Skip to navigation

Security Advisory Moderate: texinfo security update

Advisory: RHSA-2006:0727-6
Type: Security Advisory
Severity: Moderate
Issued on: 2006-11-08
Last updated on: 2006-11-08
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-3011
CVE-2006-4810

Details

New Texinfo packages that fix various security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Texinfo is a documentation system that can produce both online information
and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker
could construct a carefully crafted Texinfo file that could cause texindex
to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary
files. A local user could leverage this flaw to overwrite files the user
executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
texinfo-4.5-3.el3.1.src.rpm     MD5: cae389223d777d79c862b4672c75a9e1
 
IA-32:
info-4.5-3.el3.1.i386.rpm     MD5: 1fc65ec7fb762b72f4f31030e10a8bba
texinfo-4.5-3.el3.1.i386.rpm     MD5: 04bd5020018f6727b77fd8c2a9fb2588
 
x86_64:
info-4.5-3.el3.1.x86_64.rpm     MD5: 544245c16b5f0d94a65c9c9ccb4c94cc
texinfo-4.5-3.el3.1.x86_64.rpm     MD5: 8921c67695089cf7d6fb4bc7fe61c24a
 
Red Hat Desktop (v. 4)

SRPMS:
texinfo-4.7-5.el4.2.src.rpm     MD5: c5fabea21ca9dbc20658e542dabf2922
 
IA-32:
info-4.7-5.el4.2.i386.rpm     MD5: 7e86f2eef9fb548f6be88025bee5a9b6
texinfo-4.7-5.el4.2.i386.rpm     MD5: 5f509002c109ce1a2b9876b60e7b1eee
 
x86_64:
info-4.7-5.el4.2.x86_64.rpm     MD5: 8211780e84883ff3c9f5428a54cadfcd
texinfo-4.7-5.el4.2.x86_64.rpm     MD5: 33ec657749738e6737a569d75ffe79c3
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
texinfo-4.0b-3.el2.1.src.rpm     MD5: 4f77dc80717cf15b1f565cb8dfb12b8c
 
IA-32:
info-4.0b-3.el2.1.i386.rpm     MD5: 878a207e614180cf8fd43920d51947d6
texinfo-4.0b-3.el2.1.i386.rpm     MD5: 58cc2bc691496d3aef522fc87449554b
 
IA-64:
info-4.0b-3.el2.1.ia64.rpm     MD5: a259d8d26dbaa8cc96686f169dc05911
texinfo-4.0b-3.el2.1.ia64.rpm     MD5: 6fae56c8168b45be80ae719ebe0aca82
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
texinfo-4.5-3.el3.1.src.rpm     MD5: cae389223d777d79c862b4672c75a9e1
 
IA-32:
info-4.5-3.el3.1.i386.rpm     MD5: 1fc65ec7fb762b72f4f31030e10a8bba
texinfo-4.5-3.el3.1.i386.rpm     MD5: 04bd5020018f6727b77fd8c2a9fb2588
 
IA-64:
info-4.5-3.el3.1.ia64.rpm     MD5: 42ca02702693284272a52b61b0914d66
texinfo-4.5-3.el3.1.ia64.rpm     MD5: 3fabad46614f61118bc29cffbd83df54
 
PPC:
info-4.5-3.el3.1.ppc.rpm     MD5: 5fe3e1eca608678fc0770f0de702cd8d
texinfo-4.5-3.el3.1.ppc.rpm     MD5: 9275ad56b995b25f275af0a44c3d01bf
 
s390:
info-4.5-3.el3.1.s390.rpm     MD5: 215d4ea1202a2309c7c676e3c1e46299
texinfo-4.5-3.el3.1.s390.rpm     MD5: 7085ead3927535c315c336c3314b9d2f
 
s390x:
info-4.5-3.el3.1.s390x.rpm     MD5: fd6332f0b59ad9bd8f99cf40a8ff1ad9
texinfo-4.5-3.el3.1.s390x.rpm     MD5: a7d61c3643d31ac0db2f6b15d0ea996b
 
x86_64:
info-4.5-3.el3.1.x86_64.rpm     MD5: 544245c16b5f0d94a65c9c9ccb4c94cc
texinfo-4.5-3.el3.1.x86_64.rpm     MD5: 8921c67695089cf7d6fb4bc7fe61c24a
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
texinfo-4.7-5.el4.2.src.rpm     MD5: c5fabea21ca9dbc20658e542dabf2922
 
IA-32:
info-4.7-5.el4.2.i386.rpm     MD5: 7e86f2eef9fb548f6be88025bee5a9b6
texinfo-4.7-5.el4.2.i386.rpm     MD5: 5f509002c109ce1a2b9876b60e7b1eee
 
IA-64:
info-4.7-5.el4.2.ia64.rpm     MD5: 99deee5e7579a4d49a0c7cb82a13e54b
texinfo-4.7-5.el4.2.ia64.rpm     MD5: 119c541a6cfe685fc2762e4718c772de
 
PPC:
info-4.7-5.el4.2.ppc.rpm     MD5: 706a14c171a272ce82f3201364ec17a2
texinfo-4.7-5.el4.2.ppc.rpm     MD5: 1d1b035106a9889fa3bfa96f79a88248
 
s390:
info-4.7-5.el4.2.s390.rpm     MD5: 1f1c0056ceed97e903f70f9583bce14a
texinfo-4.7-5.el4.2.s390.rpm     MD5: d4170f862521f47487a88eae5f1c6946
 
s390x:
info-4.7-5.el4.2.s390x.rpm     MD5: f5ccba218def5a9c496ff4ff6a8177d2
texinfo-4.7-5.el4.2.s390x.rpm     MD5: bd3f9d50bb9855b8adeefe44ca7c0793
 
x86_64:
info-4.7-5.el4.2.x86_64.rpm     MD5: 8211780e84883ff3c9f5428a54cadfcd
texinfo-4.7-5.el4.2.x86_64.rpm     MD5: 33ec657749738e6737a569d75ffe79c3
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
texinfo-4.0b-3.el2.1.src.rpm     MD5: 4f77dc80717cf15b1f565cb8dfb12b8c
 
