Security Advisory Important: tetex security update

Advisory: RHSA-2007:1028-5
Type: Security Advisory
Severity: Important
Issued on: 2007-11-07
Last updated on: 2007-11-07
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20071028.xml
CVEs (cve.mitre.org): CVE-2007-5393

Details

Updated tetex packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1 and 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

TeTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (dvi) file as output.

Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker
could create a malicious PDF file that would cause TeTeX to crash, or
potentially execute arbitrary code when opened. (CVE-2007-5393)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
tetex-1.0.7-67.11.src.rpm     9c926f0b59265f222d3a6a92d070c7ab
 
IA-32:
tetex-1.0.7-67.11.i386.rpm     258e91388fdacfe82502653c5a48a005
tetex-afm-1.0.7-67.11.i386.rpm     30f0d8f59f69c81cc14ba36a8fd7d370
tetex-dvips-1.0.7-67.11.i386.rpm     0ffd7b214e9e94df866c079f6dbb8e03
tetex-fonts-1.0.7-67.11.i386.rpm     f3f75f29e7bfb42c734d0c08dcbae419
tetex-latex-1.0.7-67.11.i386.rpm     c7e9566382958a5b60a1be7dc5c9f8ff
tetex-xdvi-1.0.7-67.11.i386.rpm     880b031da9a0d1d0dd862f70b49895d7
 
x86_64:
tetex-1.0.7-67.11.x86_64.rpm     031f9772ca3dc02bf3c54556dd1f3937
tetex-afm-1.0.7-67.11.x86_64.rpm     e40304314a03120ac8446d1dc7741e0c
tetex-dvips-1.0.7-67.11.x86_64.rpm     d0ab503ede80d4c9eb0db09db7fa40c3
tetex-fonts-1.0.7-67.11.x86_64.rpm     f03a734922e40634670c24ea48f67d37
tetex-latex-1.0.7-67.11.x86_64.rpm     745531fdc58aa0b1eed829b632970fb7
tetex-xdvi-1.0.7-67.11.x86_64.rpm     9a5268aeae9f73948011c5d17089ceae
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
tetex-1.0.7-38.5E.12.src.rpm     a9a330b6cc61c210c8fa38e555cc5109
 
IA-32:
tetex-1.0.7-38.5E.12.i386.rpm     cd1bdbe1b8abb51edc4bdad77db33f7b
tetex-afm-1.0.7-38.5E.12.i386.rpm     0a20e9a986c097a84fda16e6eff43087
tetex-doc-1.0.7-38.5E.12.i386.rpm     e274eeb425bf5f9a0de80d2f864746a7
tetex-dvilj-1.0.7-38.5E.12.i386.rpm     c64a654ae3d47604690790c4b5879f2f
tetex-dvips-1.0.7-38.5E.12.i386.rpm     fe7648c4e4304f9ed65fe00038752341
tetex-fonts-1.0.7-38.5E.12.i386.rpm     446cb180d0e909594eb99f7dfa64bc77
tetex-latex-1.0.7-38.5E.12.i386.rpm     b6973422f0f349d9d72d97a038ada611
tetex-xdvi-1.0.7-38.5E.12.i386.rpm     4140df46de0a89b50d465d1cd9086363
 
IA-64:
tetex-1.0.7-38.5E.12.ia64.rpm     7a5a40f2085ea2091752619040f27de7
tetex-afm-1.0.7-38.5E.12.ia64.rpm     e483ac8983a0b446d412aeaa8d429369
tetex-doc-1.0.7-38.5E.12.ia64.rpm     6bcfc102d17b2c50bd31606115ffc9ac
tetex-dvilj-1.0.7-38.5E.12.ia64.rpm     c1f55c0de9eb92f00cbaeb328e074c88
tetex-dvips-1.0.7-38.5E.12.ia64.rpm     f040436251a09cc62ac3b2f88cce243e
tetex-fonts-1.0.7-38.5E.12.ia64.rpm     1513df82cd2191e5aefbca3a0f1103e0
tetex-latex-1.0.7-38.5E.12.ia64.rpm     722cf2363da00e1bf627507652c45f55
tetex-xdvi-1.0.7-38.5E.12.ia64.rpm     4b131e2abf9b590ae8748761032d6970
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
tetex-1.0.7-67.11.src.rpm     9c926f0b59265f222d3a6a92d070c7ab
 
