Red Hat Product Errata RHSA-2012:1201 - Security Advisory

Issued:: 2012-08-23
Updated:: 2012-08-23

RHSA-2012:1201 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: tetex security update

Type/Severity

Security Advisory: Moderate

Topic

Updated tetex packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

teTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (DVI) file as output.

teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1
fonts. The following issues affect t1lib code:

Two heap-based buffer overflow flaws were found in the way t1lib processed
Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened
by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2010-2642,
CVE-2011-0433)

An invalid pointer dereference flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash or, potentially, execute
arbitrary code with the privileges of the user running teTeX.
(CVE-2011-0764)

A use-after-free flaw was found in t1lib. A specially-crafted font file
could, when opened, cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2011-1553)

An off-by-one flaw was found in t1lib. A specially-crafted font file could,
when opened, cause teTeX to crash or, potentially, execute arbitrary code
with the privileges of the user running teTeX. (CVE-2011-1554)

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash. (CVE-2011-1552)

teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)
file viewer, to allow adding images in PDF format to the generated PDF
documents. The following issues affect Xpdf code:

An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was
used to process a TeX document referencing a specially-crafted PDF file, it
could cause pdflatex to crash or, potentially, execute arbitrary code with
the privileges of the user running pdflatex. (CVE-2010-3702)

An array index error was found in the way Xpdf parsed PostScript Type 1
fonts embedded in PDF documents. If pdflatex was used to process a TeX
document referencing a specially-crafted PDF file, it could cause pdflatex
to crash or, potentially, execute arbitrary code with the privileges of the
user running pdflatex. (CVE-2010-3704)

Red Hat would like to thank the Evince development team for reporting
CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the
original reporter of CVE-2010-2642.

All users of tetex are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
BZ - 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
BZ - 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser
BZ - 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser
BZ - 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font
BZ - 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font
BZ - 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font
BZ - 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
x86_64
tetex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: b0de7acb743bb0d63a04874bb5874ad218154ba595bf40b0f6db6e6228c0c48e
tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 95210db50c44a9fef57f1dca598806465db8294cddf4e904bf5782e12ee1b106
tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9a7884acc7ab148bbb223d7f797c646b6353e1c945c8735e2029a603ced68d6c
tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5f6c36ec0f5110bdccb805bc2b5222bbdbc09ecc42d6af2fa0a0d6cffd0a2e74
tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 386f1f8b0d651bccddeb3ebdf45d4b4f4c19f828c2fb86c3c491a9109132b358
tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9e4982c6bc361a355cf9296bb359c79165d96abd03872dc26a0e7cac3b0a26de
tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5702e21408b2308cae52d7b046f57ff7ac6271a23533f824dfd63ee756740483
tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 7587da0c607a49ee896b84a574976bddefa48083fcda150b00dc4cefe18dc29f
ia64
tetex-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: e54b76b78c57d1f04a4b8d343ff7018ef7fce4ace99efb5aba5bdf966e1d9708
tetex-afm-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: 2335b23c4fee14aa8fdbf30bc34eb091d95e309e94326849dc6f26f53882e1cc
tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: 4348862a28dc6691799f3cb62f9b8408f0933a8daa2f2f0543ac9e9b85135b5c
tetex-doc-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: 8d4c8902bd10117b6e3d1136e1134e979c96bbb5b888c3ae5cb0e627d0ea1c60
tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: e3f0557598a5b9abdbb310e9559b0c4a1efd9eca71cbd970c380f7ff16b1aa0b
tetex-fonts-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: bd019d312adc2768fb9854e8e82b0e82c69fcc556fc99caffa52797b209a02fc
tetex-latex-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: 48ff1d2103d31bb301614a95608023393fb7222856d1ca7973f77a572d63777c
tetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm	SHA-256: 3088dc8cbb3bd751b518358cc3b5a121a1dbe14be6ac45468bb582ff5c4bea0f
i386
tetex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: d153f519ad48584dfae365d5e993b699c0e8c329045e31bc38d446cba861461f
tetex-afm-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 66fa0c989a46a73e81ede2f13d23ca2e8bee05229e1eb2e44f8360d8873c28e0
tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm	SHA-256: eabe4a7bf843ca043d30854af5adae7b6bc72ab7e4d75d2bd42c8365b1af4656
tetex-doc-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 56e68ee5daf1555e77b5187481d19f7b0d9bd567e1a2c718869a49dcea265c34
tetex-dvips-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 115afd455133615e0f64c507a0bfb0e76192bf3859b81aab8bf9843c5a333f93
tetex-fonts-3.0-33.15.el5_8.1.i386.rpm	SHA-256: f771558fb4d52f4a7e8893a6bd1dd34aa9aa626e259b1781a8594a493b7ed662
tetex-latex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 75e40814e3a21a67ec9accf123283a71410e97940674a1642d7c3b46fbf68c60
tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm	SHA-256: e21a992a329f10ac7660860cd43e3a222f221ad2162cc5e13a81e82c36dbf247

