English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59974
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-554-1 (texlive-bin)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to texlive-bin
announced via advisory USN-554-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)

Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)

Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
tetex-bin 3.0-13ubuntu6.1

Ubuntu 6.10:
tetex-bin 3.0-17ubuntu2.1

Ubuntu 7.04:
tetex-bin 3.0-27ubuntu1.2

Ubuntu 7.10:
texlive-extra-utils 2007-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-554-1

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5935
BugTraq ID: 26469
http://www.securityfocus.com/bid/26469
Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search)
http://www.securityfocus.com/archive/1/487984/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
http://security.gentoo.org/glsa/glsa-200711-26.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
https://bugzilla.redhat.com/show_bug.cgi?id=368591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
http://www.securitytracker.com/id?1019058
http://secunia.com/advisories/27672
http://secunia.com/advisories/27686
http://secunia.com/advisories/27718
http://secunia.com/advisories/27743
http://secunia.com/advisories/27967
http://secunia.com/advisories/28107
http://secunia.com/advisories/28412
http://secunia.com/advisories/30168
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
https://usn.ubuntu.com/554-1/
http://www.vupen.com/english/advisories/2007/3896
Common Vulnerability Exposure (CVE) ID: CVE-2007-5936
http://bugs.gentoo.org/attachment.cgi?id=135423
http://osvdb.org/42238
Common Vulnerability Exposure (CVE) ID: CVE-2007-5937
Common Vulnerability Exposure (CVE) ID: CVE-2007-5497
1019537
http://www.securitytracker.com/id?1019537
20080212 FLEA-2008-0005-1 e2fsprogs
http://www.securityfocus.com/archive/1/487999/100/0/threaded
20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package
http://www.securityfocus.com/archive/1/489082/100/0/threaded
26772
http://www.securityfocus.com/bid/26772
27889
http://secunia.com/advisories/27889
27965
http://secunia.com/advisories/27965
27987
http://secunia.com/advisories/27987
28000
http://secunia.com/advisories/28000
28030
http://secunia.com/advisories/28030
28042
http://secunia.com/advisories/28042
28360
http://secunia.com/advisories/28360
28541
http://secunia.com/advisories/28541
28648
http://secunia.com/advisories/28648
29224
http://secunia.com/advisories/29224
32774
http://secunia.com/advisories/32774
40551
http://secunia.com/advisories/40551
ADV-2007-4135
http://www.vupen.com/english/advisories/2007/4135
ADV-2008-0761
http://www.vupen.com/english/advisories/2008/0761
ADV-2010-1796
http://www.vupen.com/english/advisories/2010/1796
DSA-1422
http://www.debian.org/security/2007/dsa-1422
FEDORA-2007-4447
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html
FEDORA-2007-4461
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html
HPSBMA02554
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
MDKSA-2007:242
http://www.mandriva.com/security/advisories?name=MDKSA-2007:242
RHSA-2008:0003
http://www.redhat.com/support/errata/RHSA-2008-0003.html
SSRT100018
SUSE-SR:2007:025
http://www.novell.com/linux/security/advisories/2007_25_sr.html
USN-555-1
http://www.ubuntu.com/usn/usn-555-1
[Security-announce] 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package
http://lists.vmware.com/pipermail/security-announce/2008/000007.html
e2fsprogs-libext2fs-integer-overflow(38903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38903
http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406
http://support.avaya.com/elmodocs2/security/ASA-2008-040.htm
http://support.citrix.com/article/CTX118766
http://wiki.rpath.com/Advisories:rPSA-2007-0262
http://www.vmware.com/security/advisories/VMSA-2008-0004.html
https://issues.rpath.com/browse/RPL-2011
oval:org.mitre.oval:def:10399
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10399
Common Vulnerability Exposure (CVE) ID: CVE-2007-5939
