[Full-disclosure] [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:022
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tetex
Date : January 18, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2,
kpdf in KDE before 3.5.5, and other products, allows remote attackers
to have an unknown impact, possibly including denial of service
(infinite loop), arbitrary code execution, or memory corruption, via a
PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages
attribute that references an invalid page tree node.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
b0e9b86776c418b948d8574d5d9cbd49 2006.0/i586/jadetex-3.12-110.3.20060mdk.i586.rpm
c2338788f1ab57520c0082392ed79a4d 2006.0/i586/tetex-3.0-12.3.20060mdk.i586.rpm
23f6c5d99c6d75d8299858f2f1762570 2006.0/i586/tetex-afm-3.0-12.3.20060mdk.i586.rpm
38ce0c5b942ecbbeecbeb2e67b0fc575 2006.0/i586/tetex-context-3.0-12.3.20060mdk.i586.rpm
fae0147ac3122354c573418a5e2b933e 2006.0/i586/tetex-devel-3.0-12.3.20060mdk.i586.rpm
4ea3b6d4bac953feacdafec3b0716a75 2006.0/i586/tetex-doc-3.0-12.3.20060mdk.i586.rpm
3cea7fdbe482dba0fdccb423e59c0687 2006.0/i586/tetex-dvilj-3.0-12.3.20060mdk.i586.rpm
de6a3d7a548c55476ac8ffbce57867f2 2006.0/i586/tetex-dvipdfm-3.0-12.3.20060mdk.i586.rpm
394aaf123e290414c429c0e83e007928 2006.0/i586/tetex-dvips-3.0-12.3.20060mdk.i586.rpm
e7e1826411e5a655c13381bf8f8a836e 2006.0/i586/tetex-latex-3.0-12.3.20060mdk.i586.rpm
7a7304b0ff04cb5528b44ec4116dab00 2006.0/i586/tetex-mfwin-3.0-12.3.20060mdk.i586.rpm
478e42a89808a7a50de49d5824981961 2006.0/i586/tetex-texi2html-3.0-12.3.20060mdk.i586.rpm
9f2641d71a55e2ca887a43ef4965b32b 2006.0/i586/tetex-xdvi-3.0-12.3.20060mdk.i586.rpm
d5b7ff7afc8bf10f923d198b12a2eef7 2006.0/i586/xmltex-1.9-58.3.20060mdk.i586.rpm
dfac4ea9ee368da19133c7ec734f4df9 2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9ef912b94f8f55197ddbb2123e30a25a 2006.0/x86_64/jadetex-3.12-110.3.20060mdk.x86_64.rpm
1c01bcd9a4fa2982694492210de47089 2006.0/x86_64/tetex-3.0-12.3.20060mdk.x86_64.rpm
4d00faf564d28b45374a57f91e5aacb9 2006.0/x86_64/tetex-afm-3.0-12.3.20060mdk.x86_64.rpm
139a0ee822471c2562eab654142f34f4 2006.0/x86_64/tetex-context-3.0-12.3.20060mdk.x86_64.rpm
5dbf547b972213623d879c201eaf7d26 2006.0/x86_64/tetex-devel-3.0-12.3.20060mdk.x86_64.rpm
8080633d08582fac2b2b2084e0e1c14e 2006.0/x86_64/tetex-doc-3.0-12.3.20060mdk.x86_64.rpm
eea2f40c602d83eab0abcf01065c9e27 2006.0/x86_64/tetex-dvilj-3.0-12.3.20060mdk.x86_64.rpm
93a9c2c81cebe89e71c386cb122684ca 2006.0/x86_64/tetex-dvipdfm-3.0-12.3.20060mdk.x86_64.rpm