IA-32:
info-4.0b-3.el2.1.i386.rpm     MD5: 878a207e614180cf8fd43920d51947d6
texinfo-4.0b-3.el2.1.i386.rpm     MD5: 58cc2bc691496d3aef522fc87449554b
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
texinfo-4.5-3.el3.1.src.rpm     MD5: cae389223d777d79c862b4672c75a9e1
 
IA-32:
info-4.5-3.el3.1.i386.rpm     MD5: 1fc65ec7fb762b72f4f31030e10a8bba
texinfo-4.5-3.el3.1.i386.rpm     MD5: 04bd5020018f6727b77fd8c2a9fb2588
 
IA-64:
info-4.5-3.el3.1.ia64.rpm     MD5: 42ca02702693284272a52b61b0914d66
texinfo-4.5-3.el3.1.ia64.rpm     MD5: 3fabad46614f61118bc29cffbd83df54
 
x86_64:
info-4.5-3.el3.1.x86_64.rpm     MD5: 544245c16b5f0d94a65c9c9ccb4c94cc
texinfo-4.5-3.el3.1.x86_64.rpm     MD5: 8921c67695089cf7d6fb4bc7fe61c24a
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
texinfo-4.7-5.el4.2.src.rpm     MD5: c5fabea21ca9dbc20658e542dabf2922
 
IA-32:
info-4.7-5.el4.2.i386.rpm     MD5: 7e86f2eef9fb548f6be88025bee5a9b6
texinfo-4.7-5.el4.2.i386.rpm     MD5: 5f509002c109ce1a2b9876b60e7b1eee
 
IA-64:
info-4.7-5.el4.2.ia64.rpm     MD5: 99deee5e7579a4d49a0c7cb82a13e54b
texinfo-4.7-5.el4.2.ia64.rpm     MD5: 119c541a6cfe685fc2762e4718c772de
 
x86_64:
info-4.7-5.el4.2.x86_64.rpm     MD5: 8211780e84883ff3c9f5428a54cadfcd
texinfo-4.7-5.el4.2.x86_64.rpm     MD5: 33ec657749738e6737a569d75ffe79c3
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
texinfo-4.0b-3.el2.1.src.rpm     MD5: 4f77dc80717cf15b1f565cb8dfb12b8c
 
IA-32:
info-4.0b-3.el2.1.i386.rpm     MD5: 878a207e614180cf8fd43920d51947d6
texinfo-4.0b-3.el2.1.i386.rpm     MD5: 58cc2bc691496d3aef522fc87449554b
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
texinfo-4.5-3.el3.1.src.rpm     MD5: cae389223d777d79c862b4672c75a9e1
 
IA-32:
info-4.5-3.el3.1.i386.rpm     MD5: 1fc65ec7fb762b72f4f31030e10a8bba
texinfo-4.5-3.el3.1.i386.rpm     MD5: 04bd5020018f6727b77fd8c2a9fb2588
 
IA-64:
info-4.5-3.el3.1.ia64.rpm     MD5: 42ca02702693284272a52b61b0914d66
texinfo-4.5-3.el3.1.ia64.rpm     MD5: 3fabad46614f61118bc29cffbd83df54
 
x86_64:
info-4.5-3.el3.1.x86_64.rpm     MD5: 544245c16b5f0d94a65c9c9ccb4c94cc
texinfo-4.5-3.el3.1.x86_64.rpm     MD5: 8921c67695089cf7d6fb4bc7fe61c24a
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
texinfo-4.7-5.el4.2.src.rpm     MD5: c5fabea21ca9dbc20658e542dabf2922
 
IA-32:
info-4.7-5.el4.2.i386.rpm     MD5: 7e86f2eef9fb548f6be88025bee5a9b6
texinfo-4.7-5.el4.2.i386.rpm     MD5: 5f509002c109ce1a2b9876b60e7b1eee
 
IA-64:
info-4.7-5.el4.2.ia64.rpm     MD5: 99deee5e7579a4d49a0c7cb82a13e54b
texinfo-4.7-5.el4.2.ia64.rpm     MD5: 119c541a6cfe685fc2762e4718c772de
 
x86_64:
info-4.7-5.el4.2.x86_64.rpm     MD5: 8211780e84883ff3c9f5428a54cadfcd
texinfo-4.7-5.el4.2.x86_64.rpm     MD5: 33ec657749738e6737a569d75ffe79c3
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
texinfo-4.0b-3.el2.1.src.rpm     MD5: 4f77dc80717cf15b1f565cb8dfb12b8c
 
IA-64:
info-4.0b-3.el2.1.ia64.rpm     MD5: a259d8d26dbaa8cc96686f169dc05911
texinfo-4.0b-3.el2.1.ia64.rpm     MD5: 6fae56c8168b45be80ae719ebe0aca82
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

169583 - CVE-2005-3011 texindex insecure temporary file usage
170743 - CVE-2005-3011 texindex insecure temporary file usage
170744 - CVE-2005-3011 texindex insecure temporary file usage
211484 - CVE-2006-4810 texindex buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/