 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.870740 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for texlive RHSA-2012:0137-01 |
| Resumen: | The remote host is missing an update for the 'texlive'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'texlive' package(s) announced via the referenced advisory. Vulnerability Insight: TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. (CVE-2011-1552) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of texlive are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: texlive on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2642 BugTraq ID: 45678 http://www.securityfocus.com/bid/45678 Debian Security Information: DSA-2357 (Google Search) http://www.debian.org/security/2011/dsa-2357 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html https://security.gentoo.org/glsa/201701-57 http://lists.mandriva.com/security-announce/2011-01/msg00006.php http://www.mandriva.com/security/advisories?name=MDVSA-2011:016 http://www.mandriva.com/security/advisories?name=MDVSA-2011:017 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 http://www.redhat.com/support/errata/RHSA-2011-0009.html RedHat Security Advisories: RHSA-2012:1201 http://rhn.redhat.com/errata/RHSA-2012-1201.html http://www.securitytracker.com/id?1024937 http://secunia.com/advisories/42769 http://secunia.com/advisories/42821 http://secunia.com/advisories/42847 http://secunia.com/advisories/42872 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.ubuntu.com/usn/USN-1035-1 http://www.vupen.com/english/advisories/2011/0029 http://www.vupen.com/english/advisories/2011/0043 http://www.vupen.com/english/advisories/2011/0056 http://www.vupen.com/english/advisories/2011/0097 http://www.vupen.com/english/advisories/2011/0102 http://www.vupen.com/english/advisories/2011/0193 http://www.vupen.com/english/advisories/2011/0194 Common Vulnerability Exposure (CVE) ID: CVE-2011-0433 http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/ http://secunia.com/advisories/48985 Common Vulnerability Exposure (CVE) ID: CVE-2011-0764 BugTraq ID: 46941 http://www.securityfocus.com/bid/46941 Bugtraq: 20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution (Google Search) http://www.securityfocus.com/archive/1/517205/100/0/threaded CERT/CC vulnerability note: VU#376500 http://www.kb.cert.org/vuls/id/376500 http://www.mandriva.com/security/advisories?name=MDVSA-2012:002 http://www.toucan-system.com/advisories/tssa-2011-01.txt http://securitytracker.com/id?1025266 http://secunia.com/advisories/43823 http://secunia.com/advisories/47347 http://securityreason.com/securityalert/8171 http://www.ubuntu.com/usn/USN-1316-1 http://www.vupen.com/english/advisories/2011/0728 XForce ISS Database: xpdf-t1lib-code-execution(66208) https://exchange.xforce.ibmcloud.com/vulnerabilities/66208 Common Vulnerability Exposure (CVE) ID: CVE-2011-1552 Common Vulnerability Exposure (CVE) ID: CVE-2011-1553 Common Vulnerability Exposure (CVE) ID: CVE-2011-1554 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |