Skip to navigation

Security Advisory Moderate: tetex security update

Advisory: RHSA-2010:0400-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-05-06
Last updated on: 2010-05-06
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
CVE-2009-0195
CVE-2009-0791
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-3608
CVE-2009-3609
CVE-2010-0739
CVE-2010-0829
CVE-2010-1440

Details

Updated tetex packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

teTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (DVI) file as output.

Multiple integer overflow flaws were found in the way teTeX processed
special commands when converting DVI files into PostScript. An attacker
could create a malicious DVI file that would cause the dvips executable to
crash or, potentially, execute arbitrary code. (CVE-2010-0739,
CVE-2010-1440)

Multiple array index errors were found in the way teTeX converted DVI files
into the Portable Network Graphics (PNG) format. An attacker could create a
malicious DVI file that would cause the dvipng executable to crash.
(CVE-2010-0829)

teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)
file viewer, to allow adding images in PDF format to the generated PDF
documents. The following issues affect Xpdf code:

Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, potentially,
execute arbitrary code with the privileges of the user running pdflatex.
(CVE-2009-0147, CVE-2009-1179)

Multiple integer overflow flaws were found in Xpdf. If a local user
generated a PDF file from a TeX document, referencing a specially-crafted
PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary
code with the privileges of the user running pdflatex. (CVE-2009-0791,
CVE-2009-3608, CVE-2009-3609)

A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, potentially,
execute arbitrary code with the privileges of the user running pdflatex.
(CVE-2009-0195)

Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, potentially,
execute arbitrary code with the privileges of the user running pdflatex.
(CVE-2009-0146, CVE-2009-1182)

Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the
freeing of arbitrary memory. If a local user generated a PDF file from a
TeX document, referencing a specially-crafted PDF file, it would cause
Xpdf to crash or, potentially, execute arbitrary code with the privileges
of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash or, potentially,
execute arbitrary code with the privileges of the user running pdflatex.
(CVE-2009-0800)

Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a
local user generated a PDF file from a TeX document, referencing a
specially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,
CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia
Research, and Chris Rohlf, for responsibly reporting the Xpdf flaws.

All users of tetex are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
tetex-3.0-33.8.el5_5.5.src.rpm
File outdated by:  RHSA-2012:1201
    MD5: 26110a0d5345d568078a8680c3c95bf6
SHA-256: 8ce5f3aaab1ae258c262ed8a8dff7655e0a9c00350ed533b38351a65eadfc294
 
IA-32:
tetex-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 1505fffe49109844b5a6c77384701786
SHA-256: 90b846362c49adf3886440e0a98cff1e0f948bf3543b0db0087b6d47707666c9
tetex-afm-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 984caf541545b17a36accd1f54937413
SHA-256: 23e19a48c4fff64d632ed6f7e2c212d3bdb9d4ec7b38c6f049b477d6df510160
tetex-doc-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: b5ee3d3014ec313db78d96840c935832
SHA-256: 420928f5836115d6898b5b0d489c34541686eb9d043dea47f7bb599baed132de
tetex-dvips-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 51f9b316eeecbb3d4e5717eb13e618ac
SHA-256: 657cad0cb3dd3bf7a40ab2e69fcde73f2cbd354a9d887a0c3f2fb6deeca988e5
tetex-fonts-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: d103cbb3279662f76000aa9b81cef537
SHA-256: c7fe80179e6437c5bd5bd362520c076da2abd5672e4d96724c8352c8118671e4
tetex-latex-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: a8951c88a357208a437e71a08501bb3a
SHA-256: 3432fcfe9155b000370190cec2e66d1320ada92027f1ddb16cc3c345115c74bf
tetex-xdvi-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 46373db6522f4a94f061339c964ea02d
SHA-256: 87f239b558059098a98ae15a5294805e9c35c3d38d8b876a9ee41be081ae5f31
 
IA-64:
tetex-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 9721ed03e6f6f0e5c9e5cb2444cd13ab
SHA-256: b9515234fc60cee172825c86712dcd3f42baf0fd219a191332ad2ca2181afe6b
tetex-afm-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 6c0a2e6c3759e564cf56a8359592e96b
SHA-256: 84686ecf3f86e51bbb822644eb7ca70971b61421828e9712670a9123dea3ef83
tetex-doc-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 08f3917d9e2035ea508f721d9a580d12
SHA-256: 577ab8b92300816aff265837a10411b287311c3513f1a0fcbd49e0cde8542cc1
tetex-dvips-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 82a7fa1bfabeb9e27de34200f2f2379a
SHA-256: ff550d33b71e06cd3d31d056473afb049a5be062017db3e53e0274ff54d21b08
tetex-fonts-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: ad182e8a09e5d03534c80c0d67e32cf0
SHA-256: 771c9d674fee1659954eb88514c05efd5787c64d49c2398ccee6520acfda7a6f
tetex-latex-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 4527a1dddbc6308f93f5407715f94ab6
SHA-256: d063367e5693c952a72481eb70dd8c8b726e4daeca183a9825fc7bab2f8523ff
tetex-xdvi-3.0-33.8.el5_5.5.ia64.rpm
File outdated by:  RHSA-2012:1201
    MD5: fdb26e18065698cfca561fa950c5bff6
SHA-256: 24f7eb8701d8c689c33264bb05ca13c411483e97f97091b004d88f7924f54750
 
