[SECURITY] Fedora 12 Update: texlive-2007-48.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Tue May 18 21:49:45 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8242
2010-05-10 16:32:12
--------------------------------------------------------------------------------
Name : texlive
Product : Fedora 12
Version : 2007
Release : 48.fc12
URL : http://tug.org/texlive/
Summary : Binaries for the TeX formatting system
Description :
TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
printable file as output. Usually, TeX is used in conjunction with
a higher level formatting package like LaTeX or PlainTeX, since TeX by
itself is not very user-friendly.
Install texlive if you want to use the TeX text formatting system. Consider
to install texlive-latex (a higher level formatting package which provides
an easier-to-use interface for TeX).
The TeX documentation is located in the texlive-doc package.
--------------------------------------------------------------------------------
Update Information:
Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 * adds
missing defattr to filelists * fixes directory ownership of
/var/lib/texmf/web2c * uses official tarball for jpatch * fixes post/postun
scriptlets
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 10 2010 Jindrich Novy <jnovy at redhat.com> 2007-48
- fix CVE-2010-0739 and CVE-2010-1440 (#584795)
- fix CVE-2010-0829 (#589607)
- add missing defattr to filelists
- fix directory ownership of /var/lib/texmf/web2c (#512459)
- use official tarball for jpatch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
https://bugzilla.redhat.com/show_bug.cgi?id=572941
[ 2 ] Bug #586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands
https://bugzilla.redhat.com/show_bug.cgi?id=586819
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update texlive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list