Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59974
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-554-1 (texlive-bin)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to texlive-bin
announced via advisory USN-554-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)

Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)

Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
tetex-bin 3.0-13ubuntu6.1

Ubuntu 6.10:
tetex-bin 3.0-17ubuntu2.1

Ubuntu 7.04:
tetex-bin 3.0-27ubuntu1.2

Ubuntu 7.10:
texlive-extra-utils 2007-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-554-1

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5935
BugTraq ID: 26469
http://www.securityfocus.com/bid/26469
Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search)
http://www.securityfocus.com/archive/1/487984/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
http://security.gentoo.org/glsa/glsa-200711-26.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
https://bugzilla.redhat.com/show_bug.cgi?id=368591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
http://www.securitytracker.com/id?1019058
http://secunia.com/advisories/27672
http://secunia.com/advisories/27686
http://secunia.com/advisories/27718
http://secunia.com/advisories/27743
http://secunia.com/advisories/27967
http://secunia.com/advisories/28107
http://secunia.com/advisories/28412
http://secunia.com/advisories/30168
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
https://usn.ubuntu.com/554-1/
http://www.vupen.com/english/advisories/2007/3896
Common Vulnerability Exposure (CVE) ID: CVE-2007-5936
http://bugs.gentoo.org/attachment.cgi?id=135423
http://osvdb.org/42238
Common Vulnerability Exposure (CVE) ID: CVE-2007-5937
Common Vulnerability Exposure (CVE) ID: CVE-2007-5497
BugTraq ID: 26772
http://www.securityfocus.com/bid/26772
Bugtraq: 20080212 FLEA-2008-0005-1 e2fsprogs (Google Search)
http://www.securityfocus.com/archive/1/487999/100/0/threaded
Bugtraq: 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package (Google Search)
http://www.securityfocus.com/archive/1/489082/100/0/threaded
Debian Security Information: DSA-1422 (Google Search)
http://www.debian.org/security/2007/dsa-1422
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html
HPdes Security Advisory: HPSBMA02554
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
HPdes Security Advisory: SSRT100018
http://www.mandriva.com/security/advisories?name=MDKSA-2007:242
http://lists.vmware.com/pipermail/security-announce/2008/000007.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10399
http://www.redhat.com/support/errata/RHSA-2008-0003.html
http://www.securitytracker.com/id?1019537
http://secunia.com/advisories/27889
http://secunia.com/advisories/27965
http://secunia.com/advisories/27987
http://secunia.com/advisories/28000
http://secunia.com/advisories/28030
http://secunia.com/advisories/28042
http://secunia.com/advisories/28360
http://secunia.com/advisories/28541
http://secunia.com/advisories/28648
http://secunia.com/advisories/29224
http://secunia.com/advisories/32774
http://secunia.com/advisories/40551
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://www.ubuntu.com/usn/usn-555-1
http://www.vupen.com/english/advisories/2007/4135
http://www.vupen.com/english/advisories/2008/0761
http://www.vupen.com/english/advisories/2010/1796
XForce ISS Database: e2fsprogs-libext2fs-integer-overflow(38903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38903
Common Vulnerability Exposure (CVE) ID: CVE-2007-5939
BugTraq ID: 26758
http://www.securityfocus.com/bid/26758
http://marc.info/?l=full-disclosure&m=119704362903699&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
http://osvdb.org/44750
http://securitytracker.com/id?1019057
Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/488971/100/0/threaded
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27800
http://secunia.com/advisories/27816
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/27855
http://secunia.com/advisories/27944
http://secunia.com/advisories/27955
http://secunia.com/advisories/27957
http://secunia.com/advisories/27979
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/28398
http://secunia.com/advisories/29164
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
https://usn.ubuntu.com/546-1/
http://www.ubuntu.com/usn/usn-546-2
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: firefox-jar-uri-xss(38356)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
BugTraq ID: 26593
http://www.securityfocus.com/bid/26593
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11014
http://securitytracker.com/id?1018994
http://secunia.com/advisories/27725
XForce ISS Database: mozilla-multiple-memcorrupt-code-execution(38643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38643
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
BugTraq ID: 26589
http://www.securityfocus.com/bid/26589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
http://securitytracker.com/id?1018995
XForce ISS Database: mozilla-http-referer-spoofing(38644)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
Common Vulnerability Exposure (CVE) ID: CVE-2007-5491
BugTraq ID: 26126
http://www.securityfocus.com/bid/26126
Debian Security Information: DSA-1423 (Google Search)
http://www.debian.org/security/2007/dsa-1423
http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
http://secunia.com/advisories/27503
http://secunia.com/advisories/28008
http://www.vupen.com/english/advisories/2007/3768
Common Vulnerability Exposure (CVE) ID: CVE-2007-5492
Bugtraq: 20071018 Serious holes affecting SiteBar 3.3.8 (Google Search)
http://www.securityfocus.com/archive/1/482499/100/0/threaded
http://osvdb.org/43760
Common Vulnerability Exposure (CVE) ID: CVE-2007-5693
http://osvdb.org/43604
http://securityreason.com/securityalert/3318
Common Vulnerability Exposure (CVE) ID: CVE-2007-5694
http://osvdb.org/41110
Common Vulnerability Exposure (CVE) ID: CVE-2007-5695
http://osvdb.org/41581
Common Vulnerability Exposure (CVE) ID: CVE-2007-5692
http://osvdb.org/41355
http://osvdb.org/41356
http://osvdb.org/41357
http://osvdb.org/41358
http://osvdb.org/41359
Common Vulnerability Exposure (CVE) ID: CVE-2007-4135
BugTraq ID: 26767
http://www.securityfocus.com/bid/26767
http://www.mandriva.com/security/advisories?name=MDKSA-2007:240
http://osvdb.org/45825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864
http://www.redhat.com/support/errata/RHSA-2007-0951.html
http://secunia.com/advisories/26674
http://secunia.com/advisories/27043
SuSE Security Announcement: SUSE-SR:2007:018 (Google Search)
http://www.novell.com/linux/security/advisories/2007_18_sr.html
XForce ISS Database: nfsv4-idmapper-uid-unspecified(36396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36396
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.