IA-32:
tetex-1.0.7-67.11.i386.rpm     258e91388fdacfe82502653c5a48a005
tetex-afm-1.0.7-67.11.i386.rpm     30f0d8f59f69c81cc14ba36a8fd7d370
tetex-dvips-1.0.7-67.11.i386.rpm     0ffd7b214e9e94df866c079f6dbb8e03
tetex-fonts-1.0.7-67.11.i386.rpm     f3f75f29e7bfb42c734d0c08dcbae419
tetex-latex-1.0.7-67.11.i386.rpm     c7e9566382958a5b60a1be7dc5c9f8ff
tetex-xdvi-1.0.7-67.11.i386.rpm     880b031da9a0d1d0dd862f70b49895d7
 
IA-64:
tetex-1.0.7-67.11.ia64.rpm     ae5fbbb76abeaa6d54d346c0faf200e8
tetex-afm-1.0.7-67.11.ia64.rpm     4173b80aa25be5e0305f7b1dd1c3439f
tetex-dvips-1.0.7-67.11.ia64.rpm     fd8d4b9cd499b1564efd83b0dcbf3441
tetex-fonts-1.0.7-67.11.ia64.rpm     51f9d66ecaba190afa9215cc9a63ac34
tetex-latex-1.0.7-67.11.ia64.rpm     91e61d93242483f4512f3bba288b2d3f
tetex-xdvi-1.0.7-67.11.ia64.rpm     08c93511d76ff339ec2f9c864c9c8205
 
PPC:
tetex-1.0.7-67.11.ppc.rpm     fba905be4b16011b872c8ffc0b213a50
tetex-afm-1.0.7-67.11.ppc.rpm     10e9a154cf12630d99b716844c00ca91
tetex-dvips-1.0.7-67.11.ppc.rpm     a5482c9211715866705e215a830738e6
tetex-fonts-1.0.7-67.11.ppc.rpm     a10414192f9c526021017138e70ca725
tetex-latex-1.0.7-67.11.ppc.rpm     a4ffc0fa998c219669e068b19cdb1552
tetex-xdvi-1.0.7-67.11.ppc.rpm     cdc07fc8b8ab169299b39b500835817d
 
s390:
tetex-1.0.7-67.11.s390.rpm     78cc3f0afc063dfbe6afb09018cba87d
tetex-afm-1.0.7-67.11.s390.rpm     72bf0382e1817f2f0f5f3050b42a35f5
tetex-dvips-1.0.7-67.11.s390.rpm     883bea76b18b42b3ef7052e6fcb0fae2
tetex-fonts-1.0.7-67.11.s390.rpm     cee97ddea1d562f969b300dec55d8047
tetex-latex-1.0.7-67.11.s390.rpm     b2af293e49a1353abe3f7346c492d435
tetex-xdvi-1.0.7-67.11.s390.rpm     36a23c2e9cfdfe8abe8236c68b1b7ff3
 
s390x:
tetex-1.0.7-67.11.s390x.rpm     47bc340dd814ba4aefeb616b5914a9fc
tetex-afm-1.0.7-67.11.s390x.rpm     f06c85101364e68dae12e423f49c6ae0
tetex-dvips-1.0.7-67.11.s390x.rpm     93ec176639dd1381b8089d259b722971
tetex-fonts-1.0.7-67.11.s390x.rpm     4399413b190538d5ae6eae47fa30daef
tetex-latex-1.0.7-67.11.s390x.rpm     20756ec098a68f83e7ac5d2b6a4e96ff
tetex-xdvi-1.0.7-67.11.s390x.rpm     111bdc122a8dc1d3baa742aa636d8085
 
x86_64:
tetex-1.0.7-67.11.x86_64.rpm     031f9772ca3dc02bf3c54556dd1f3937
tetex-afm-1.0.7-67.11.x86_64.rpm     e40304314a03120ac8446d1dc7741e0c
tetex-dvips-1.0.7-67.11.x86_64.rpm     d0ab503ede80d4c9eb0db09db7fa40c3
tetex-fonts-1.0.7-67.11.x86_64.rpm     f03a734922e40634670c24ea48f67d37
tetex-latex-1.0.7-67.11.x86_64.rpm     745531fdc58aa0b1eed829b632970fb7
tetex-xdvi-1.0.7-67.11.x86_64.rpm     9a5268aeae9f73948011c5d17089ceae
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
tetex-1.0.7-38.5E.12.src.rpm     a9a330b6cc61c210c8fa38e555cc5109
 