PPC:
tetex-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: 62a50d5adee4ed99b8049e6ad4f9fd59
SHA-256: 8d54b1f75e67cf30b3951b3e723c5e16216cc2ee6ed255c6dd1d83008fe44a06
tetex-afm-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: 9429caab7a5fc47c9a10f3c89b9d051e
SHA-256: 7c11fc360cff7bab5fd700d9fab685036ff273984e9e1cd46148236b81d3e4a8
tetex-doc-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: f1d258056a0de2dffbe10cd99adfbab4
SHA-256: 4cfb663991cebceb676b1ffd9bd760493e5aa0fe9da07b7061bae82dc91cf018
tetex-dvips-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: cfb7720657bd4a84e93fb97c75a84b9a
SHA-256: 6272a6e52c10db6fa54d5dba0336df5401208e50259738f3d7044fd8b09d0bda
tetex-fonts-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: 3faedec941428c9faac9ddfc2873504e
SHA-256: 14f49e3b55b46541684872925bd65501bb99a62c6a2694c4895c4487fb097dab
tetex-latex-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: 75f5ebbc2397431a6cf8b0708a430e6e
SHA-256: 79efb22f1e916a1758eb116ddcf8044722974134298b0148f106cd886f3d77c4
tetex-xdvi-3.0-33.8.el5_5.5.ppc.rpm
File outdated by:  RHSA-2012:1201
    MD5: 3b9b54b6e8f1fb63bcd2bf00a80404c7
SHA-256: d795b5641a8edb8d79dba666c97037934643afc6b6f1a77302dabe90ceeb7ea7
 
s390x:
tetex-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: d1628c6683e130e272ede26dde3fc82b
SHA-256: 8573c126ae775523cc4d9f6593e682753cc69c1a20e3f350c338f0a4b576d8c3
tetex-afm-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 9a5e7234d5246a52131332af22860d27
SHA-256: b966c42730b7a70ed8c8c22c4fc1d9d400b81ec00e299eb02c0e4ef0d3e6c086
tetex-doc-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 303e4d9c923194f75cb10e2144abd73b
SHA-256: 302783a2bfdf10361106adc4b82b515962fa8d99ab0bc658a278c98f7142e83a
tetex-dvips-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 78324af077993a8eb6dfda5338aa926d
SHA-256: b9733fcedb0b5dbfbea37d3b1f57a5d3fd6c018cd4677bfccb986fc90d5070de
tetex-fonts-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 812ed0d689078964f71f04d7df8dbdcb
SHA-256: 87b7bfdd8de92452e99c626c6c4424d03013fa8db731eceb3532595ac78f13ad
tetex-latex-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 21304f06a53aad20693073569ad12487
SHA-256: 5e7e3d6a408a7e9cb87e58c606ff4f8fa744b1930eb2420da08d995d28044079
tetex-xdvi-3.0-33.8.el5_5.5.s390x.rpm
File outdated by:  RHSA-2012:1201
    MD5: 671b64ca5817e491b699da828e66b256
SHA-256: 7b1040a10761e6135e6e0feed557c1a19865a4bdfbe3041b6b7eb809a9d000ef
 
