[tetex] Multiple vulnerabilities possibly allowing to execute arbitrary code or overwrite arbitrary files
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tetex-bin (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Bug Description
Binary package hint: tetex-bin
References:
http://
"Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).
[...]
A remote attacker could entice a user to process a specially crafted DVI or PDF file which could lead to the execution of arbitrary code with the privileges of the user running the application. A local attacker could exploit the "dvilj" vulnerability to conduct a symlink attack to overwrite arbitrary files."
Since according to packages.ubuntu.com some parts of tetex are part of Ubuntu's main component, I shamelessly copied over Gentoo's GLSA.
| disabled.user (disabled.user-deactivatedaccount) wrote | #1 |
| Changed in tetex-bin: | |
| assignee: | nobody → jamie-strandboge |
| status: | New → Triaged |
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in tetex-bin: | |
| status: | Triaged → Fix Released |
Adding CVE references mentioned in MDKSA-2007:230
(http://