<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:124
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : June 13, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in libgd2 was found by Xavier Roche where it would not correctly
 validate PNG callback results.  If an application linked against
 libgd2 was tricked into processing a specially-crafted PNG file, it
 could cause a denial of service scenario via CPU resource consumption.
 
 Tetex uses an embedded copy of the gd source and may also be affected
 by this issue.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2e8c2ac6ad83cc072b76787be3d15299  
2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm
 957a3160ce764d40e12e6017130a6332  2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm
 e6f1f57c2aab41833f5a2f4a46356144  
2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm
 8c6e7772152cfa5ebe14cef82e9c8886  
2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm
 94be356439d6932788d9f7550e9206d5  
2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm
 cd5db61b9bfd3e644efd262de24e84c5  
2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm
 846e037efab3a20fe81c1be5a5cbbfc0  
2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm
 33c7aa750310bfda386768f9e7f8055d  
2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm
 08db04b936e7d91644f21b54a423bcff  
2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm
 5bc245e88f789ded24c3b2c36740d24a  
2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm
 bb90c0b9833a35c31450f43149a5b076  
2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm
 dba9384f7d839111cacaee7511e080ed  
2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm
 626eb3c0c5f18540e14c25b098e882e5  
2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm
 468a678c98a37047027dc813274004ce  
2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm 
 f65fbde65d9ca68be158f92e24508413  2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 ce0d6de4ce859af079ffe3afc49c05bf  
2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm
 4b2e945b215737269c192a6fbcf838b6  
2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm
 1673d2571a84c29b58385e02eb3bd6c3  
2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm
 60ca25d92303c6864a50559098c1b601  
2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm
 91d962afd5f258ab72c5ef2ab6bdfa1a  
2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm
 2c186f216f86f43920ad9904d28e3e0f  
2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm
 4d6ea1b35f033e1cd27d1d61393a0196  
2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm
 e4fc1eda06c96d9f72ec0415099d6094  
2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm
 a4daeeb22f0e9de15893df0d2b49614d  
2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm
 051377331be602aee494c41d7858b8a8  
2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm
 e341788602e2239080c80c111bc23d52  
2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm
 6486e09c3be46503b597666819f2dcb3  
2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm
 fe18bf6f511d0a8af4a52f8970102fcb  
2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm
 9b018058b8cae68e65228a151a849603  
2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm 
 f65fbde65d9ca68be158f92e24508413  2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 50048a669bb05f151efa42105f43fb9c  
2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm
 e29de9eb213eb8b94539a1e3d6a22db9  2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm
 81ca9f7536b997c3793df222442fb519  
2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm
 9659b9e7a5b8530c49cc9ceb40a32f18  
2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm
 2ba7ea077768d4c82351656578c984eb  
2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm
 6ea801e052eab5a1bd6258c08b6c8268  
2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm
 16160a0300b7a80c131a161fee536ccb  
2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm
 8fb693d4715e914d85d4ef97f57c91f8  
2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm
 bc1ad2d54861f6b447e6205024f7e52f  
2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm
 f672d69f2edb5d6a9d1ef562f570a7b9  
2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm
 028c8012150d66f65b0386f1c1bc85a4  
2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm
 67aa7bdf0e24c48f005ffdb6d5f1ed36  
2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm
 0f2a7b4946894afa7e126f9deb17a7b7  
2007.1/i586/tetex-usrlocal-3.0-31.2mdv2007.1.i586.rpm
 e481bed4173177025ae1ec8736be5d00  
2007.1/i586/tetex-xdvi-3.0-31.2mdv2007.1.i586.rpm
 5840aff2d781d350c725cfa542bd1703  
