Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2010:0401
HistoryMay 07, 2010 - 10:13 p.m.

tetex security update

2010-05-0722:13:10
CentOS Project
lists.centos.org
58

0.145 Low

EPSS

Percentile

95.7%

JSON

CentOS Errata and Security Advisory CESA-2010:0401

teTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (DVI) file as output.

A buffer overflow flaw was found in the way teTeX processed virtual font
files when converting DVI files into PostScript. An attacker could create a
malicious DVI file that would cause the dvips executable to crash or,
potentially, execute arbitrary code. (CVE-2010-0827)

Multiple integer overflow flaws were found in the way teTeX processed
special commands when converting DVI files into PostScript. An attacker
could create a malicious DVI file that would cause the dvips executable to
crash or, potentially, execute arbitrary code. (CVE-2010-0739,
CVE-2010-1440)

A stack-based buffer overflow flaw was found in the way teTeX processed DVI
files containing HyperTeX references with long titles, when converting them
into PostScript. An attacker could create a malicious DVI file that would
cause the dvips executable to crash. (CVE-2007-5935)

teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)
file viewer, to allow adding images in PDF format to the generated PDF
documents. The following issues affect Xpdf code:

Multiple integer overflow flaws were found in Xpdf. If a local user
generated a PDF file from a TeX document, referencing a specially-crafted
PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary
code with the privileges of the user running pdflatex. (CVE-2009-0791,
CVE-2009-3609)

All users of tetex are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-May/078795.html
https://lists.centos.org/pipermail/centos-announce/2010-May/078796.html

Affected packages:
tetex
tetex-afm
tetex-doc
tetex-dvips
tetex-fonts
tetex-latex
tetex-xdvi

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0401

Related

nessus 57
redhat 9
openvas 75
oraclelinux 9
ubuntu 1
securityvulns 2
gentoo 2
cve 7
ubuntucve 7
prion 7
debiancve 7
fedora 3
centos 7
seebug 3
veracode 3
nessus
nessus
Oracle Linux 3 : tetex (ELSA-2010-0401)
2013-07-12 00:00:00
RHEL 3 : tetex (RHSA-2010:0401)
2010-05-11 00:00:00
Scientific Linux Security Update : tetex on SL3.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2010:0401) Moderate: tetex security update
2010-05-06 00:00:00
(RHSA-2010:0399) Moderate: tetex security update
2010-05-06 00:00:00
(RHSA-2009:1500) Important: xpdf security update
2009-10-15 00:00:00
openvas
openvas
RedHat Update for tetex RHSA-2010:0401-01
2010-05-07 00:00:00
RedHat Update for tetex RHSA-2010:0401-01
2010-05-07 00:00:00
CentOS Update for tetex CESA-2010:0401 centos3 i386
2010-05-17 00:00:00
oraclelinux
oraclelinux
tetex security update
2010-05-06 00:00:00
cups security update
2010-10-07 00:00:00
tetex security update
2010-05-06 00:00:00
ubuntu
ubuntu
TeX Live vulnerabilities
2010-05-06 00:00:00
securityvulns
securityvulns
[USN-937-1] TeX Live vulnerabilities
2010-05-11 00:00:00
dvipng / TeX Live memory corruption
2010-05-11 00:00:00
gentoo
gentoo
TeX Live: Multiple vulnerabilities
2012-06-25 00:00:00
teTeX: Multiple vulnerabilities
2007-11-18 00:00:00
cve
cve
CVE-2010-1440
2010-05-07 18:24:00
CVE-2007-5935
2007-11-13 22:46:00
CVE-2010-0827
2010-05-07 18:24:00
ubuntucve
ubuntucve
CVE-2010-1440
2010-05-03 00:00:00
CVE-2007-5935
2007-11-13 00:00:00
CVE-2010-0827
2010-04-20 00:00:00
prion
prion
Integer overflow
2010-05-07 18:24:00
Stack overflow
2007-11-13 22:46:00
Integer overflow
2010-05-07 18:24:00
debiancve
debiancve
CVE-2010-1440
2010-05-07 18:24:00
CVE-2007-5935
2007-11-13 22:46:00
CVE-2010-0827
2010-05-07 18:24:00
fedora
fedora
[SECURITY] Fedora 12 Update: texlive-2007-48.fc12
2010-05-18 21:49:45
[SECURITY] Fedora 13 Update: texlive-2007-51.fc13
2010-05-18 21:44:16
[SECURITY] Fedora 11 Update: texlive-2007-47.fc11
2010-05-18 21:51:53
centos
centos
tetex security update
2010-05-07 22:21:31
xpdf security update
2009-10-15 11:03:48
kdegraphics security update
2009-10-16 13:29:57
seebug
seebug
Tex Live bbdospecial()函数整数溢出漏洞
2010-05-12 00:00:00
CUPS pdftops过滤器多个整数溢出漏洞
2009-06-05 00:00:00
TeX Live predospecial()函数.dvi文件解析整数溢出漏洞
2010-05-12 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:44:56
Arbitrary Code Execution
2020-04-10 00:44:56
Denial Of Service (DoS)
2020-04-10 00:36:51

0.145 Low

EPSS

Percentile

95.7%

JSON
Related for CESA-2010:0401
nessus57redhat9openvas75oraclelinux9ubuntu1securityvulns2gentoo2cve7ubuntucve7prion7debiancve7fedora3centos7seebug3veracode3