IA-32:
tetex-1.0.7-38.5E.12.i386.rpm     cd1bdbe1b8abb51edc4bdad77db33f7b
tetex-afm-1.0.7-38.5E.12.i386.rpm     0a20e9a986c097a84fda16e6eff43087
tetex-doc-1.0.7-38.5E.12.i386.rpm     e274eeb425bf5f9a0de80d2f864746a7
tetex-dvilj-1.0.7-38.5E.12.i386.rpm     c64a654ae3d47604690790c4b5879f2f
tetex-dvips-1.0.7-38.5E.12.i386.rpm     fe7648c4e4304f9ed65fe00038752341
tetex-fonts-1.0.7-38.5E.12.i386.rpm     446cb180d0e909594eb99f7dfa64bc77
tetex-latex-1.0.7-38.5E.12.i386.rpm     b6973422f0f349d9d72d97a038ada611
tetex-xdvi-1.0.7-38.5E.12.i386.rpm     4140df46de0a89b50d465d1cd9086363
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
tetex-1.0.7-67.11.src.rpm     9c926f0b59265f222d3a6a92d070c7ab
 
IA-32:
tetex-1.0.7-67.11.i386.rpm     258e91388fdacfe82502653c5a48a005
tetex-afm-1.0.7-67.11.i386.rpm     30f0d8f59f69c81cc14ba36a8fd7d370
tetex-dvips-1.0.7-67.11.i386.rpm     0ffd7b214e9e94df866c079f6dbb8e03
tetex-fonts-1.0.7-67.11.i386.rpm     f3f75f29e7bfb42c734d0c08dcbae419
tetex-latex-1.0.7-67.11.i386.rpm     c7e9566382958a5b60a1be7dc5c9f8ff
tetex-xdvi-1.0.7-67.11.i386.rpm     880b031da9a0d1d0dd862f70b49895d7
 
IA-64:
tetex-1.0.7-67.11.ia64.rpm     ae5fbbb76abeaa6d54d346c0faf200e8
tetex-afm-1.0.7-67.11.ia64.rpm     4173b80aa25be5e0305f7b1dd1c3439f
tetex-dvips-1.0.7-67.11.ia64.rpm     fd8d4b9cd499b1564efd83b0dcbf3441
tetex-fonts-1.0.7-67.11.ia64.rpm     51f9d66ecaba190afa9215cc9a63ac34
tetex-latex-1.0.7-67.11.ia64.rpm     91e61d93242483f4512f3bba288b2d3f
tetex-xdvi-1.0.7-67.11.ia64.rpm     08c93511d76ff339ec2f9c864c9c8205
 
x86_64:
tetex-1.0.7-67.11.x86_64.rpm     031f9772ca3dc02bf3c54556dd1f3937
tetex-afm-1.0.7-67.11.x86_64.rpm     e40304314a03120ac8446d1dc7741e0c
tetex-dvips-1.0.7-67.11.x86_64.rpm     d0ab503ede80d4c9eb0db09db7fa40c3
tetex-fonts-1.0.7-67.11.x86_64.rpm     f03a734922e40634670c24ea48f67d37
tetex-latex-1.0.7-67.11.x86_64.rpm     745531fdc58aa0b1eed829b632970fb7
tetex-xdvi-1.0.7-67.11.x86_64.rpm     9a5268aeae9f73948011c5d17089ceae
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
tetex-1.0.7-38.5E.12.src.rpm     a9a330b6cc61c210c8fa38e555cc5109
 
IA-32:
tetex-1.0.7-38.5E.12.i386.rpm     cd1bdbe1b8abb51edc4bdad77db33f7b
tetex-afm-1.0.7-38.5E.12.i386.rpm     0a20e9a986c097a84fda16e6eff43087
tetex-doc-1.0.7-38.5E.12.i386.rpm     e274eeb425bf5f9a0de80d2f864746a7
tetex-dvilj-1.0.7-38.5E.12.i386.rpm     c64a654ae3d47604690790c4b5879f2f
tetex-dvips-1.0.7-38.5E.12.i386.rpm     fe7648c4e4304f9ed65fe00038752341
tetex-fonts-1.0.7-38.5E.12.i386.rpm     446cb180d0e909594eb99f7dfa64bc77
tetex-latex-1.0.7-38.5E.12.i386.rpm     b6973422f0f349d9d72d97a038ada611
tetex-xdvi-1.0.7-38.5E.12.i386.rpm     4140df46de0a89b50d465d1cd9086363
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
tetex-1.0.7-67.11.src.rpm     9c926f0b59265f222d3a6a92d070c7ab
 
IA-32:
tetex-1.0.7-67.11.i386.rpm     258e91388fdacfe82502653c5a48a005
tetex-afm-1.0.7-67.11.i386.rpm     30f0d8f59f69c81cc14ba36a8fd7d370
tetex-dvips-1.0.7-67.11.i386.rpm     0ffd7b214e9e94df866c079f6dbb8e03
tetex-fonts-1.0.7-67.11.i386.rpm     f3f75f29e7bfb42c734d0c08dcbae419
tetex-latex-1.0.7-67.11.i386.rpm     c7e9566382958a5b60a1be7dc5c9f8ff
tetex-xdvi-1.0.7-67.11.i386.rpm     880b031da9a0d1d0dd862f70b49895d7
 
IA-64:
tetex-1.0.7-67.11.ia64.rpm     ae5fbbb76abeaa6d54d346c0faf200e8
tetex-afm-1.0.7-67.11.ia64.rpm     4173b80aa25be5e0305f7b1dd1c3439f
tetex-dvips-1.0.7-67.11.ia64.rpm     fd8d4b9cd499b1564efd83b0dcbf3441
tetex-fonts-1.0.7-67.11.ia64.rpm     51f9d66ecaba190afa9215cc9a63ac34
tetex-latex-1.0.7-67.11.ia64.rpm     91e61d93242483f4512f3bba288b2d3f
tetex-xdvi-1.0.7-67.11.ia64.rpm     08c93511d76ff339ec2f9c864c9c8205
 
x86_64:
tetex-1.0.7-67.11.x86_64.rpm     031f9772ca3dc02bf3c54556dd1f3937
tetex-afm-1.0.7-67.11.x86_64.rpm     e40304314a03120ac8446d1dc7741e0c
tetex-dvips-1.0.7-67.11.x86_64.rpm     d0ab503ede80d4c9eb0db09db7fa40c3
tetex-fonts-1.0.7-67.11.x86_64.rpm     f03a734922e40634670c24ea48f67d37
tetex-latex-1.0.7-67.11.x86_64.rpm     745531fdc58aa0b1eed829b632970fb7
tetex-xdvi-1.0.7-67.11.x86_64.rpm     9a5268aeae9f73948011c5d17089ceae
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
tetex-1.0.7-38.5E.12.src.rpm     a9a330b6cc61c210c8fa38e555cc5109
 
IA-64:
tetex-1.0.7-38.5E.12.ia64.rpm     7a5a40f2085ea2091752619040f27de7
tetex-afm-1.0.7-38.5E.12.ia64.rpm     e483ac8983a0b446d412aeaa8d429369
tetex-doc-1.0.7-38.5E.12.ia64.rpm     6bcfc102d17b2c50bd31606115ffc9ac
tetex-dvilj-1.0.7-38.5E.12.ia64.rpm     c1f55c0de9eb92f00cbaeb328e074c88
tetex-dvips-1.0.7-38.5E.12.ia64.rpm     f040436251a09cc62ac3b2f88cce243e
tetex-fonts-1.0.7-38.5E.12.ia64.rpm     1513df82cd2191e5aefbca3a0f1103e0
tetex-latex-1.0.7-38.5E.12.ia64.rpm     722cf2363da00e1bf627507652c45f55
tetex-xdvi-1.0.7-38.5E.12.ia64.rpm     4b131e2abf9b590ae8748761032d6970
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/