33.2.el5_1.2.ppc.rpm     a7baac84232ddeddd26bc43719676605
 
s390x:
tetex-3.0-33.2.el5_1.2.s390x.rpm     a06beda8f1884944fd8714337b02e5f8
tetex-afm-3.0-33.2.el5_1.2.s390x.rpm     d19f6c8e75e73a1aa3f9a5a7227189e6
tetex-doc-3.0-33.2.el5_1.2.s390x.rpm     314aaf805fa9908c5bd8dd066a78ee69
tetex-dvips-3.0-33.2.el5_1.2.s390x.rpm     ffeeb98bc3d453d766f6834f681018e2
tetex-fonts-3.0-33.2.el5_1.2.s390x.rpm     bc495169336a4193e62573c91ca98e08
tetex-latex-3.0-33.2.el5_1.2.s390x.rpm     27817f1ec00502caa8ab74c0dea42e8b
tetex-xdvi-3.0-33.2.el5_1.2.s390x.rpm     051531181be471e4afbea3cc76e0087b
 
x86_64:
tetex-3.0-33.2.el5_1.2.x86_64.rpm     7a6307a6176d11dd21ec38a79260d5a1
tetex-afm-3.0-33.2.el5_1.2.x86_64.rpm     3dbdc412d3a9a189af7b62988e984db9
tetex-doc-3.0-33.2.el5_1.2.x86_64.rpm     3b43cf065dbdb05fb6c6114ff73960d2
tetex-dvips-3.0-33.2.el5_1.2.x86_64.rpm     ed0a4845c96a539aead363cd53eeee14
tetex-fonts-3.0-33.2.el5_1.2.x86_64.rpm     b14ed77067e9d92450b98d2bb5e31008
tetex-latex-3.0-33.2.el5_1.2.x86_64.rpm     291b02f4ab3ce4f51f87bd525b09adef
tetex-xdvi-3.0-33.2.el5_1.2.x86_64.rpm     a21bff151a307f6c1124f15fc609f0d4
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
tetex-2.0.2-22.0.1.EL4.10.src.rpm     ee5da4d13ebc89ca506c862e66a58116
 
IA-32:
tetex-2.0.2-22.0.1.EL4.10.i386.rpm     027c2aebbf12ad46978d7790fa33a564
tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm     2bc6040e0a781e828d6fd6952904b7cd
tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm     f7f973c9e4302e1dc454241af599a0c0
tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm     e526a49d653a71963cc4c6ad83d7d025
tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm     340652dbb31b4ce1002dec39ddb149ac
tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm     c66a33f1d2ee030179ef30fad803488d
tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm     efd73b36456c5327ee1b24ef47e26f34
 
IA-64:
tetex-2.0.2-22.0.1.EL4.10.ia64.rpm     e06c955aba563a4be1d2b633e32ae112
tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm     597906ed92b23704e8b822a874040272
tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm     dbac70370dbf2e15c4cf10a64e0888bd
tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm     12e9fb0a0d262e17aec53c700147c704
tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm     60a15ffa5d94e10d5d30735474779695
tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm     424e7335434932c91afbb78068e0b6cc
tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm     7ff7f7760f339077f54454a9b5941905
 
PPC:
tetex-2.0.2-22.0.1.EL4.10.ppc.rpm     1362563a88035d1b5e568c3342e4ac27
tetex-afm-2.0.2-22.0.1.EL4.10.ppc.rpm     83244a2db4c8bd99d4cb38cdf4844551
tetex-doc-2.0.2-22.0.1.EL4.10.ppc.rpm     4707560e62f573407de9c3f611e06004
tetex-dvips-2.0.2-22.0.1.EL4.10.ppc.rpm     1a4a981d8f4d1627207eec38d5b7b23b
tetex-fonts-2.0.2-22.0.1.EL4.10.ppc.rpm     d8fd2d03c0c02c8f2e7f31560d8ea937
tetex-latex-2.0.2-22.0.1.EL4.10.ppc.rpm     5820a8afd235502f0a398a689dd6a62d
tetex-xdvi-2.0.2-22.0.1.EL4.10.ppc.rpm     4f3648c6fc71c75e6b86836a98c4866a
 
s390:
tetex-2.0.2-22.0.1.EL4.10.s390.rpm     a3b525ffbd450b2167e68831c2b55b73
tetex-afm-2.0.2-22.0.1.EL4.10.s390.rpm     4b0d73456a23c998c4ec04fb22c23ddb
tetex-doc-2.0.2-22.0.1.EL4.10.s390.rpm     f29a2b2a4c21c9cf104be216c6a5b0fe
tetex-dvips-2.0.2-22.0.1.EL4.10.s390.rpm     d41e8fd19df69be9e1f34fb1dada735f
tetex-fonts-2.0.2-22.0.1.EL4.10.s390.rpm     ff2526d5aa53852065ffee38b490cd67
tetex-latex-2.0.2-22.0.1.EL4.10.s390.rpm     baa804414ce7c1a7cdc443dd8e0a0dcd
tetex-xdvi-2.0.2-22.0.1.EL4.10.s390.rpm     0b7943a6d9800d90d4dbacac0302d531
 
s390x:
tetex-2.0.2-22.0.1.EL4.10.s390x.rpm     43976716352f385d87865db38ea615af
tetex-afm-2.0.2-22.0.1.EL4.10.s390x.rpm     c644606a45f5a83ef9818973990325ea
tetex-doc-2.0.2-22.0.1.EL4.10.s390x.rpm     abacd59736f4169de95bfcf2382afa55
tetex-dvips-2.0.2-22.0.1.EL4.10.s390x.rpm     f99dbe4de2733668786ee110f4896ed7
tetex-fonts-2.0.2-22.0.1.EL4.10.s390x.rpm     b39ab1c0dc6a27c50f1611475402c26a
tetex-latex-2.0.2-22.0.1.EL4.10.s390x.rpm     4ce12256a2a348f11cbfa9e368e2c734
tetex-xdvi-2.0.2-22.0.1.EL4.10.s390x.rpm     92b7f3c840d5523de4f979f015a3d062
 
x86_64:
tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm     9256a59442be5e16353c6e80c0c6eeb4
tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm     6382a7e46e5ad3d1e329e3620c0c5cb5
tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm     75373e789b643c8fa2fc93765e6970cd
tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm     f23f9a67113c9dc617423782f7f86d0c
tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm     6d9ec577c3ca1a1de2765058437a7176
tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm     0281b2119f411044713b3681d79672e4
tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm     5adea0e5b6eb555d771445594ca09051
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
tetex-3.0-33.2.el5_1.2.src.rpm     b1b42ba1708170366ef929542721e792
 
IA-32:
tetex-3.0-33.2.el5_1.2.i386.rpm     1fbc3969e96b466560c90814b25aebe5
tetex-afm-3.0-33.2.el5_1.2.i386.rpm     440c373bdd22150fa5ad4804f078fec6
tetex-doc-3.0-33.2.el5_1.2.i386.rpm     b5086ee4832639db57282878a9b4aa4c
tetex-dvips-3.0-33.2.el5_1.2.i386.rpm     0568b6191a2f33f0b5ea028e419c0194
tetex-fonts-3.0-33.2.el5_1.2.i386.rpm     31fcdbc3370b30c2c665e86b5ca130a5
tetex-latex-3.0-33.2.el5_1.2.i386.rpm     b2aae2adc2955a745774c227e4e335df
tetex-xdvi-3.0-33.2.el5_1.2.i386.rpm     6c708669d258dc905000c1d20d18ad91
 
x86_64:
tetex-3.0-33.2.el5_1.2.x86_64.rpm     7a6307a6176d11dd21ec38a79260d5a1
tetex-afm-3.0-33.2.el5_1.2.x86_64.rpm     3dbdc412d3a9a189af7b62988e984db9
tetex-doc-3.0-33.2.el5_1.2.x86_64.rpm     3b43cf065dbdb05fb6c6114ff73960d2
tetex-dvips-3.0-33.2.el5_1.2.x86_64.rpm     ed0a4845c96a539aead363cd53eeee14
tetex-fonts-3.0-33.2.el5_1.2.x86_64.rpm     b14ed77067e9d92450b98d2bb5e31008
tetex-latex-3.0-33.2.el5_1.2.x86_64.rpm     291b02f4ab3ce4f51f87bd525b09adef
tetex-xdvi-3.0-33.2.el5_1.2.x86_64.rpm     a21bff151a307f6c1124f15fc609f0d4
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
tetex-2.0.2-22.0.1.EL4.10.src.rpm     ee5da4d13ebc89ca506c862e66a58116
 