f370373047439ff20285c560c62d15bb 2006.0/x86_64/tetex-dvips-3.0-12.3.20060mdk.x86_64.rpm
aac948de1110ed6cd6bec349185c469e 2006.0/x86_64/tetex-latex-3.0-12.3.20060mdk.x86_64.rpm
ad1b17cdaaeaddcb50ccecca995b40bf 2006.0/x86_64/tetex-mfwin-3.0-12.3.20060mdk.x86_64.rpm
e0a894fef728129a9c4adaf489b2d4c9 2006.0/x86_64/tetex-texi2html-3.0-12.3.20060mdk.x86_64.rpm
7be9509ba2bae53fd5e5dad6726319c8 2006.0/x86_64/tetex-xdvi-3.0-12.3.20060mdk.x86_64.rpm
dac1e6dbb15c0720ddee363e1fca40c8 2006.0/x86_64/xmltex-1.9-58.3.20060mdk.x86_64.rpm
dfac4ea9ee368da19133c7ec734f4df9 2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
78124b41f0f99ef02b030db387b7d0be 2007.0/i586/jadetex-3.12-116.1mdv2007.0.i586.rpm
0ba38db61f2ac0cfca4017d5a421c371 2007.0/i586/tetex-3.0-18.1mdv2007.0.i586.rpm
ac07abe40f118a50d4d02480e6fc6acf 2007.0/i586/tetex-afm-3.0-18.1mdv2007.0.i586.rpm
9b2cc8802dbbd9987fc8e27fc2cd4fa6 2007.0/i586/tetex-context-3.0-18.1mdv2007.0.i586.rpm
26bf31a911285913987b47d84ab972e6 2007.0/i586/tetex-devel-3.0-18.1mdv2007.0.i586.rpm
64548fd5d941e14ad9040b0682be073f 2007.0/i586/tetex-doc-3.0-18.1mdv2007.0.i586.rpm
327b14eb8a8e906b3c671dd2550e23c6 2007.0/i586/tetex-dvilj-3.0-18.1mdv2007.0.i586.rpm
c10d7f14ac918ecf1346c5602e4702b1 2007.0/i586/tetex-dvipdfm-3.0-18.1mdv2007.0.i586.rpm
991f7f24ce100c5b1bd650635df534a6 2007.0/i586/tetex-dvips-3.0-18.1mdv2007.0.i586.rpm
55c23ef379b549f3bf295d7f22eedd3d 2007.0/i586/tetex-latex-3.0-18.1mdv2007.0.i586.rpm
910a0ab053d49d72beba7dbb8dcfb67d 2007.0/i586/tetex-mfwin-3.0-18.1mdv2007.0.i586.rpm
d4d79d3ec2e942950a900b0e264dd352 2007.0/i586/tetex-texi2html-3.0-18.1mdv2007.0.i586.rpm
47569ddcae890f450423c6b7637052c4 2007.0/i586/tetex-xdvi-3.0-18.1mdv2007.0.i586.rpm
de84b77612fdcb65dc0b492ef035948a 2007.0/i586/xmltex-1.9-64.1mdv2007.0.i586.rpm
a25e245f8899b029e6f66628da291ff5 2007.0/SRPMS/tetex-3.0-18.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
484cde452f6dc278ffe7bf8471c5b2a1 2007.0/x86_64/jadetex-3.12-116.1mdv2007.0.x86_64.rpm
18828e699d7b3c300ea61079266ec72f 2007.0/x86_64/tetex-3.0-18.1mdv2007.0.x86_64.rpm
67724adf4f8afbcd5f89eb8006bc5af5 2007.0/x86_64/tetex-afm-3.0-18.1mdv2007.0.x86_64.rpm
96e26248638f41b4bc7d5f3e871649c5 2007.0/x86_64/tetex-context-3.0-18.1mdv2007.0.x86_64.rpm
dbb59278fcf549d35312f90112b5e168 2007.0/x86_64/tetex-devel-3.0-18.1mdv2007.0.x86_64.rpm
869e43a9aa80df4c676a768c36a9e117 2007.0/x86_64/tetex-doc-3.0-18.1mdv2007.0.x86_64.rpm
4e98e1172c41a8cfd87e16789e08d582 2007.0/x86_64/tetex-dvilj-3.0-18.1mdv2007.0.x86_64.rpm
