kpathsea, mendexk, texlive security update

2012-02-16T13:36:55
ID CESA-2012:0137
Type centos
Reporter CentOS Project
Modified 2012-02-16T13:36:55

Description

CentOS Errata and Security Advisory CESA-2012:0137

TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. The texlive packages provide a number of utilities, including dvips.

TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:

Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2010-2642, CVE-2011-0433)

An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-0764)

A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1553)

An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1554)

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. (CVE-2011-1552)

Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642.

All users of texlive are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2012-February/030477.html

Affected packages: kpathsea kpathsea-devel mendexk texlive texlive-afm texlive-context texlive-dvips texlive-dviutils texlive-east-asian texlive-latex texlive-utils texlive-xetex

Upstream details at: https://rhn.redhat.com/errata/RHSA-2012-0137.html