[RHSA-2005:026-01] Moderate: tetex security update

bugzilla at redhat.com bugzilla at redhat.com
Wed Mar 16 15:25:00 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: tetex security update
Advisory ID:       RHSA-2005:026-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-026.html
Issue date:        2005-03-16
Updated on:        2005-03-16
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0064 CAN-2004-1125
- ---------------------------------------------------------------------

1. Summary:

Updated tetex packages that resolve security issues are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The tetex packages (teTeX) contain an implementation of TeX for Linux or
UNIX systems. 

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which
also affects teTeX due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause teTeX to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to
this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects teTeX due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause teTeX to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to
this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

144257 - CAN-2004-1125 xpdf buffer overflow
145055 - CAN-2005-0064 xpdf buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

ppc:
b3526bdd4ac4b2645e050eb46b120fef  tetex-2.0.2-22.EL4.4.ppc.rpm
4bd4a2d136c614fd12184fa6f975f03d  tetex-afm-2.0.2-22.EL4.4.ppc.rpm
324623ce7f83bc85498b3468431f4a34  tetex-doc-2.0.2-22.EL4.4.ppc.rpm
3e6630554d2e6d9d24a3775d53ef05db  tetex-dvips-2.0.2-22.EL4.4.ppc.rpm
d1524075b8381a43811c37b68a7cadd8  tetex-fonts-2.0.2-22.EL4.4.ppc.rpm
df820f28dffdbcd721bb90d002d268c9  tetex-latex-2.0.2-22.EL4.4.ppc.rpm
a411d97f10aafe2f1c24f938b0de1b80  tetex-xdvi-2.0.2-22.EL4.4.ppc.rpm

s390:
67d1731c40c382b68e6b2e41b459a276  tetex-2.0.2-22.EL4.4.s390.rpm
0e70a1b95bf3057e3cb46f1cd7f96655  tetex-afm-2.0.2-22.EL4.4.s390.rpm
d88d319fc363565364316b8c7e34b11f  tetex-doc-2.0.2-22.EL4.4.s390.rpm
e87976edf77da5d891edec54a2e01dc5  tetex-dvips-2.0.2-22.EL4.4.s390.rpm
7fd9246af62e280513c5cd1a74d960c9  tetex-fonts-2.0.2-22.EL4.4.s390.rpm
fce2bd0bd18b996467356235f171e160  tetex-latex-2.0.2-22.EL4.4.s390.rpm
d1c6d90df13c9dd8a703a536704a0043  tetex-xdvi-2.0.2-22.EL4.4.s390.rpm

s390x:
9efc79c6bb7cfb79afca130230d1df96  tetex-2.0.2-22.EL4.4.s390x.rpm
5e7f852d9d335e553f87ba1f22c84528  tetex-afm-2.0.2-22.EL4.4.s390x.rpm
041948d9d1ab97bb52fc3900feed81eb  tetex-doc-2.0.2-22.EL4.4.s390x.rpm
a86ef414af5736820b9c2d0692ce6c5b  tetex-dvips-2.0.2-22.EL4.4.s390x.rpm
08cfa664c6bbcdc537f869f6f421effe  tetex-fonts-2.0.2-22.EL4.4.s390x.rpm
d1d15249a5dbe61f48a2ea30fc317597  tetex-latex-2.0.2-22.EL4.4.s390x.rpm
c25be003bd1cfccbdf9c0f1f06e19573  tetex-xdvi-2.0.2-22.EL4.4.s390x.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4  tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663  tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201  tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134  tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079  tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8  tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4  tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e  tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d  tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b  tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2  tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629  tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8  tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172  tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28  tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10  tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94  tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238  tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8  tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a  tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6  tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6  tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCOE/wXlSAg2UNWIIRAvdnAKCibUeWo7jUUsjoOnKjY/cnuk9W8gCeNPvu
BYAIAW1uNOW6r7unyKudPJI=
=sObz
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list