x86_64:
tetex-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 67e6d09ed04438ac2a856ef9c45caa5d
SHA-256: 604fb7fb0f5607a0c29f8a55cac5ce5f8118ca3922b46c30dfebdb9f17359d81
tetex-afm-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 71326d12a0f65c3c63ecc0ff5e19111a
SHA-256: 0a4b7e029edf25a37e1e54735727001bcab7b15eb83674e6c45ab90489927054
tetex-doc-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: f7da4587311a89380a7232dd945a4c33
SHA-256: 3da0a146307da824cb7ac716d97f7a265f6631bbb838ac8a639f5441b1626539
tetex-dvips-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 3f33c29a17c56f73a49c8165a3cf34a0
SHA-256: e4a2d8510f26e93ed6b18de2ca5c101a35b82e51fe905aada5b44fa3f24ee4bf
tetex-fonts-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 8a7af858c3f53cc9443915e40c7427e7
SHA-256: 6294a9034cddaaae8a829a6d0f22b39671ca3957b262ec5041c83b0ea96aeec4
tetex-latex-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 16b58d8419628685d18a683270d33467
SHA-256: 33c319a90b11ac8b7968be3ad34b43587c6e4dc8a33a3516b5042bd76dc87d1b
tetex-xdvi-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 15d5dc9b9cd05b712571e1d924bfeb18
SHA-256: 59935547caf45670b35c55c25eaa829aa47a4b9250fb3994cd06ecc2bdca6694
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
tetex-3.0-33.8.el5_5.5.src.rpm
File outdated by:  RHSA-2012:1201
    MD5: 26110a0d5345d568078a8680c3c95bf6
SHA-256: 8ce5f3aaab1ae258c262ed8a8dff7655e0a9c00350ed533b38351a65eadfc294
 
IA-32:
tetex-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 1505fffe49109844b5a6c77384701786
SHA-256: 90b846362c49adf3886440e0a98cff1e0f948bf3543b0db0087b6d47707666c9
tetex-afm-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 984caf541545b17a36accd1f54937413
SHA-256: 23e19a48c4fff64d632ed6f7e2c212d3bdb9d4ec7b38c6f049b477d6df510160
tetex-doc-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: b5ee3d3014ec313db78d96840c935832
SHA-256: 420928f5836115d6898b5b0d489c34541686eb9d043dea47f7bb599baed132de
tetex-dvips-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 51f9b316eeecbb3d4e5717eb13e618ac
SHA-256: 657cad0cb3dd3bf7a40ab2e69fcde73f2cbd354a9d887a0c3f2fb6deeca988e5
tetex-fonts-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: d103cbb3279662f76000aa9b81cef537
SHA-256: c7fe80179e6437c5bd5bd362520c076da2abd5672e4d96724c8352c8118671e4
tetex-latex-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: a8951c88a357208a437e71a08501bb3a
SHA-256: 3432fcfe9155b000370190cec2e66d1320ada92027f1ddb16cc3c345115c74bf
tetex-xdvi-3.0-33.8.el5_5.5.i386.rpm
File outdated by:  RHSA-2012:1201
    MD5: 46373db6522f4a94f061339c964ea02d
SHA-256: 87f239b558059098a98ae15a5294805e9c35c3d38d8b876a9ee41be081ae5f31
 
x86_64:
tetex-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 67e6d09ed04438ac2a856ef9c45caa5d
SHA-256: 604fb7fb0f5607a0c29f8a55cac5ce5f8118ca3922b46c30dfebdb9f17359d81
tetex-afm-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 71326d12a0f65c3c63ecc0ff5e19111a
SHA-256: 0a4b7e029edf25a37e1e54735727001bcab7b15eb83674e6c45ab90489927054
tetex-doc-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: f7da4587311a89380a7232dd945a4c33
SHA-256: 3da0a146307da824cb7ac716d97f7a265f6631bbb838ac8a639f5441b1626539
tetex-dvips-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 3f33c29a17c56f73a49c8165a3cf34a0
SHA-256: e4a2d8510f26e93ed6b18de2ca5c101a35b82e51fe905aada5b44fa3f24ee4bf
tetex-fonts-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 8a7af858c3f53cc9443915e40c7427e7
SHA-256: 6294a9034cddaaae8a829a6d0f22b39671ca3957b262ec5041c83b0ea96aeec4
tetex-latex-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 16b58d8419628685d18a683270d33467
SHA-256: 33c319a90b11ac8b7968be3ad34b43587c6e4dc8a33a3516b5042bd76dc87d1b
tetex-xdvi-3.0-33.8.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2012:1201
    MD5: 15d5dc9b9cd05b712571e1d924bfeb18
SHA-256: 59935547caf45670b35c55c25eaa829aa47a4b9250fb3994cd06ecc2bdca6694
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

490612 - CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)
490614 - CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder
490625 - CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
491840 - CVE-2009-0791 xpdf: multiple integer overflows
495886 - CVE-2009-0799 PDF JBIG2 decoder OOB read
495887 - CVE-2009-0800 PDF JBIG2 multiple input validation flaws
495889 - CVE-2009-1179 PDF JBIG2 integer overflow
495892 - CVE-2009-1180 PDF JBIG2 invalid free()
495894 - CVE-2009-1181 PDF JBIG2 NULL dereference
495896 - CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows
495899 - CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS
526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
573999 - CVE-2010-0829 tetex, dvipng: Multiple array index errors during DVI-to-PNG translation
586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/