[SECURITY] Fedora 12 Update: texlive-2007-48.fc12

updates at fedoraproject.org updates at fedoraproject.org
Tue May 18 21:49:45 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8242
2010-05-10 16:32:12
--------------------------------------------------------------------------------

Name        : texlive
Product     : Fedora 12
Version     : 2007
Release     : 48.fc12
URL         : http://tug.org/texlive/
Summary     : Binaries for the TeX formatting system
Description :
TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
printable file as output. Usually, TeX is used in conjunction with
a higher level formatting package like LaTeX or PlainTeX, since TeX by
itself is not very user-friendly.

Install texlive if you want to use the TeX text formatting system. Consider
to install texlive-latex (a higher level formatting package which provides
an easier-to-use interface for TeX).

The TeX documentation is located in the texlive-doc package.

--------------------------------------------------------------------------------
Update Information:

Changes in this update:  * fixes for CVE-2010-0739 and CVE-2010-1440  * adds
missing defattr to filelists  * fixes directory ownership of
/var/lib/texmf/web2c  * uses official tarball for jpatch  * fixes post/postun
scriptlets
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 10 2010 Jindrich Novy <jnovy at redhat.com> 2007-48
- fix CVE-2010-0739 and CVE-2010-1440 (#584795)
- fix CVE-2010-0829 (#589607)
- add missing defattr to filelists
- fix directory ownership of /var/lib/texmf/web2c (#512459)
- use official tarball for jpatch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
        https://bugzilla.redhat.com/show_bug.cgi?id=572941
  [ 2 ] Bug #586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands
        https://bugzilla.redhat.com/show_bug.cgi?id=586819
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update texlive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list