Red Hat 9042 Published by

A tetex security update is available for Red HAt Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: tetex security update
Advisory ID: RHSA-2005:354-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-354.html
Issue date: 2005-04-01
Updated on: 2005-04-01
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0888 CAN-2004-1125
----------------------------------------------------------------------

1. Summary:

Updated tetex packages that fix several integer overflows are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64



3. Problem description:

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output.

A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code.

A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0888 and CAN-2004-1125 to these issues.

A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0803, CAN-2004-0804 and CAN-2004-0886 to these issues.

Also latex2html is added to package tetex-latex for 64bit platforms.

Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

137475 - CAN-2004-0888 xpdf integer overflows
137607 - CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
137973 - tetex-latex package missing latex2html
145129 - CAN-2004-1125 xpdf buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm

ia64:
65fa9f50ff34d83f16d930f4be8fd09f tetex-1.0.7-38.5E.8.ia64.rpm
32cab33699c3928e2c743538b02fb568 tetex-afm-1.0.7-38.5E.8.ia64.rpm
d2530b745bca8e100b10c351b07db66e tetex-doc-1.0.7-38.5E.8.ia64.rpm
088cf8bde9281498821c578418ba2c7b tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
759261d6cb19e58d5ccd84aa4b8ff77f tetex-dvips-1.0.7-38.5E.8.ia64.rpm
aa145c8fc8f88176ca9958b1d25969c7 tetex-fonts-1.0.7-38.5E.8.ia64.rpm
59dd10dbea7a5761f0708faf38924b4d tetex-latex-1.0.7-38.5E.8.ia64.rpm
146fa129f82b229b3736de8646c88bba tetex-xdvi-1.0.7-38.5E.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm

ia64:
65fa9f50ff34d83f16d930f4be8fd09f tetex-1.0.7-38.5E.8.ia64.rpm
32cab33699c3928e2c743538b02fb568 tetex-afm-1.0.7-38.5E.8.ia64.rpm
d2530b745bca8e100b10c351b07db66e tetex-doc-1.0.7-38.5E.8.ia64.rpm
088cf8bde9281498821c578418ba2c7b tetex-dvilj-1.0.7-38.5E.8.ia64.rpm
759261d6cb19e58d5ccd84aa4b8ff77f tetex-dvips-1.0.7-38.5E.8.ia64.rpm
aa145c8fc8f88176ca9958b1d25969c7 tetex-fonts-1.0.7-38.5E.8.ia64.rpm
59dd10dbea7a5761f0708faf38924b4d tetex-latex-1.0.7-38.5E.8.ia64.rpm
146fa129f82b229b3736de8646c88bba tetex-xdvi-1.0.7-38.5E.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm
efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm

i386:
87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm
99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm
774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm
6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm
21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm
b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm
93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm
4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm

ppc:
6840b4b9525d995f6a8d0cff49ad342d tetex-1.0.7-67.7.ppc.rpm
686b36322cced7700b251cb799a149d9 tetex-afm-1.0.7-67.7.ppc.rpm
4864ff1dfb6fe6b0c487051272e598be tetex-dvips-1.0.7-67.7.ppc.rpm
f49ebe65c04f7a6ef1758fe4bae993ed tetex-fonts-1.0.7-67.7.ppc.rpm
1ea30cb22124b4293d92ebf171b18372 tetex-latex-1.0.7-67.7.ppc.rpm
e4d2624d104cfcae449e86939df8f100 tetex-xdvi-1.0.7-67.7.ppc.rpm

s390:
06c6b4779930bb803b591af8f82014b7 tetex-1.0.7-67.7.s390.rpm
0cc859f1c101b0283cac22c8fa1f7029 tetex-afm-1.0.7-67.7.s390.rpm
82f0c5d4edc43b5592ee31580d3d2598 tetex-dvips-1.0.7-67.7.s390.rpm
5e24afa95c0c81b3f37ef9d58272a556 tetex-fonts-1.0.7-67.7.s390.rpm
3606c37243a599ed81b9193a9f7e2315 tetex-latex-1.0.7-67.7.s390.rpm
422d88e7e25fd240b2c58ec8f3454043 tetex-xdvi-1.0.7-67.7.s390.rpm

s390x:
fc0447b2810a6c4b88d3846b55eef1f7 tetex-1.0.7-67.7.s390x.rpm
01834580509ce3faa5f9ec40a50d9437 tetex-afm-1.0.7-67.7.s390x.rpm
8be653ea8a54e38df44405727b97221d tetex-dvips-1.0.7-67.7.s390x.rpm
2d9b29929e9e1e93e4b3054be00b109e tetex-fonts-1.0.7-67.7.s390x.rpm
9c693a28ad4f210e4a80faebe2610256 tetex-latex-1.0.7-67.7.s390x.rpm
54323c111589e10d0d19f62a45ae9e19 tetex-xdvi-1.0.7-67.7.s390x.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm
854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm

i386:
c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm
805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm
1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm
2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm
deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm
0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm

ia64:
3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm
4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm
8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm
f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm
3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm
e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm

x86_64:
f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm
4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm
ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm
5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm
d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm
20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.