Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51986
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:354
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:354.

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.

A number of security flaws have been found affecting libraries used
internally within teTeX. An attacker who has the ability to trick a user
into processing a malicious file with teTeX could cause teTeX to crash or
possibly execute arbitrary code.

A number of integer overflow bugs that affect Xpdf were discovered. The
teTeX package contains a copy of the Xpdf code used for parsing PDF files
and is therefore affected by these bugs. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and
CVE-2004-1125 to these issues.

A number of integer overflow bugs that affect libtiff were discovered. The
teTeX package contains an internal copy of libtiff used for parsing TIFF
image files and is therefore affected by these bugs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues.

Also latex2html is added to package tetex-latex for 64bit platforms.

Users of teTeX should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-354.html

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.info/?l=bugtraq&m=109778785107450&w=2
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://scary.beasts.org/security/CESA-2004-006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://secunia.com/advisories/12818
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
XForce ISS Database: libtiff-library-decoding-bo(17703)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
CERT/CC vulnerability note: VU#555304
http://www.kb.cert.org/vuls/id/555304
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
XForce ISS Database: libtiff-dos(17755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://marc.info/?l=bugtraq&m=109779465621929&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
http://securitytracker.com/id?1011674
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: libtiff-bo(17715)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715
Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
BugTraq ID: 11501
http://www.securityfocus.com/bid/11501
Conectiva Linux advisory: CLA-2004:886
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
Debian Security Information: DSA-573 (Google Search)
http://www.debian.org/security/2004/dsa-573
Debian Security Information: DSA-581 (Google Search)
http://www.debian.org/security/2004/dsa-581
Debian Security Information: DSA-599 (Google Search)
http://www.debian.org/security/2004/dsa-599
http://marc.info/?l=bugtraq&m=110815379627883&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2353
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
http://www.redhat.com/support/errata/RHSA-2004-543.html
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
http://marc.info/?l=bugtraq&m=109880927526773&w=2
https://www.ubuntu.com/usn/usn-9-1/
XForce ISS Database: xpdf-pdf-bo(17818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818
Common Vulnerability Exposure (CVE) ID: CVE-2004-1125
BugTraq ID: 12070
http://www.securityfocus.com/bid/12070
Bugtraq: 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability (Google Search)
http://marc.info/?t=110378596500001&r=1&w=2
Conectiva Linux advisory: CLA-2005:921
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
https://bugzilla.fedora.us/show_bug.cgi?id=2352
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-018.html
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.redhat.com/support/errata/RHSA-2005-057.html
SCO Security Bulletin: SCOSA-2005.42
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://securitytracker.com/id?1012646
http://secunia.com/advisories/17277
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
https://usn.ubuntu.com/50-1/
XForce ISS Database: xpdf-gfx-doimage-bo(18641)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.