[ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:124
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tetex
Date : June 13, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
A flaw in libgd2 was found by Xavier Roche where it would not correctly
validate PNG callback results. If an application linked against
libgd2 was tricked into processing a specially-crafted PNG file, it
could cause a denial of service scenario via CPU resource consumption.
Tetex uses an embedded copy of the gd source and may also be affected
by this issue.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
2e8c2ac6ad83cc072b76787be3d15299
2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm
957a3160ce764d40e12e6017130a6332 2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm
e6f1f57c2aab41833f5a2f4a46356144
2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm
8c6e7772152cfa5ebe14cef82e9c8886
2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm
94be356439d6932788d9f7550e9206d5
2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm
cd5db61b9bfd3e644efd262de24e84c5
2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm
846e037efab3a20fe81c1be5a5cbbfc0
2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm
33c7aa750310bfda386768f9e7f8055d
2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm
08db04b936e7d91644f21b54a423bcff
2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm
5bc245e88f789ded24c3b2c36740d24a
2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm
bb90c0b9833a35c31450f43149a5b076
2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm
dba9384f7d839111cacaee7511e080ed
2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm
626eb3c0c5f18540e14c25b098e882e5
2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm
468a678c98a37047027dc813274004ce
2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm
f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ce0d6de4ce859af079ffe3afc49c05bf
2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm
4b2e945b215737269c192a6fbcf838b6
2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm
1673d2571a84c29b58385e02eb3bd6c3
2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm
60ca25d92303c6864a50559098c1b601
2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm
91d962afd5f258ab72c5ef2ab6bdfa1a
2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm
2c186f216f86f43920ad9904d28e3e0f
2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm
4d6ea1b35f033e1cd27d1d61393a0196
2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm
e4fc1eda06c96d9f72ec0415099d6094
2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm
a4daeeb22f0e9de15893df0d2b49614d
2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm
051377331be602aee494c41d7858b8a8
2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm
e341788602e2239080c80c111bc23d52
2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm
6486e09c3be46503b597666819f2dcb3
2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm
fe18bf6f511d0a8af4a52f8970102fcb
2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm
9b018058b8cae68e65228a151a849603
2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm
f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
50048a669bb05f151efa42105f43fb9c
2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm
e29de9eb213eb8b94539a1e3d6a22db9 2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm
81ca9f7536b997c3793df222442fb519
2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm
9659b9e7a5b8530c49cc9ceb40a32f18
2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm
2ba7ea077768d4c82351656578c984eb
2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm
6ea801e052eab5a1bd6258c08b6c8268
2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm
16160a0300b7a80c131a161fee536ccb
2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm
8fb693d4715e914d85d4ef97f57c91f8
2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm
bc1ad2d54861f6b447e6205024f7e52f
2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm
f672d69f2edb5d6a9d1ef562f570a7b9
2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm
028c8012150d66f65b0386f1c1bc85a4
2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm
67aa7bdf0e24c48f005ffdb6d5f1ed36
2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm
0f2a7b4946894afa7e126f9deb17a7b7
2007.1/i586/tetex-usrlocal-3.0-31.2mdv2007.1.i586.rpm
e481bed4173177025ae1ec8736be5d00
2007.1/i586/tetex-xdvi-3.0-31.2mdv2007.1.i586.rpm
