Test ID:	1.3.6.1.4.1.25623.1.0.58387
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:109 (tetex)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tetex announced via advisory MDKSA-2007:109. Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue (CVE-2007-0455). A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename (CVE-2007-0650). The updated packages have been patched to prevent these issues. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:109 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0455 2007-0007 http://www.trustix.org/errata/2007/0007 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql http://www.securityfocus.com/archive/1/466166/100/0/threaded 22289 http://www.securityfocus.com/bid/22289 23916 http://secunia.com/advisories/23916 24022 http://secunia.com/advisories/24022 24052 http://secunia.com/advisories/24052 24053 http://secunia.com/advisories/24053 24107 http://secunia.com/advisories/24107 24143 http://secunia.com/advisories/24143 24151 http://secunia.com/advisories/24151 24924 http://secunia.com/advisories/24924 24945 http://secunia.com/advisories/24945 24965 http://secunia.com/advisories/24965 25575 http://secunia.com/advisories/25575 29157 http://secunia.com/advisories/29157 42813 http://secunia.com/advisories/42813 ADV-2007-0400 http://www.vupen.com/english/advisories/2007/0400 ADV-2011-0022 http://www.vupen.com/english/advisories/2011/0022 FEDORA-2007-150 http://fedoranews.org/cms/node/2631 FEDORA-2010-19022 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html FEDORA-2010-19033 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 MDKSA-2007:109 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 RHSA-2007:0153 http://www.redhat.com/support/errata/RHSA-2007-0153.html RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html RHSA-2007:0162 http://www.redhat.com/support/errata/RHSA-2007-0162.html RHSA-2008:0146 http://www.redhat.com/support/errata/RHSA-2008-0146.html USN-473-1 http://www.ubuntu.com/usn/usn-473-1 [security-announce] 20070208 rPSA-2007-0028-1 gd http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 https://issues.rpath.com/browse/RPL-1030 https://issues.rpath.com/browse/RPL-1268 oval:org.mitre.oval:def:11303 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 Common Vulnerability Exposure (CVE) ID: CVE-2007-0650 BugTraq ID: 23872 http://www.securityfocus.com/bid/23872 http://security.gentoo.org/glsa/glsa-200709-17.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://secunia.com/advisories/26982 http://secunia.com/advisories/30168 http://www.vupen.com/english/advisories/2007/1706 XForce ISS Database: tetex-makeindex-opensty-bo(32284) https://exchange.xforce.ibmcloud.com/vulnerabilities/32284
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.