IA-32:
tetex-2.0.2-22.0.1.EL4.10.i386.rpm     027c2aebbf12ad46978d7790fa33a564
tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm     2bc6040e0a781e828d6fd6952904b7cd
tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm     f7f973c9e4302e1dc454241af599a0c0
tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm     e526a49d653a71963cc4c6ad83d7d025
tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm     340652dbb31b4ce1002dec39ddb149ac
tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm     c66a33f1d2ee030179ef30fad803488d
tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm     efd73b36456c5327ee1b24ef47e26f34
 
IA-64:
tetex-2.0.2-22.0.1.EL4.10.ia64.rpm     e06c955aba563a4be1d2b633e32ae112
tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm     597906ed92b23704e8b822a874040272
tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm     dbac70370dbf2e15c4cf10a64e0888bd
tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm     12e9fb0a0d262e17aec53c700147c704
tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm     60a15ffa5d94e10d5d30735474779695
tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm     424e7335434932c91afbb78068e0b6cc
tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm     7ff7f7760f339077f54454a9b5941905
 
x86_64:
tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm     9256a59442be5e16353c6e80c0c6eeb4
tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm     6382a7e46e5ad3d1e329e3620c0c5cb5
tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm     75373e789b643c8fa2fc93765e6970cd
tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm     f23f9a67113c9dc617423782f7f86d0c
tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm     6d9ec577c3ca1a1de2765058437a7176
tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm     0281b2119f411044713b3681d79672e4
tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm     5adea0e5b6eb555d771445594ca09051
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
tetex-2.0.2-22.0.1.EL4.10.src.rpm     ee5da4d13ebc89ca506c862e66a58116
 
IA-32:
tetex-2.0.2-22.0.1.EL4.10.i386.rpm     027c2aebbf12ad46978d7790fa33a564
tetex-afm-2.0.2-22.0.1.EL4.10.i386.rpm     2bc6040e0a781e828d6fd6952904b7cd
tetex-doc-2.0.2-22.0.1.EL4.10.i386.rpm     f7f973c9e4302e1dc454241af599a0c0
tetex-dvips-2.0.2-22.0.1.EL4.10.i386.rpm     e526a49d653a71963cc4c6ad83d7d025
tetex-fonts-2.0.2-22.0.1.EL4.10.i386.rpm     340652dbb31b4ce1002dec39ddb149ac
tetex-latex-2.0.2-22.0.1.EL4.10.i386.rpm     c66a33f1d2ee030179ef30fad803488d
tetex-xdvi-2.0.2-22.0.1.EL4.10.i386.rpm     efd73b36456c5327ee1b24ef47e26f34
 
IA-64:
tetex-2.0.2-22.0.1.EL4.10.ia64.rpm     e06c955aba563a4be1d2b633e32ae112
tetex-afm-2.0.2-22.0.1.EL4.10.ia64.rpm     597906ed92b23704e8b822a874040272
tetex-doc-2.0.2-22.0.1.EL4.10.ia64.rpm     dbac70370dbf2e15c4cf10a64e0888bd
tetex-dvips-2.0.2-22.0.1.EL4.10.ia64.rpm     12e9fb0a0d262e17aec53c700147c704
tetex-fonts-2.0.2-22.0.1.EL4.10.ia64.rpm     60a15ffa5d94e10d5d30735474779695
tetex-latex-2.0.2-22.0.1.EL4.10.ia64.rpm     424e7335434932c91afbb78068e0b6cc
tetex-xdvi-2.0.2-22.0.1.EL4.10.ia64.rpm     7ff7f7760f339077f54454a9b5941905
 
x86_64:
tetex-2.0.2-22.0.1.EL4.10.x86_64.rpm     9256a59442be5e16353c6e80c0c6eeb4
tetex-afm-2.0.2-22.0.1.EL4.10.x86_64.rpm     6382a7e46e5ad3d1e329e3620c0c5cb5
tetex-doc-2.0.2-22.0.1.EL4.10.x86_64.rpm     75373e789b643c8fa2fc93765e6970cd
tetex-dvips-2.0.2-22.0.1.EL4.10.x86_64.rpm     f23f9a67113c9dc617423782f7f86d0c
tetex-fonts-2.0.2-22.0.1.EL4.10.x86_64.rpm     6d9ec577c3ca1a1de2765058437a7176
tetex-latex-2.0.2-22.0.1.EL4.10.x86_64.rpm     0281b2119f411044713b3681d79672e4
tetex-xdvi-2.0.2-22.0.1.EL4.10.x86_64.rpm     5adea0e5b6eb555d771445594ca09051
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
352271 - CVE-2007-4033 t1lib font filename string overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/