2007.1/i586/xmltex-1.9-77.2mdv2007.1.i586.rpm 
 30fc9e3fdd1c57f5c3114ef62cd40206  2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 ca693fc97d8d06f649dbf6ce495065a2  
2007.1/x86_64/jadetex-3.12-129.2mdv2007.1.x86_64.rpm
 c80a9f1e9d46d70acb08d8ff1ba79b89  
2007.1/x86_64/tetex-3.0-31.2mdv2007.1.x86_64.rpm
 384fbbfe1f41516e186217f772be285f  
2007.1/x86_64/tetex-afm-3.0-31.2mdv2007.1.x86_64.rpm
 2cde2d3ca5867704be94ad810b98545c  
2007.1/x86_64/tetex-context-3.0-31.2mdv2007.1.x86_64.rpm
 4a967f6eb42973b60120978d5b6552d5  
2007.1/x86_64/tetex-devel-3.0-31.2mdv2007.1.x86_64.rpm
 b5b172dba480c0c8fb56bca4e0625983  
2007.1/x86_64/tetex-doc-3.0-31.2mdv2007.1.x86_64.rpm
 a874b50dfb6ca67b3fa5e8a39f0570c0  
2007.1/x86_64/tetex-dvilj-3.0-31.2mdv2007.1.x86_64.rpm
 84c44363e7fb26726cdb47c3645a3e4a  
2007.1/x86_64/tetex-dvipdfm-3.0-31.2mdv2007.1.x86_64.rpm
 71cea521a62bcd4a019a46808df86f50  
2007.1/x86_64/tetex-dvips-3.0-31.2mdv2007.1.x86_64.rpm
 f0e20e8eb0957621fef83b324d24ec6d  
2007.1/x86_64/tetex-latex-3.0-31.2mdv2007.1.x86_64.rpm
 52e972b6404156a84bd101acd972e7de  
2007.1/x86_64/tetex-mfwin-3.0-31.2mdv2007.1.x86_64.rpm
 d0c983661de367d9c3b5ef8641d65784  
2007.1/x86_64/tetex-texi2html-3.0-31.2mdv2007.1.x86_64.rpm
 b12db36bc90330c6ac09677bc9a4dadc  
2007.1/x86_64/tetex-usrlocal-3.0-31.2mdv2007.1.x86_64.rpm
 54d7c5622d0923ba8514e23e3d730c0b  
2007.1/x86_64/tetex-xdvi-3.0-31.2mdv2007.1.x86_64.rpm
 51d9d825e1826d8a4a2e35830b789d32  
2007.1/x86_64/xmltex-1.9-77.2mdv2007.1.x86_64.rpm 
 30fc9e3fdd1c57f5c3114ef62cd40206  2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

 Corporate 4.0:
 e599963f57bf4cbabcfa0bc5cd85361a  
corporate/4.0/i586/jadetex-3.12-110.5.20060mlcs4.i586.rpm
 3d51ae4ec1cb2d9257990de218735b7c  
corporate/4.0/i586/tetex-3.0-12.5.20060mlcs4.i586.rpm
 f54c81df83907d8465375ebf0cc0be51  
corporate/4.0/i586/tetex-afm-3.0-12.5.20060mlcs4.i586.rpm
 628d170cfd5848644efccc75e3c7b2ee  
corporate/4.0/i586/tetex-context-3.0-12.5.20060mlcs4.i586.rpm
 e8414063f9a970b11eb259e4f247d6a4  
corporate/4.0/i586/tetex-devel-3.0-12.5.20060mlcs4.i586.rpm
 766cadc5ead080da2714132785abbc2b  
corporate/4.0/i586/tetex-doc-3.0-12.5.20060mlcs4.i586.rpm
 a1a0d027f353f029eff92e44d1d380b2  
corporate/4.0/i586/tetex-dvilj-3.0-12.5.20060mlcs4.i586.rpm
 4878794c86296306e98e3083b0888da9  
corporate/4.0/i586/tetex-dvipdfm-3.0-12.5.20060mlcs4.i586.rpm
 13fded1d09028f0f6a09745dde2c9195  
corporate/4.0/i586/tetex-dvips-3.0-12.5.20060mlcs4.i586.rpm
 bf586503d8f18aeb0e4d039b0a5811ac  
corporate/4.0/i586/tetex-latex-3.0-12.5.20060mlcs4.i586.rpm
 6addfcd795b2760417bd6322b1e06161  
corporate/4.0/i586/tetex-mfwin-3.0-12.5.20060mlcs4.i586.rpm
 dadfda7a6b914a804ca9064f3ccd858b  
corporate/4.0/i586/tetex-texi2html-3.0-12.5.20060mlcs4.i586.rpm
 7d503c927bed3c8f4900bb63dc5fa1cb  
corporate/4.0/i586/tetex-xdvi-3.0-12.5.20060mlcs4.i586.rpm
 14abc9b3821b8fed85ccc324d2750464  
corporate/4.0/i586/xmltex-1.9-58.5.20060mlcs4.i586.rpm 
 6eeeae7b2e2a3f73041996ed6bb455b6  
corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 20945c9decacd27b855bbf1a234f51fe  
corporate/4.0/x86_64/jadetex-3.12-110.5.20060mlcs4.x86_64.rpm
 051d3485b5f89420dd2d88ec53307412  
corporate/4.0/x86_64/tetex-3.0-12.5.20060mlcs4.x86_64.rpm
 0e26a770001875de05795cbed4206a77  
corporate/4.0/x86_64/tetex-afm-3.0-12.5.20060mlcs4.x86_64.rpm
 d9fdf4240acec0a31dbc5e0c96887de5  
corporate/4.0/x86_64/tetex-context-3.0-12.5.20060mlcs4.x86_64.rpm
 428e660f5caf899f82a9f9aca31ed4a0  
corporate/4.0/x86_64/tetex-devel-3.0-12.5.20060mlcs4.x86_64.rpm
 51c6a7ed18b59d381156ffe1291cf4a5  
corporate/4.0/x86_64/tetex-doc-3.0-12.5.20060mlcs4.x86_64.rpm
 2f182feb9728673a4f97bfc60fb3e6fb  
corporate/4.0/x86_64/tetex-dvilj-3.0-12.5.20060mlcs4.x86_64.rpm
 9ae5269b4468ce485ad0488cabc2f91e  
corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.5.20060mlcs4.x86_64.rpm
 75b50d9c33d183728796d845b0f07c14  
corporate/4.0/x86_64/tetex-dvips-3.0-12.5.20060mlcs4.x86_64.rpm
 1f0454ee084c06cce0739937441e0487  
corporate/4.0/x86_64/tetex-latex-3.0-12.5.20060mlcs4.x86_64.rpm
 97a2f90d8e8f5f19fde44b25834af43b  
corporate/4.0/x86_64/tetex-mfwin-3.0-12.5.20060mlcs4.x86_64.rpm
 27b66f9466cf9ff3f4850fe0e6a412de  
corporate/4.0/x86_64/tetex-texi2html-3.0-12.5.20060mlcs4.x86_64.rpm
 9568e6f8b9efa04ea56b943dc1ac6383  
corporate/4.0/x86_64/tetex-xdvi-3.0-12.5.20060mlcs4.x86_64.rpm
 8672d507807a9f69cd8457ccaec313af  
corporate/4.0/x86_64/xmltex-1.9-58.5.20060mlcs4.x86_64.rpm 
 6eeeae7b2e2a3f73041996ed6bb455b6  
corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGcH29mqjQ0CJFipgRAtkAAJkBxXRe2D5sxrXM3DquTkeyiJa9NACeN+/g
YNHAIvisoAStqxxVjL2y0ks=
=eT9G
-----END PGP SIGNATURE-----