ID de Prueba:	1.3.6.1.4.1.25623.1.0.67365
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0401
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0401. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0401.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5935 BugTraq ID: 26469 http://www.securityfocus.com/bid/26469 Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search) http://www.securityfocus.com/archive/1/487984/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html http://security.gentoo.org/glsa/glsa-200711-26.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 https://bugzilla.redhat.com/show_bug.cgi?id=368591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311 http://www.securitytracker.com/id?1019058 http://secunia.com/advisories/27672 http://secunia.com/advisories/27686 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/27967 http://secunia.com/advisories/28107 http://secunia.com/advisories/28412 http://secunia.com/advisories/30168 SuSE Security Announcement: SUSE-SR:2008:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html https://usn.ubuntu.com/554-1/ http://www.vupen.com/english/advisories/2007/3896 Common Vulnerability Exposure (CVE) ID: CVE-2009-0791 1022326 http://securitytracker.com/id?1022326 35195 http://www.securityfocus.com/bid/35195 35340 http://secunia.com/advisories/35340 35685 http://secunia.com/advisories/35685 37023 http://secunia.com/advisories/37023 37028 http://secunia.com/advisories/37028 37037 http://secunia.com/advisories/37037 37043 http://secunia.com/advisories/37043 37077 http://secunia.com/advisories/37077 37079 http://secunia.com/advisories/37079 ADV-2009-1488 http://www.vupen.com/english/advisories/2009/1488 ADV-2009-2928 http://www.vupen.com/english/advisories/2009/2928 MDVSA-2009:334 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 RHSA-2009:1083 http://www.redhat.com/support/errata/RHSA-2009-1083.html RHSA-2009:1500 https://rhn.redhat.com/errata/RHSA-2009-1500.html RHSA-2009:1501 https://rhn.redhat.com/errata/RHSA-2009-1501.html RHSA-2009:1502 https://rhn.redhat.com/errata/RHSA-2009-1502.html RHSA-2009:1503 https://rhn.redhat.com/errata/RHSA-2009-1503.html RHSA-2009:1512 https://rhn.redhat.com/errata/RHSA-2009-1512.html SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html cups-pdftops-filter-bo(50941) https://exchange.xforce.ibmcloud.com/vulnerabilities/50941 https://bugzilla.redhat.com/show_bug.cgi?id=491840 oval:org.mitre.oval:def:10534 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534 Common Vulnerability Exposure (CVE) ID: CVE-2009-3609 1021706 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 1023029 http://securitytracker.com/id?1023029 274030 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 36703 http://www.securityfocus.com/bid/36703 37034 http://secunia.com/advisories/37034 37051 http://secunia.com/advisories/37051 37054 http://secunia.com/advisories/37054 37061 http://secunia.com/advisories/37061 37114 http://secunia.com/advisories/37114 37159 http://secunia.com/advisories/37159 39327 http://secunia.com/advisories/39327 39938 http://secunia.com/advisories/39938 ADV-2009-2924 http://www.vupen.com/english/advisories/2009/2924 ADV-2009-2925 http://www.vupen.com/english/advisories/2009/2925 ADV-2009-2926 http://www.vupen.com/english/advisories/2009/2926 ADV-2010-0802 http://www.vupen.com/english/advisories/2010/0802 ADV-2010-1220 http://www.vupen.com/english/advisories/2010/1220 DSA-2028 http://www.debian.org/security/2010/dsa-2028 DSA-2050 http://www.debian.org/security/2010/dsa-2050 FEDORA-2009-10823 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html FEDORA-2009-10845 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html FEDORA-2010-1377 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html FEDORA-2010-1805 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html FEDORA-2010-1842 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html MDVSA-2009:287 http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 MDVSA-2011:175 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 RHSA-2009:1504 https://rhn.redhat.com/errata/RHSA-2009-1504.html RHSA-2009:1513 https://rhn.redhat.com/errata/RHSA-2009-1513.html RHSA-2010:0755 http://www.redhat.com/support/errata/RHSA-2010-0755.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-850-1 http://www.ubuntu.com/usn/USN-850-1 USN-850-3 http://www.ubuntu.com/usn/USN-850-3 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://poppler.freedesktop.org/ https://bugzilla.redhat.com/show_bug.cgi?id=526893 oval:org.mitre.oval:def:11043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 oval:org.mitre.oval:def:8134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 xpdf-imagestream-dos(53800) https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 Common Vulnerability Exposure (CVE) ID: CVE-2010-0739 39390 http://secunia.com/advisories/39390 39500 http://www.securityfocus.com/bid/39500 FEDORA-2010-8273 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html GLSA-201206-28 http://security.gentoo.org/glsa/glsa-201206-28.xml SUSE-SR:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SUSE-SR:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html USN-937-1 http://www.ubuntu.com/usn/USN-937-1 http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch https://bugzilla.redhat.com/show_bug.cgi?id=572941 oval:org.mitre.oval:def:11468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468 Common Vulnerability Exposure (CVE) ID: CVE-2010-0827 BugTraq ID: 39971 http://www.securityfocus.com/bid/39971 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2010-1440 https://bugzilla.redhat.com/show_bug.cgi?id=586819 oval:org.mitre.oval:def:10068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.