BugTraq ID: 26758
http://www.securityfocus.com/bid/26758
http://marc.info/?l=full-disclosure&m=119704362903699&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
http://osvdb.org/44750
http://securitytracker.com/id?1019057
Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/488971/100/0/threaded
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27800
http://secunia.com/advisories/27816
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/27855
http://secunia.com/advisories/27944
http://secunia.com/advisories/27955
http://secunia.com/advisories/27957
http://secunia.com/advisories/27979
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/28398
http://secunia.com/advisories/29164
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
https://usn.ubuntu.com/546-1/
http://www.ubuntu.com/usn/usn-546-2
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: firefox-jar-uri-xss(38356)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
1018977
1018994
http://securitytracker.com/id?1018994
20080212 FLEA-2008-0001-1 firefox
20080229 rPSA-2008-0093-1 thunderbird
231441
26593
http://www.securityfocus.com/bid/26593
27725
http://secunia.com/advisories/27725
27793
27796
27797
27800
27816
27838
27845
27855
27944
27955
27957
27979
28001
28016
28171
28277
28398
29164
ADV-2007-4002
ADV-2007-4018
ADV-2008-0083
ADV-2008-0643
DSA-1424
DSA-1425
FEDORA-2007-3952
FEDORA-2007-4098
FEDORA-2007-4106
FEDORA-2007-756
GLSA-200712-21
HPSBUX02153
MDKSA-2007:246
RHSA-2007:1082
RHSA-2007:1083
RHSA-2007:1084
SSA:2007-331-01
SSA:2007-333-01
SSRT061181
SUSE-SA:2007:066
USN-546-1
USN-546-2
http://browser.netscape.com/releasenotes/
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.mozilla.org/security/announce/2007/mfsa2007-38.html
https://issues.rpath.com/browse/RPL-1984
https://issues.rpath.com/browse/RPL-1995
mozilla-multiple-memcorrupt-code-execution(38643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38643
oval:org.mitre.oval:def:11014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11014
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
1018995
http://securitytracker.com/id?1018995
26589
http://www.securityfocus.com/bid/26589
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
mozilla-http-referer-spoofing(38644)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
oval:org.mitre.oval:def:9794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
Common Vulnerability Exposure (CVE) ID: CVE-2007-5491
BugTraq ID: 26126
http://www.securityfocus.com/bid/26126
Debian Security Information: DSA-1423 (Google Search)
http://www.debian.org/security/2007/dsa-1423
http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
http://secunia.com/advisories/27503
http://secunia.com/advisories/28008
http://www.vupen.com/english/advisories/2007/3768
Common Vulnerability Exposure (CVE) ID: CVE-2007-5492
Bugtraq: 20071018 Serious holes affecting SiteBar 3.3.8 (Google Search)
http://www.securityfocus.com/archive/1/482499/100/0/threaded
http://osvdb.org/43760
Common Vulnerability Exposure (CVE) ID: CVE-2007-5693
http://osvdb.org/43604
http://securityreason.com/securityalert/3318
Common Vulnerability Exposure (CVE) ID: CVE-2007-5694
http://osvdb.org/41110
Common Vulnerability Exposure (CVE) ID: CVE-2007-5695
http://osvdb.org/41581
Common Vulnerability Exposure (CVE) ID: CVE-2007-5692
http://osvdb.org/41355
http://osvdb.org/41356
http://osvdb.org/41357
http://osvdb.org/41358
http://osvdb.org/41359
Common Vulnerability Exposure (CVE) ID: CVE-2007-4135
26674
http://secunia.com/advisories/26674
26767
http://www.securityfocus.com/bid/26767
27043
http://secunia.com/advisories/27043
45825
http://osvdb.org/45825
MDKSA-2007:240
http://www.mandriva.com/security/advisories?name=MDKSA-2007:240
RHSA-2007:0951
http://www.redhat.com/support/errata/RHSA-2007-0951.html
SUSE-SR:2007:018
http://www.novell.com/linux/security/advisories/2007_18_sr.html
nfsv4-idmapper-uid-unspecified(36396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36396
oval:org.mitre.oval:def:9864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.