[SECURITY] Fedora 7 Test Update: tetex-3.0-40.3.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 15 03:46:15 UTC 2007


--------------------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-3390
2007-11-15 03:45:47.261711
--------------------------------------------------------------------------------

Name        : tetex
Product     : Fedora 7
Version     : 3.0
Release     : 40.3.fc7
URL         : http://www.tug.org/teTeX/
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly. The output format needn't to be DVI, but also PDF,
when using pdflatex or similar tools.

Install tetex if you want to use the TeX text formatting system. Consider
to install tetex-latex (a higher level formatting package which provides
an easier-to-use interface for TeX). Unless you are an expert at using TeX,
you should also install the tetex-doc package, which includes the
documentation for TeX.

--------------------------------------------------------------------------------
Update Information:

- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- xdvi won't segfault if DVI file contains character which
  is not present in font (#243630)
- fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591)
- fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 13 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40.3
- fix dvips -z buffer overflow with long href (#368591)
- fix insecure usage of temporary file in dviljk (#368611, #368641)
- update License and BuildRoot tags
* Thu Nov  8 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40.2
- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- xdvi won't segfault if DVI file contains character which
  is not present in font (#243630)
- enable compilation with ccache
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #352271 - CVE-2007-4033 t1lib font filename string overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=352271
  [ 2 ] Bug #345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
        https://bugzilla.redhat.com/show_bug.cgi?id=345121
  [ 3 ] Bug #243630 - segfault when opening a file
        https://bugzilla.redhat.com/show_bug.cgi?id=243630
  [ 4 ] Bug #368591 - CVE-2007-5935 dvips -z buffer overflow with long href
        https://bugzilla.redhat.com/show_bug.cgi?id=368591
  [ 5 ] Bug #368611 - CVE-2007-5936 dviljk uses insecure temporary file
        https://bugzilla.redhat.com/show_bug.cgi?id=368611
  [ 6 ] Bug #368641 - CVE-2007-5937 Multiple dviljk buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=368641
  [ 7 ] Bug #379831 - Multiple tetex vulnerabilities [f7]
        https://bugzilla.redhat.com/show_bug.cgi?id=379831
--------------------------------------------------------------------------------
Updated packages:

92ec51994b53edc8e5bec1d6e24f37dfd15b824a tetex-fonts-3.0-40.3.fc7.ppc64.rpm
14b9f243e57555a73b5ca9abab28eaec30e3611a tetex-debuginfo-3.0-40.3.fc7.ppc64.rpm
54f30190c56cf01590df10751fc967f3bd54bb8e tetex-dvips-3.0-40.3.fc7.ppc64.rpm
076f7676a21881db34266f12f4435f726bced44c tetex-doc-3.0-40.3.fc7.ppc64.rpm
c12626a843afa0401c58cae6c5079e4d7cda4281 tetex-3.0-40.3.fc7.ppc64.rpm
c66519d7c2552597860591181a2a63e135b00e2b tetex-xdvi-3.0-40.3.fc7.ppc64.rpm
cb5deb9cb217e5728994686b4c1884a221361db7 tetex-afm-3.0-40.3.fc7.ppc64.rpm
7a2cbdf5f15ba8bc2150b4c773bf246c191d7c8e tetex-latex-3.0-40.3.fc7.ppc64.rpm
8b3b50f4f1135c553f10b0638a2f2ae77361914f tetex-3.0-40.3.fc7.i386.rpm
bd136a00615670707d34409e9a6d72ea6846703e tetex-dvips-3.0-40.3.fc7.i386.rpm
49a9f95b46e9e11fc05a4efd0aa7136a498747b6 tetex-debuginfo-3.0-40.3.fc7.i386.rpm
c67e2d8c4f82bdc809a8add30fb437a74ad44ffb tetex-afm-3.0-40.3.fc7.i386.rpm
f019fbb16ebab2f4517ec55cb7ecbdc0eaaa2a56 tetex-xdvi-3.0-40.3.fc7.i386.rpm
dfad534b486ab736e19d9a1afd0b26a6866c7c05 tetex-fonts-3.0-40.3.fc7.i386.rpm
5620efb92ac5a5ae50904880c5f28b23cf9ecc10 tetex-doc-3.0-40.3.fc7.i386.rpm
84c1e84607bd609c911771f1979c2bdd1f7568be tetex-latex-3.0-40.3.fc7.i386.rpm
91ef6ab89a22364c8b31b3eac83a2d2a555ff798 tetex-dvips-3.0-40.3.fc7.x86_64.rpm
00ce83c8ca1e06828d8a32a1a20b244bb5aa250d tetex-xdvi-3.0-40.3.fc7.x86_64.rpm
0e32b9c0aae7be8112af55b0f1e24161c296a8d4 tetex-fonts-3.0-40.3.fc7.x86_64.rpm
c829c46f9a01f5a8601a814bfd029b7af55c837e tetex-3.0-40.3.fc7.x86_64.rpm
f32a8c23bcdeb7f35830dc63cf71a2167fadbc30 tetex-latex-3.0-40.3.fc7.x86_64.rpm
aa0e659c4b21b66142cbfc542172963ea76c0159 tetex-doc-3.0-40.3.fc7.x86_64.rpm
c7cd648093222dd693fbac0ac6eb52aca4337d35 tetex-debuginfo-3.0-40.3.fc7.x86_64.rpm
5ccbc52e7cf2c2cce429691311f67a6b68f9c94b tetex-afm-3.0-40.3.fc7.x86_64.rpm
02b0cdb15b2d9ebd1b9b6bafd5f82e18c2f5a839 tetex-3.0-40.3.fc7.ppc.rpm
e1807d74496afe75eb19cc3ee9ab8734de365579 tetex-afm-3.0-40.3.fc7.ppc.rpm
c57d07cc485d885ecd0b8d17021649ee986e5bff tetex-fonts-3.0-40.3.fc7.ppc.rpm
ad988ab99aa5e0a4e4fa5f82ee4d4433f27c6a3c tetex-debuginfo-3.0-40.3.fc7.ppc.rpm
ce452fc6f30dd9ebddf6692310e3f953c83d5fff tetex-dvips-3.0-40.3.fc7.ppc.rpm
36567cee8c863dffbb2f23dce6c0a8def2bba2c8 tetex-latex-3.0-40.3.fc7.ppc.rpm
188517c735b51e2b97bd344941e391c804d1ef18 tetex-doc-3.0-40.3.fc7.ppc.rpm
9e187f8cf6ee5f1a365ab324ca805321aa3bd9e5 tetex-xdvi-3.0-40.3.fc7.ppc.rpm
5c9ea1ce583d691151bb2317af36b0f6ef7c6197 tetex-3.0-40.3.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum --enablerepo=updates-testing update tetex' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the test mailing list