3db0e91bea2b31540943e23d287c4a73 2007.0/x86_64/tetex-dvipdfm-3.0-18.1mdv2007.0.x86_64.rpm
056a25922526c43ae74c4540110b363c 2007.0/x86_64/tetex-dvips-3.0-18.1mdv2007.0.x86_64.rpm
bf89943fbb35e5be431ddaeeb6874c0b 2007.0/x86_64/tetex-latex-3.0-18.1mdv2007.0.x86_64.rpm
f30fead5ed7b9383a5508b8064688b87 2007.0/x86_64/tetex-mfwin-3.0-18.1mdv2007.0.x86_64.rpm
21a1d9f09f9c284a6098138490807c7a 2007.0/x86_64/tetex-texi2html-3.0-18.1mdv2007.0.x86_64.rpm
8cd846107a6ddd85d2be0f3caef277fb 2007.0/x86_64/tetex-xdvi-3.0-18.1mdv2007.0.x86_64.rpm
43a0155e8b9b4bc75248d6d4a7f8c1f8 2007.0/x86_64/xmltex-1.9-64.1mdv2007.0.x86_64.rpm
a25e245f8899b029e6f66628da291ff5 2007.0/SRPMS/tetex-3.0-18.1mdv2007.0.src.rpm

Corporate 3.0:
c93214160b8e8ebb0f791b1926f234a5 corporate/3.0/i586/jadetex-3.12-93.5.C30mdk.i586.rpm
5b364cd2a2217aaf80d17cf179acae98 corporate/3.0/i586/tetex-2.0.2-14.5.C30mdk.i586.rpm
dccc24883880adc4e5e0f9983217abe6 corporate/3.0/i586/tetex-afm-2.0.2-14.5.C30mdk.i586.rpm
74f1e2c5ee35b0a8d7552a39812a1f38 corporate/3.0/i586/tetex-context-2.0.2-14.5.C30mdk.i586.rpm
3c896ce2f2ef58b76a481e8058562d72 corporate/3.0/i586/tetex-devel-2.0.2-14.5.C30mdk.i586.rpm
6edb72131045c5727b1b87d5ceef0987 corporate/3.0/i586/tetex-doc-2.0.2-14.5.C30mdk.i586.rpm
08de572c8270a71603b13b436acd64c9 corporate/3.0/i586/tetex-dvilj-2.0.2-14.5.C30mdk.i586.rpm
aba5bee10035b9b1b57ce92dd90f989d corporate/3.0/i586/tetex-dvipdfm-2.0.2-14.5.C30mdk.i586.rpm
c7976d0df3677f7949f220e2fbc99392 corporate/3.0/i586/tetex-dvips-2.0.2-14.5.C30mdk.i586.rpm
1a83b7e2aaa33cb96a7c9aa35e77bda1 corporate/3.0/i586/tetex-latex-2.0.2-14.5.C30mdk.i586.rpm
1bbe133477dfbe8f2eed96b90cf26662 corporate/3.0/i586/tetex-mfwin-2.0.2-14.5.C30mdk.i586.rpm
1d487a5ffa6b68a868228cdeaa20d832 corporate/3.0/i586/tetex-texi2html-2.0.2-14.5.C30mdk.i586.rpm
0bd2f1246a1571af99941c692cc20110 corporate/3.0/i586/tetex-xdvi-2.0.2-14.5.C30mdk.i586.rpm
2224bd1105bf725dcedc9292fa518acf corporate/3.0/i586/xmltex-1.9-41.5.C30mdk.i586.rpm
8b5a4a4f6d5ff4d98a1281af2d71d36c corporate/3.0/SRPMS/tetex-2.0.2-14.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
2d926e3bd8f634ac9c1e5f89df19a85d corporate/3.0/x86_64/jadetex-3.12-93.5.C30mdk.x86_64.rpm
f758927c4a9999282f38a13fbcc8d0ed corporate/3.0/x86_64/tetex-2.0.2-14.5.C30mdk.x86_64.rpm
8d2da57380f45c588845ee97aa574d2b corporate/3.0/x86_64/tetex-afm-2.0.2-14.5.C30mdk.x86_64.rpm
4f6daa6ef092dd5a2f849ef8de52407e corporate/3.0/x86_64/tetex-context-2.0.2-14.5.C30mdk.x86_64.rpm
fea3921e3e9f4856d1e613d48370c057 corporate/3.0/x86_64/tetex-devel-2.0.2-14.5.C30mdk.x86_64.rpm