Red Hat Enterprise Linux Workstation 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
x86_64
tetex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: b0de7acb743bb0d63a04874bb5874ad218154ba595bf40b0f6db6e6228c0c48e
tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 95210db50c44a9fef57f1dca598806465db8294cddf4e904bf5782e12ee1b106
tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9a7884acc7ab148bbb223d7f797c646b6353e1c945c8735e2029a603ced68d6c
tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5f6c36ec0f5110bdccb805bc2b5222bbdbc09ecc42d6af2fa0a0d6cffd0a2e74
tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 386f1f8b0d651bccddeb3ebdf45d4b4f4c19f828c2fb86c3c491a9109132b358
tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9e4982c6bc361a355cf9296bb359c79165d96abd03872dc26a0e7cac3b0a26de
tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5702e21408b2308cae52d7b046f57ff7ac6271a23533f824dfd63ee756740483
tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 7587da0c607a49ee896b84a574976bddefa48083fcda150b00dc4cefe18dc29f
i386
tetex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: d153f519ad48584dfae365d5e993b699c0e8c329045e31bc38d446cba861461f
tetex-afm-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 66fa0c989a46a73e81ede2f13d23ca2e8bee05229e1eb2e44f8360d8873c28e0
tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm	SHA-256: eabe4a7bf843ca043d30854af5adae7b6bc72ab7e4d75d2bd42c8365b1af4656
tetex-doc-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 56e68ee5daf1555e77b5187481d19f7b0d9bd567e1a2c718869a49dcea265c34
tetex-dvips-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 115afd455133615e0f64c507a0bfb0e76192bf3859b81aab8bf9843c5a333f93
tetex-fonts-3.0-33.15.el5_8.1.i386.rpm	SHA-256: f771558fb4d52f4a7e8893a6bd1dd34aa9aa626e259b1781a8594a493b7ed662
tetex-latex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 75e40814e3a21a67ec9accf123283a71410e97940674a1642d7c3b46fbf68c60
tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm	SHA-256: e21a992a329f10ac7660860cd43e3a222f221ad2162cc5e13a81e82c36dbf247

Red Hat Enterprise Linux Desktop 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
x86_64
tetex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: b0de7acb743bb0d63a04874bb5874ad218154ba595bf40b0f6db6e6228c0c48e
tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 95210db50c44a9fef57f1dca598806465db8294cddf4e904bf5782e12ee1b106
tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9a7884acc7ab148bbb223d7f797c646b6353e1c945c8735e2029a603ced68d6c
tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5f6c36ec0f5110bdccb805bc2b5222bbdbc09ecc42d6af2fa0a0d6cffd0a2e74
tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 386f1f8b0d651bccddeb3ebdf45d4b4f4c19f828c2fb86c3c491a9109132b358
tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9e4982c6bc361a355cf9296bb359c79165d96abd03872dc26a0e7cac3b0a26de
tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5702e21408b2308cae52d7b046f57ff7ac6271a23533f824dfd63ee756740483
tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 7587da0c607a49ee896b84a574976bddefa48083fcda150b00dc4cefe18dc29f
i386
tetex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: d153f519ad48584dfae365d5e993b699c0e8c329045e31bc38d446cba861461f
tetex-afm-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 66fa0c989a46a73e81ede2f13d23ca2e8bee05229e1eb2e44f8360d8873c28e0
tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm	SHA-256: eabe4a7bf843ca043d30854af5adae7b6bc72ab7e4d75d2bd42c8365b1af4656
tetex-doc-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 56e68ee5daf1555e77b5187481d19f7b0d9bd567e1a2c718869a49dcea265c34
tetex-dvips-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 115afd455133615e0f64c507a0bfb0e76192bf3859b81aab8bf9843c5a333f93
tetex-fonts-3.0-33.15.el5_8.1.i386.rpm	SHA-256: f771558fb4d52f4a7e8893a6bd1dd34aa9aa626e259b1781a8594a493b7ed662
tetex-latex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 75e40814e3a21a67ec9accf123283a71410e97940674a1642d7c3b46fbf68c60
tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm	SHA-256: e21a992a329f10ac7660860cd43e3a222f221ad2162cc5e13a81e82c36dbf247

