|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 207-1 (tetex-bin)|
|Summary:||Debian Security Advisory DSA 207-1 (tetex-bin)|
|Description:||The remote host is missing an update to tetex-bin|
announced via advisory DSA 207-1.
The SuSE security team discovered a vulnerability in kpathsea library
(libkpathsea) which is used by xdvi and dvips. Both programs call the
system() function insecurely, which allows a remote attacker to
execute arbitrary commands via cleverly crafted DVI files.
If dvips is used in a print filter, this allows a local or remote
attacker with print permission execute arbitrary code as the printer
user (usually lp).
This problem has been fixed in version 1.0.7+20011202-7.1for the
current stable distribution (woody), in version 1.0.6-7.3 for the old
stable distribution (potato) and in version 1.0.7+20021025-4 for the
unstable distribution (sid). xdvik-ja and dvipsk-ja are vulnerable as
well, but link to the kpathsea library dynamically and will
automatically be fixed after a new libkpathsea is installed.
We recommend that you upgrade your tetex-lib package immediately.
BugTraq ID: 5978|
Common Vulnerability Exposure (CVE) ID: CVE-2002-0836
Debian Security Information: DSA-207 (Google Search)
Bugtraq: 20021018 GLSA: tetex (Google Search)
Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search)
Conectiva Linux advisory: CLA-2002:537
HPdes Security Advisory: HPSBTL0210-073
CERT/CC vulnerability note: VU#169841
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.