f58957bfe6c337c4d0aea6332457fb88 corporate/3.0/x86_64/tetex-doc-2.0.2-14.5.C30mdk.x86_64.rpm
d60dd82115164e40b35528dc494075bb corporate/3.0/x86_64/tetex-dvilj-2.0.2-14.5.C30mdk.x86_64.rpm
fe5f1393c2ad00c391a59c013fdd225b corporate/3.0/x86_64/tetex-dvipdfm-2.0.2-14.5.C30mdk.x86_64.rpm
77a8c2a7f786d5fe251a3cf6ad56f8a6 corporate/3.0/x86_64/tetex-dvips-2.0.2-14.5.C30mdk.x86_64.rpm
1ec612e9e803307a1b9cc9b70b6d1eec corporate/3.0/x86_64/tetex-latex-2.0.2-14.5.C30mdk.x86_64.rpm
a853b831d61d6e2907664a34cda3d2e6 corporate/3.0/x86_64/tetex-mfwin-2.0.2-14.5.C30mdk.x86_64.rpm
9c1502657d6a692445d7c05c0bc08760 corporate/3.0/x86_64/tetex-texi2html-2.0.2-14.5.C30mdk.x86_64.rpm
9be9f52a507ed56fd05baa7f5d612dd7 corporate/3.0/x86_64/tetex-xdvi-2.0.2-14.5.C30mdk.x86_64.rpm
60ea5b041fa70f46ae8104a04843110c corporate/3.0/x86_64/xmltex-1.9-41.5.C30mdk.x86_64.rpm
8b5a4a4f6d5ff4d98a1281af2d71d36c corporate/3.0/SRPMS/tetex-2.0.2-14.5.C30mdk.src.rpm

Corporate 4.0:
ddac4526b56f24eb774fcf37a0381ce7 corporate/4.0/i586/jadetex-3.12-110.3.20060mlcs4.i586.rpm
51de65ad28fa07098366fc2c875df20c corporate/4.0/i586/tetex-3.0-12.3.20060mlcs4.i586.rpm
0527185de5a39686833f03bb991db5d3 corporate/4.0/i586/tetex-afm-3.0-12.3.20060mlcs4.i586.rpm
e2826e0f0a22d3548d02ca8fd4c922cd corporate/4.0/i586/tetex-context-3.0-12.3.20060mlcs4.i586.rpm
8e6575f0ac52785ea4163ec064999079 corporate/4.0/i586/tetex-devel-3.0-12.3.20060mlcs4.i586.rpm
6529f3ba8b8c03b8938259048d9fba7f corporate/4.0/i586/tetex-doc-3.0-12.3.20060mlcs4.i586.rpm
51a47e7f97e550d63b2d61b7a96b48e3 corporate/4.0/i586/tetex-dvilj-3.0-12.3.20060mlcs4.i586.rpm
17dc8f10a492283c5121454dff0705c5 corporate/4.0/i586/tetex-dvipdfm-3.0-12.3.20060mlcs4.i586.rpm
03d91453c6c2ba0435aa7ba503dec417 corporate/4.0/i586/tetex-dvips-3.0-12.3.20060mlcs4.i586.rpm
071921ff5e769938e177cb5cd43d20b6 corporate/4.0/i586/tetex-latex-3.0-12.3.20060mlcs4.i586.rpm
479fcb92a32f627bbfb04522f1f7c89c corporate/4.0/i586/tetex-mfwin-3.0-12.3.20060mlcs4.i586.rpm
4bd0cbc69453954324dc592126bcbc67 corporate/4.0/i586/tetex-texi2html-3.0-12.3.20060mlcs4.i586.rpm
95e1b3bc49f2ab0ac317e5130a70a625 corporate/4.0/i586/tetex-xdvi-3.0-12.3.20060mlcs4.i586.rpm
0f32f2dad3a514a2fc8094ed5a1b712d corporate/4.0/i586/xmltex-1.9-58.3.20060mlcs4.i586.rpm
19ddb7ee7cab54ac851cd5ef399ff77e corporate/4.0/SRPMS/tetex-3.0-12.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
665879f7fd675b56bec3a9ec4785040d corporate/4.0/x86_64/jadetex-3.12-110.3.20060mlcs4.x86_64.rpm