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
s390x
tetex-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: 5891fcd751b8ed5175602249945dac2b9c7b0d69b9c80beb4dea6da68e00b065
tetex-afm-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: 4b56c18d849bfc11440bb01b3fa866708ebd89dc00467fe7a1745315fc37fe34
tetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: fe64179cd9930b2c02ef6c74d5acc7d8669fe2ee4693f248aa68b5f3690ac114
tetex-doc-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: 024574a932e660dafbadaa26c5aa4e3f0be7b0164c5679558c65517220b969f0
tetex-dvips-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: c87c9eaaea7fb58df4656705dca6119caebe41340f866367d0f631878bf36581
tetex-fonts-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: e0e44faa33366feed24ed19745c6b2ce623b4ff8ddc5a4ba0d5f931c2b06980b
tetex-latex-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: 87593d34822a160aa34e33114de4c1cd3beccaec66b906635491a8db34447129
tetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm	SHA-256: 64c0aa9de09dfa47b5584e57526f1e76fe12e0560d28dcf755345ad67a0484ea

Red Hat Enterprise Linux for Power, big endian 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
ppc
tetex-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: d3713b2cae8ec58b39c8a4771479461751958973009d902e432379ce7e75b1b5
tetex-afm-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: a875e4277df6a267be5b309fff3a488b5bc09b44ba062d6b5c2040c1ff440ee6
tetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: ca5c67b5f2a225f7028aa94a6443a1b9bef36adae4d9a63ec7a96a684db277d9
tetex-doc-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: 5a72f4519dfe6067a62568edbcf3b631859b59cf8c1f8b14876b6b1fb4778305
tetex-dvips-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: 42407e49da32ecba88ef060abf0be36c9ad640c64ab9d80f7c49a9368ce2ed13
tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: e091d2bfb807f73fe0288589110fcb7e16e57062ec2eb43e5c1db062199988b4
tetex-latex-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: e001e05316493157e033103caa79c9ef05f28ca773047b8fcd9aac72010ecfb8
tetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm	SHA-256: a090a9961f70bf213dcd1515c8f394d93301a1db724efcea734dc2ba3dfb9cb0

Red Hat Enterprise Linux Server from RHUI 5

SRPM
tetex-3.0-33.15.el5_8.1.src.rpm	SHA-256: de769c7b7fdcc8e0475c66ed48a5617bee9b49744a87c6700905d368688401c8
x86_64
tetex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: b0de7acb743bb0d63a04874bb5874ad218154ba595bf40b0f6db6e6228c0c48e
tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 95210db50c44a9fef57f1dca598806465db8294cddf4e904bf5782e12ee1b106
tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9a7884acc7ab148bbb223d7f797c646b6353e1c945c8735e2029a603ced68d6c
tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5f6c36ec0f5110bdccb805bc2b5222bbdbc09ecc42d6af2fa0a0d6cffd0a2e74
tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 386f1f8b0d651bccddeb3ebdf45d4b4f4c19f828c2fb86c3c491a9109132b358
tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 9e4982c6bc361a355cf9296bb359c79165d96abd03872dc26a0e7cac3b0a26de
tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 5702e21408b2308cae52d7b046f57ff7ac6271a23533f824dfd63ee756740483
tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm	SHA-256: 7587da0c607a49ee896b84a574976bddefa48083fcda150b00dc4cefe18dc29f
i386
tetex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: d153f519ad48584dfae365d5e993b699c0e8c329045e31bc38d446cba861461f
tetex-afm-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 66fa0c989a46a73e81ede2f13d23ca2e8bee05229e1eb2e44f8360d8873c28e0
tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm	SHA-256: eabe4a7bf843ca043d30854af5adae7b6bc72ab7e4d75d2bd42c8365b1af4656
tetex-doc-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 56e68ee5daf1555e77b5187481d19f7b0d9bd567e1a2c718869a49dcea265c34
tetex-dvips-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 115afd455133615e0f64c507a0bfb0e76192bf3859b81aab8bf9843c5a333f93
tetex-fonts-3.0-33.15.el5_8.1.i386.rpm	SHA-256: f771558fb4d52f4a7e8893a6bd1dd34aa9aa626e259b1781a8594a493b7ed662
tetex-latex-3.0-33.15.el5_8.1.i386.rpm	SHA-256: 75e40814e3a21a67ec9accf123283a71410e97940674a1642d7c3b46fbf68c60
tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm	SHA-256: e21a992a329f10ac7660860cd43e3a222f221ad2162cc5e13a81e82c36dbf247

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories