Skip to navigation

Security Advisory tetex security update

Advisory: RHSA-2005:026-15
Type: Security Advisory
Severity: Moderate
Issued on: 2005-03-16
Last updated on: 2005-03-16
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2004-1125
CVE-2005-0064

Details

Updated tetex packages that resolve security issues are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The tetex packages (teTeX) contain an implementation of TeX for Linux or
UNIX systems.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which
also affects teTeX due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause teTeX to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to
this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects teTeX due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause teTeX to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to
this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
tetex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 4a864c86edbd510bf92e60d921044663
tetex-afm-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2001bd44e3c46e850071ffb096039201
tetex-doc-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 596e753eb5f3e6d0ff7473f8ae462134
tetex-dvips-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 023f7113ebc22db5b6b86b11153ae079
tetex-fonts-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 3490e58a864bec84d1a7c5479335f7a8
tetex-latex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5378603b54e287c472fb258384186ca4
tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 36a8f5600bc353c4c2f14fa5f6fda26e
 
x86_64:
tetex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: d16c24dcba2e2ed5d33138b124502c10
tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5ef87c25c1eccd45354405fc5e5fad94
tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 8af688b7a5d0451ddc77040ad95d0238
tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 31e64490019b29a36a0f41f390517fe8
tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 211fe3d816ff83b6403866f1e927360a
tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: ef10ca5f1c4721a0c6f8b071336987b6
tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 1aff9145a331d9ebb6a03bd9fad671e6
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
tetex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 4a864c86edbd510bf92e60d921044663
tetex-afm-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2001bd44e3c46e850071ffb096039201
tetex-doc-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 596e753eb5f3e6d0ff7473f8ae462134
tetex-dvips-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 023f7113ebc22db5b6b86b11153ae079
tetex-fonts-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 3490e58a864bec84d1a7c5479335f7a8
tetex-latex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5378603b54e287c472fb258384186ca4
tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 36a8f5600bc353c4c2f14fa5f6fda26e
 
IA-64:
tetex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 67604c19f7004d315bb34ffd3322d73d
tetex-afm-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5a0ca23db1069968333a248803187c0b
tetex-doc-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: fdeeb8a3e904988da6b06ce910545cf2
tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: b92924a28ca56eada03a5e3e24891629
tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2dac870c773978a9c7049bfc45a56fc8
tetex-latex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 185d6d9b2ea2c65fc04e5cdb42d68172
tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: cb3e781f24161ebf863997552b17eb28
 
PPC:
tetex-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: b3526bdd4ac4b2645e050eb46b120fef
tetex-afm-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: 4bd4a2d136c614fd12184fa6f975f03d
tetex-doc-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: 324623ce7f83bc85498b3468431f4a34
tetex-dvips-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: 3e6630554d2e6d9d24a3775d53ef05db
tetex-fonts-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: d1524075b8381a43811c37b68a7cadd8
tetex-latex-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: df820f28dffdbcd721bb90d002d268c9
tetex-xdvi-2.0.2-22.EL4.4.ppc.rpm
File outdated by:  RHSA-2010:0399
    MD5: a411d97f10aafe2f1c24f938b0de1b80
 
s390:
tetex-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: 67d1731c40c382b68e6b2e41b459a276
tetex-afm-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: 0e70a1b95bf3057e3cb46f1cd7f96655
tetex-doc-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: d88d319fc363565364316b8c7e34b11f
tetex-dvips-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: e87976edf77da5d891edec54a2e01dc5
tetex-fonts-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: 7fd9246af62e280513c5cd1a74d960c9
tetex-latex-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: fce2bd0bd18b996467356235f171e160
tetex-xdvi-2.0.2-22.EL4.4.s390.rpm
File outdated by:  RHSA-2010:0399
    MD5: d1c6d90df13c9dd8a703a536704a0043
 