f3bd189b132457a659c16f683040f9f6 corporate/4.0/x86_64/tetex-3.0-12.3.20060mlcs4.x86_64.rpm
be8f757d3991987a9eb706a04c74c261 corporate/4.0/x86_64/tetex-afm-3.0-12.3.20060mlcs4.x86_64.rpm
093d2c02434148b7d54c19a145bc4672 corporate/4.0/x86_64/tetex-context-3.0-12.3.20060mlcs4.x86_64.rpm
90f76b5938c48de76083aadfd61235b6 corporate/4.0/x86_64/tetex-devel-3.0-12.3.20060mlcs4.x86_64.rpm
ad2f307b2b439f6d02e83b038a6c6750 corporate/4.0/x86_64/tetex-doc-3.0-12.3.20060mlcs4.x86_64.rpm
64ae40ef2b0a71e88bc86cecac38e188 corporate/4.0/x86_64/tetex-dvilj-3.0-12.3.20060mlcs4.x86_64.rpm
cf6c423a01ffb30206b7ab973576dc05 corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.3.20060mlcs4.x86_64.rpm
7f0758b87f1dd184267010edf2ae49c2 corporate/4.0/x86_64/tetex-dvips-3.0-12.3.20060mlcs4.x86_64.rpm
584677a10b1f4dc829edc38347636ac2 corporate/4.0/x86_64/tetex-latex-3.0-12.3.20060mlcs4.x86_64.rpm
f807370e1d34149ec4d3f8db0bb718eb corporate/4.0/x86_64/tetex-mfwin-3.0-12.3.20060mlcs4.x86_64.rpm
30a5829e72c5694d38224cd6f1048684 corporate/4.0/x86_64/tetex-texi2html-3.0-12.3.20060mlcs4.x86_64.rpm
202b14f67f12f4390649a00cd677f5bb corporate/4.0/x86_64/tetex-xdvi-3.0-12.3.20060mlcs4.x86_64.rpm
ae70ba2da64fc4bd7ea5e543d3921356 corporate/4.0/x86_64/xmltex-1.9-58.3.20060mlcs4.x86_64.rpm
19ddb7ee7cab54ac851cd5ef399ff77e corporate/4.0/SRPMS/tetex-3.0-12.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFr7azmqjQ0CJFipgRAhgjAJwNJwlUAK2S+mIB17aKqmjN8WQJGgCguwgZ
h8dpKOT8JiNu1YzvQKYYs/U=
=xCS/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file v
    ... The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, ... The updated packages have been patched to correct this problem. ... Mandriva Linux 2006.0/X86_64: ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2010:079 ] irssi
    ... Multiple vulnerabilities has been found and corrected in irssi: ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2009.1/X86_64: ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2010:079 ] irssi
    ... Multiple vulnerabilities has been found and corrected in irssi: ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2009.1/X86_64: ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2010:245 ] krb5
    ... A vulnerability was discovered and corrected in krb5: ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [ MDVSA-2010:079 ] irssi
    ... Multiple vulnerabilities has been found and corrected in irssi: ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2009.1/X86_64: ... GPG public key of the Mandriva Security Team by executing: ...
    (Bugtraq)