Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1201
HistoryAug 23, 2012 - 12:00 a.m.

(RHSA-2012:1201) Moderate: tetex security update

2012-08-2300:00:00
access.redhat.com
9

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.283 Low

EPSS

Percentile

96.4%

JSON

teTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (DVI) file as output.

teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1
fonts. The following issues affect t1lib code:

Two heap-based buffer overflow flaws were found in the way t1lib processed
Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened
by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2010-2642,
CVE-2011-0433)

An invalid pointer dereference flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash or, potentially, execute
arbitrary code with the privileges of the user running teTeX.
(CVE-2011-0764)

A use-after-free flaw was found in t1lib. A specially-crafted font file
could, when opened, cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2011-1553)

An off-by-one flaw was found in t1lib. A specially-crafted font file could,
when opened, cause teTeX to crash or, potentially, execute arbitrary code
with the privileges of the user running teTeX. (CVE-2011-1554)

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash. (CVE-2011-1552)

teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)
file viewer, to allow adding images in PDF format to the generated PDF
documents. The following issues affect Xpdf code:

An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was
used to process a TeX document referencing a specially-crafted PDF file, it
could cause pdflatex to crash or, potentially, execute arbitrary code with
the privileges of the user running pdflatex. (CVE-2010-3702)

An array index error was found in the way Xpdf parsed PostScript Type 1
fonts embedded in PDF documents. If pdflatex was used to process a TeX
document referencing a specially-crafted PDF file, it could cause pdflatex
to crash or, potentially, execute arbitrary code with the privileges of the
user running pdflatex. (CVE-2010-3704)

Red Hat would like to thank the Evince development team for reporting
CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the
original reporter of CVE-2010-2642.

All users of tetex are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5i386tetex-dvips< 3.0-33.15.el5_8.1tetex-dvips-3.0-33.15.el5_8.1.i386.rpm
RedHat5i386tetex-afm< 3.0-33.15.el5_8.1tetex-afm-3.0-33.15.el5_8.1.i386.rpm
RedHat5ia64tetex< 3.0-33.15.el5_8.1tetex-3.0-33.15.el5_8.1.ia64.rpm
RedHat5ia64tetex-dvips< 3.0-33.15.el5_8.1tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm
RedHat5x86_64tetex< 3.0-33.15.el5_8.1tetex-3.0-33.15.el5_8.1.x86_64.rpm
RedHat5ia64tetex-doc< 3.0-33.15.el5_8.1tetex-doc-3.0-33.15.el5_8.1.ia64.rpm
RedHat5ia64tetex-debuginfo< 3.0-33.15.el5_8.1tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm
RedHat5ia64tetex-latex< 3.0-33.15.el5_8.1tetex-latex-3.0-33.15.el5_8.1.ia64.rpm
RedHat5i386tetex< 3.0-33.15.el5_8.1tetex-3.0-33.15.el5_8.1.i386.rpm
RedHat5ppctetex-fonts< 3.0-33.15.el5_8.1tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm
Rows per page:
1-10 of 411

Related

openvas 73
nessus 60
oraclelinux 7
centos 7
osv 2
amazon 2
redhat 6
fedora 7
debian 3
slackware 3
ubuntu 1
securityvulns 3
gentoo 2
cve 4
altlinux 3
debiancve 4
ubuntucve 4
cvelist 4
prion 4
openvas
openvas
RedHat Update for tetex RHSA-2012:1201-01
2012-08-24 00:00:00
RedHat Update for tetex RHSA-2012:1201-01
2012-08-24 00:00:00
CentOS Update for tetex CESA-2012:1201 centos5
2012-08-24 00:00:00
nessus
nessus
CentOS 5 : tetex (CESA-2012:1201)
2012-08-24 00:00:00
Scientific Linux Security Update : tetex on SL5.x i386/x86_64 (20120823)
2012-08-24 00:00:00
Oracle Linux 5 : tetex (ELSA-2012-1201)
2013-07-12 00:00:00
oraclelinux
oraclelinux
tetex security update
2012-08-23 00:00:00
texlive security update
2012-02-15 00:00:00
t1lib security update
2012-01-24 00:00:00
centos
centos
tetex security update
2012-08-23 23:12:26
t1lib security update
2012-01-30 20:25:25
kpathsea, mendexk, texlive security update
2012-02-16 13:36:55
osv
osv
t1lib - several
2012-01-14 00:00:00
xpdf - several vulnerabilities
2010-12-21 00:00:00
amazon
amazon
Medium: texlive
2012-03-04 16:08:00
Medium: t1lib
2012-02-02 14:26:00
redhat
redhat
(RHSA-2012:0062) Moderate: t1lib security update
2012-01-24 00:00:00
(RHSA-2012:0137) Moderate: texlive security update
2012-02-15 00:00:00
(RHSA-2010:0751) Important: xpdf security update
2010-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: t1lib-5.1.2-9.fc16
2012-01-28 03:23:39
[SECURITY] Fedora 15 Update: t1lib-5.1.2-9.fc15
2012-01-28 03:28:44
[SECURITY] Fedora 13 Update: xpdf-3.02-16.fc13
2010-11-04 23:32:04
debian
debian
[SECURITY] [DSA 2388-1] t1lib security update
2012-01-15 10:26:10
[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities
2010-10-12 19:31:50
[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
2010-12-21 17:34:51
slackware
slackware
[slackware-security] t1lib
2012-08-16 06:32:38
[slackware-security] poppler
2010-11-21 00:21:03
[slackware-security] xpdf
2010-11-21 00:20:46
ubuntu
ubuntu
t1lib vulnerabilities
2012-01-19 00:00:00
securityvulns
securityvulns
t1lib / xpdf library multiple security vulnerabilities
2012-01-16 00:00:00
[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities
2010-10-13 00:00:00
poppler library multiple security vulnerabilities
2010-10-13 00:00:00
gentoo
gentoo
T1Lib: : Multiple vulnerabilities
2017-01-23 00:00:00
Xpdf: User-assisted execution of arbitrary code
2014-02-17 00:00:00
cve
cve
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:00
CVE-2011-1553
2011-03-31 23:55:00
altlinux
altlinux
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt5.M50P.1
2010-10-19 00:00:00
Security fix for the ALT Linux 5 package poppler5 version 0.12.4-alt0.M51.2
2010-10-14 00:00:00
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt6
2010-10-14 00:00:00
debiancve
debiancve
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:00
ubuntucve
ubuntucve
CVE-2011-1554
2011-03-31 00:00:00
CVE-2011-0433
2012-01-13 00:00:00
CVE-2011-1553
2011-03-31 00:00:00
cvelist
cvelist
CVE-2011-1554
2011-03-31 23:00:00
CVE-2011-0433
2012-11-19 11:00:00
CVE-2011-1553
2011-03-31 23:00:00
prion
prion
Integer overflow
2011-03-31 23:55:00
Heap overflow
2012-11-19 12:10:00
Design/Logic Flaw
2011-03-31 23:55:00

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.283 Low

EPSS

Percentile

96.4%

JSON
Related for RHSA-2012:1201
openvas73nessus60oraclelinux7centos7osv2amazon2redhat6fedora7debian3slackware3ubuntu1securityvulns3gentoo2cve4altlinux3debiancve4ubuntucve4cvelist4prion4