s390x:
tetex-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: 9efc79c6bb7cfb79afca130230d1df96
tetex-afm-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5e7f852d9d335e553f87ba1f22c84528
tetex-doc-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: 041948d9d1ab97bb52fc3900feed81eb
tetex-dvips-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: a86ef414af5736820b9c2d0692ce6c5b
tetex-fonts-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: 08cfa664c6bbcdc537f869f6f421effe
tetex-latex-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: d1d15249a5dbe61f48a2ea30fc317597
tetex-xdvi-2.0.2-22.EL4.4.s390x.rpm
File outdated by:  RHSA-2010:0399
    MD5: c25be003bd1cfccbdf9c0f1f06e19573
 
x86_64:
tetex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: d16c24dcba2e2ed5d33138b124502c10
tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5ef87c25c1eccd45354405fc5e5fad94
tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 8af688b7a5d0451ddc77040ad95d0238
tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 31e64490019b29a36a0f41f390517fe8
tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 211fe3d816ff83b6403866f1e927360a
tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: ef10ca5f1c4721a0c6f8b071336987b6
tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 1aff9145a331d9ebb6a03bd9fad671e6
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
tetex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 4a864c86edbd510bf92e60d921044663
tetex-afm-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2001bd44e3c46e850071ffb096039201
tetex-doc-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 596e753eb5f3e6d0ff7473f8ae462134
tetex-dvips-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 023f7113ebc22db5b6b86b11153ae079
tetex-fonts-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 3490e58a864bec84d1a7c5479335f7a8
tetex-latex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5378603b54e287c472fb258384186ca4
tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 36a8f5600bc353c4c2f14fa5f6fda26e
 
IA-64:
tetex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 67604c19f7004d315bb34ffd3322d73d
tetex-afm-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5a0ca23db1069968333a248803187c0b
tetex-doc-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: fdeeb8a3e904988da6b06ce910545cf2
tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: b92924a28ca56eada03a5e3e24891629
tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2dac870c773978a9c7049bfc45a56fc8
tetex-latex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 185d6d9b2ea2c65fc04e5cdb42d68172
tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: cb3e781f24161ebf863997552b17eb28
 
x86_64:
tetex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: d16c24dcba2e2ed5d33138b124502c10
tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5ef87c25c1eccd45354405fc5e5fad94
tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 8af688b7a5d0451ddc77040ad95d0238
tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 31e64490019b29a36a0f41f390517fe8
tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 211fe3d816ff83b6403866f1e927360a
tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: ef10ca5f1c4721a0c6f8b071336987b6
tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 1aff9145a331d9ebb6a03bd9fad671e6
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
tetex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 4a864c86edbd510bf92e60d921044663
tetex-afm-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2001bd44e3c46e850071ffb096039201
tetex-doc-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 596e753eb5f3e6d0ff7473f8ae462134
tetex-dvips-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 023f7113ebc22db5b6b86b11153ae079
tetex-fonts-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 3490e58a864bec84d1a7c5479335f7a8
tetex-latex-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5378603b54e287c472fb258384186ca4
tetex-xdvi-2.0.2-22.EL4.4.i386.rpm
File outdated by:  RHSA-2010:0399
    MD5: 36a8f5600bc353c4c2f14fa5f6fda26e
 
IA-64:
tetex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 67604c19f7004d315bb34ffd3322d73d
tetex-afm-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5a0ca23db1069968333a248803187c0b
tetex-doc-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: fdeeb8a3e904988da6b06ce910545cf2
tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: b92924a28ca56eada03a5e3e24891629
tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 2dac870c773978a9c7049bfc45a56fc8
tetex-latex-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 185d6d9b2ea2c65fc04e5cdb42d68172
tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm
File outdated by:  RHSA-2010:0399
    MD5: cb3e781f24161ebf863997552b17eb28
 
x86_64:
tetex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: d16c24dcba2e2ed5d33138b124502c10
tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 5ef87c25c1eccd45354405fc5e5fad94
tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 8af688b7a5d0451ddc77040ad95d0238
tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 31e64490019b29a36a0f41f390517fe8
tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 211fe3d816ff83b6403866f1e927360a
tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: ef10ca5f1c4721a0c6f8b071336987b6
tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm
File outdated by:  RHSA-2010:0399
    MD5: 1aff9145a331d9ebb6a03bd9fad671e6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

144257 - CAN-2004-1125 xpdf buffer overflow
145055 - CAN-2005-0064 xpdf buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/