Red Hat 9062 Published by

A tetex security update is available for Red Hat Enterprise Linux

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: tetex security update
Advisory ID: RHSA-2005:026-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-026.html
Issue date: 2005-03-16
Updated on: 2005-03-16
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0064 CAN-2004-1125
----------------------------------------------------------------------

1. Summary:

Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.

Users should update to these erratum packages which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

144257 - CAN-2004-1125 xpdf buffer overflow
145055 - CAN-2005-0064 xpdf buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

ppc:
b3526bdd4ac4b2645e050eb46b120fef tetex-2.0.2-22.EL4.4.ppc.rpm
4bd4a2d136c614fd12184fa6f975f03d tetex-afm-2.0.2-22.EL4.4.ppc.rpm
324623ce7f83bc85498b3468431f4a34 tetex-doc-2.0.2-22.EL4.4.ppc.rpm
3e6630554d2e6d9d24a3775d53ef05db tetex-dvips-2.0.2-22.EL4.4.ppc.rpm
d1524075b8381a43811c37b68a7cadd8 tetex-fonts-2.0.2-22.EL4.4.ppc.rpm
df820f28dffdbcd721bb90d002d268c9 tetex-latex-2.0.2-22.EL4.4.ppc.rpm
a411d97f10aafe2f1c24f938b0de1b80 tetex-xdvi-2.0.2-22.EL4.4.ppc.rpm

s390:
67d1731c40c382b68e6b2e41b459a276 tetex-2.0.2-22.EL4.4.s390.rpm
0e70a1b95bf3057e3cb46f1cd7f96655 tetex-afm-2.0.2-22.EL4.4.s390.rpm
d88d319fc363565364316b8c7e34b11f tetex-doc-2.0.2-22.EL4.4.s390.rpm
e87976edf77da5d891edec54a2e01dc5 tetex-dvips-2.0.2-22.EL4.4.s390.rpm
7fd9246af62e280513c5cd1a74d960c9 tetex-fonts-2.0.2-22.EL4.4.s390.rpm
fce2bd0bd18b996467356235f171e160 tetex-latex-2.0.2-22.EL4.4.s390.rpm
d1c6d90df13c9dd8a703a536704a0043 tetex-xdvi-2.0.2-22.EL4.4.s390.rpm

s390x:
9efc79c6bb7cfb79afca130230d1df96 tetex-2.0.2-22.EL4.4.s390x.rpm
5e7f852d9d335e553f87ba1f22c84528 tetex-afm-2.0.2-22.EL4.4.s390x.rpm
041948d9d1ab97bb52fc3900feed81eb tetex-doc-2.0.2-22.EL4.4.s390x.rpm
a86ef414af5736820b9c2d0692ce6c5b tetex-dvips-2.0.2-22.EL4.4.s390x.rpm
08cfa664c6bbcdc537f869f6f421effe tetex-fonts-2.0.2-22.EL4.4.s390x.rpm
d1d15249a5dbe61f48a2ea30fc317597 tetex-latex-2.0.2-22.EL4.4.s390x.rpm
c25be003bd1cfccbdf9c0f1f06e19573 tetex-xdvi-2.0.2-22.EL4.4.s390x.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tetex-2.0.2-22.EL4.4.src.rpm
0e9f7658ff7f20c50a411b66359043d4 tetex-2.0.2-22.EL4.4.src.rpm

i386:
4a864c86edbd510bf92e60d921044663 tetex-2.0.2-22.EL4.4.i386.rpm
2001bd44e3c46e850071ffb096039201 tetex-afm-2.0.2-22.EL4.4.i386.rpm
596e753eb5f3e6d0ff7473f8ae462134 tetex-doc-2.0.2-22.EL4.4.i386.rpm
023f7113ebc22db5b6b86b11153ae079 tetex-dvips-2.0.2-22.EL4.4.i386.rpm
3490e58a864bec84d1a7c5479335f7a8 tetex-fonts-2.0.2-22.EL4.4.i386.rpm
5378603b54e287c472fb258384186ca4 tetex-latex-2.0.2-22.EL4.4.i386.rpm
36a8f5600bc353c4c2f14fa5f6fda26e tetex-xdvi-2.0.2-22.EL4.4.i386.rpm

ia64:
67604c19f7004d315bb34ffd3322d73d tetex-2.0.2-22.EL4.4.ia64.rpm
5a0ca23db1069968333a248803187c0b tetex-afm-2.0.2-22.EL4.4.ia64.rpm
fdeeb8a3e904988da6b06ce910545cf2 tetex-doc-2.0.2-22.EL4.4.ia64.rpm
b92924a28ca56eada03a5e3e24891629 tetex-dvips-2.0.2-22.EL4.4.ia64.rpm
2dac870c773978a9c7049bfc45a56fc8 tetex-fonts-2.0.2-22.EL4.4.ia64.rpm
185d6d9b2ea2c65fc04e5cdb42d68172 tetex-latex-2.0.2-22.EL4.4.ia64.rpm
cb3e781f24161ebf863997552b17eb28 tetex-xdvi-2.0.2-22.EL4.4.ia64.rpm

x86_64:
d16c24dcba2e2ed5d33138b124502c10 tetex-2.0.2-22.EL4.4.x86_64.rpm
5ef87c25c1eccd45354405fc5e5fad94 tetex-afm-2.0.2-22.EL4.4.x86_64.rpm
8af688b7a5d0451ddc77040ad95d0238 tetex-doc-2.0.2-22.EL4.4.x86_64.rpm
31e64490019b29a36a0f41f390517fe8 tetex-dvips-2.0.2-22.EL4.4.x86_64.rpm
211fe3d816ff83b6403866f1e927360a tetex-fonts-2.0.2-22.EL4.4.x86_64.rpm
ef10ca5f1c4721a0c6f8b071336987b6 tetex-latex-2.0.2-22.EL4.4.x86_64.rpm
1aff9145a331d9ebb6a03bd9fad671e6 tetex-xdvi-2.0.2-22.EL4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.