5840aff2d781d350c725cfa542bd1703
2007.1/i586/xmltex-1.9-77.2mdv2007.1.i586.rpm
30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
ca693fc97d8d06f649dbf6ce495065a2
2007.1/x86_64/jadetex-3.12-129.2mdv2007.1.x86_64.rpm
c80a9f1e9d46d70acb08d8ff1ba79b89
2007.1/x86_64/tetex-3.0-31.2mdv2007.1.x86_64.rpm
384fbbfe1f41516e186217f772be285f
2007.1/x86_64/tetex-afm-3.0-31.2mdv2007.1.x86_64.rpm
2cde2d3ca5867704be94ad810b98545c
2007.1/x86_64/tetex-context-3.0-31.2mdv2007.1.x86_64.rpm
4a967f6eb42973b60120978d5b6552d5
2007.1/x86_64/tetex-devel-3.0-31.2mdv2007.1.x86_64.rpm
b5b172dba480c0c8fb56bca4e0625983
2007.1/x86_64/tetex-doc-3.0-31.2mdv2007.1.x86_64.rpm
a874b50dfb6ca67b3fa5e8a39f0570c0
2007.1/x86_64/tetex-dvilj-3.0-31.2mdv2007.1.x86_64.rpm
84c44363e7fb26726cdb47c3645a3e4a
2007.1/x86_64/tetex-dvipdfm-3.0-31.2mdv2007.1.x86_64.rpm
71cea521a62bcd4a019a46808df86f50
2007.1/x86_64/tetex-dvips-3.0-31.2mdv2007.1.x86_64.rpm
f0e20e8eb0957621fef83b324d24ec6d
2007.1/x86_64/tetex-latex-3.0-31.2mdv2007.1.x86_64.rpm
52e972b6404156a84bd101acd972e7de
2007.1/x86_64/tetex-mfwin-3.0-31.2mdv2007.1.x86_64.rpm
d0c983661de367d9c3b5ef8641d65784
2007.1/x86_64/tetex-texi2html-3.0-31.2mdv2007.1.x86_64.rpm
b12db36bc90330c6ac09677bc9a4dadc
2007.1/x86_64/tetex-usrlocal-3.0-31.2mdv2007.1.x86_64.rpm
54d7c5622d0923ba8514e23e3d730c0b
2007.1/x86_64/tetex-xdvi-3.0-31.2mdv2007.1.x86_64.rpm
51d9d825e1826d8a4a2e35830b789d32
2007.1/x86_64/xmltex-1.9-77.2mdv2007.1.x86_64.rpm
30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm
Corporate 4.0:
e599963f57bf4cbabcfa0bc5cd85361a
corporate/4.0/i586/jadetex-3.12-110.5.20060mlcs4.i586.rpm
3d51ae4ec1cb2d9257990de218735b7c
corporate/4.0/i586/tetex-3.0-12.5.20060mlcs4.i586.rpm
f54c81df83907d8465375ebf0cc0be51
corporate/4.0/i586/tetex-afm-3.0-12.5.20060mlcs4.i586.rpm
628d170cfd5848644efccc75e3c7b2ee
corporate/4.0/i586/tetex-context-3.0-12.5.20060mlcs4.i586.rpm
e8414063f9a970b11eb259e4f247d6a4
corporate/4.0/i586/tetex-devel-3.0-12.5.20060mlcs4.i586.rpm
766cadc5ead080da2714132785abbc2b
corporate/4.0/i586/tetex-doc-3.0-12.5.20060mlcs4.i586.rpm
a1a0d027f353f029eff92e44d1d380b2
corporate/4.0/i586/tetex-dvilj-3.0-12.5.20060mlcs4.i586.rpm
4878794c86296306e98e3083b0888da9
corporate/4.0/i586/tetex-dvipdfm-3.0-12.5.20060mlcs4.i586.rpm
13fded1d09028f0f6a09745dde2c9195
corporate/4.0/i586/tetex-dvips-3.0-12.5.20060mlcs4.i586.rpm
bf586503d8f18aeb0e4d039b0a5811ac
corporate/4.0/i586/tetex-latex-3.0-12.5.20060mlcs4.i586.rpm
6addfcd795b2760417bd6322b1e06161
corporate/4.0/i586/tetex-mfwin-3.0-12.5.20060mlcs4.i586.rpm
dadfda7a6b914a804ca9064f3ccd858b
corporate/4.0/i586/tetex-texi2html-3.0-12.5.20060mlcs4.i586.rpm
7d503c927bed3c8f4900bb63dc5fa1cb
corporate/4.0/i586/tetex-xdvi-3.0-12.5.20060mlcs4.i586.rpm
14abc9b3821b8fed85ccc324d2750464
corporate/4.0/i586/xmltex-1.9-58.5.20060mlcs4.i586.rpm
6eeeae7b2e2a3f73041996ed6bb455b6
corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
20945c9decacd27b855bbf1a234f51fe
corporate/4.0/x86_64/jadetex-3.12-110.5.20060mlcs4.x86_64.rpm
051d3485b5f89420dd2d88ec53307412
corporate/4.0/x86_64/tetex-3.0-12.5.20060mlcs4.x86_64.rpm
0e26a770001875de05795cbed4206a77
corporate/4.0/x86_64/tetex-afm-3.0-12.5.20060mlcs4.x86_64.rpm
d9fdf4240acec0a31dbc5e0c96887de5
corporate/4.0/x86_64/tetex-context-3.0-12.5.20060mlcs4.x86_64.rpm
428e660f5caf899f82a9f9aca31ed4a0
corporate/4.0/x86_64/tetex-devel-3.0-12.5.20060mlcs4.x86_64.rpm
51c6a7ed18b59d381156ffe1291cf4a5
corporate/4.0/x86_64/tetex-doc-3.0-12.5.20060mlcs4.x86_64.rpm
2f182feb9728673a4f97bfc60fb3e6fb
corporate/4.0/x86_64/tetex-dvilj-3.0-12.5.20060mlcs4.x86_64.rpm
9ae5269b4468ce485ad0488cabc2f91e
corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.5.20060mlcs4.x86_64.rpm
75b50d9c33d183728796d845b0f07c14
corporate/4.0/x86_64/tetex-dvips-3.0-12.5.20060mlcs4.x86_64.rpm
1f0454ee084c06cce0739937441e0487
corporate/4.0/x86_64/tetex-latex-3.0-12.5.20060mlcs4.x86_64.rpm
97a2f90d8e8f5f19fde44b25834af43b
corporate/4.0/x86_64/tetex-mfwin-3.0-12.5.20060mlcs4.x86_64.rpm
27b66f9466cf9ff3f4850fe0e6a412de
corporate/4.0/x86_64/tetex-texi2html-3.0-12.5.20060mlcs4.x86_64.rpm
9568e6f8b9efa04ea56b943dc1ac6383
corporate/4.0/x86_64/tetex-xdvi-3.0-12.5.20060mlcs4.x86_64.rpm
8672d507807a9f69cd8457ccaec313af
corporate/4.0/x86_64/xmltex-1.9-58.5.20060mlcs4.x86_64.rpm
6eeeae7b2e2a3f73041996ed6bb455b6
corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGcH29mqjQ0CJFipgRAtkAAJkBxXRe2D5sxrXM3DquTkeyiJa9NACeN+/g
YNHAIvisoAStqxxVjL2y0ks=
=eT9G
-----END PGP SIGNATURE-----