English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59974
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-554-1 (texlive-bin)
Summary:Ubuntu USN-554-1 (texlive-bin)
Description:
The remote host is missing an update to texlive-bin
announced via advisory USN-554-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)

Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)

Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
tetex-bin 3.0-13ubuntu6.1

Ubuntu 6.10:
tetex-bin 3.0-17ubuntu2.1

Ubuntu 7.04:
tetex-bin 3.0-27ubuntu1.2

Ubuntu 7.10:
texlive-extra-utils 2007-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-554-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5935
Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search)
http://www.securityfocus.com/archive/1/archive/1/487984/100/0/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=368591
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
http://security.gentoo.org/glsa/glsa-200711-26.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://www.ubuntulinux.org/support/documentation/usn/usn-554-1
BugTraq ID: 26469
http://www.securityfocus.com/bid/26469
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11311
http://www.vupen.com/english/advisories/2007/3896
http://www.securitytracker.com/id?1019058
http://secunia.com/advisories/27672
http://secunia.com/advisories/27686
http://secunia.com/advisories/27743
http://secunia.com/advisories/27967
http://secunia.com/advisories/28107
http://secunia.com/advisories/27718
http://secunia.com/advisories/28412
http://secunia.com/advisories/30168
Common Vulnerability Exposure (CVE) ID: CVE-2007-5936
http://bugs.gentoo.org/attachment.cgi?id=135423
http://osvdb.org/42238
Common Vulnerability Exposure (CVE) ID: CVE-2007-5937
Common Vulnerability Exposure (CVE) ID: CVE-2007-5497
Bugtraq: 20080212 FLEA-2008-0005-1 e2fsprogs (Google Search)
http://www.securityfocus.com/archive/1/archive/1/487999/100/0/threaded
Bugtraq: 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489082/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2008/000007.html
Debian Security Information: DSA-1422 (Google Search)
http://www.debian.org/security/2007/dsa-1422
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html
HPdes Security Advisory: HPSBMA02554
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
HPdes Security Advisory: SSRT100018
http://www.mandriva.com/security/advisories?name=MDKSA-2007:242
http://www.redhat.com/support/errata/RHSA-2008-0003.html
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://www.ubuntu.com/usn/usn-555-1
BugTraq ID: 26772
http://www.securityfocus.com/bid/26772
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10399
http://secunia.com/advisories/40551
http://secunia.com/advisories/32774
http://www.vupen.com/english/advisories/2007/4135
http://www.vupen.com/english/advisories/2008/0761
http://www.securitytracker.com/id?1019537
http://secunia.com/advisories/27889
http://secunia.com/advisories/27987
http://secunia.com/advisories/28000
http://secunia.com/advisories/28042
http://secunia.com/advisories/28030
http://secunia.com/advisories/27965
http://secunia.com/advisories/28360
http://secunia.com/advisories/28541
http://secunia.com/advisories/28648
http://secunia.com/advisories/29224
http://www.vupen.com/english/advisories/2010/1796
XForce ISS Database: e2fsprogs-libext2fs-integer-overflow(38903)
http://xforce.iss.net/xforce/xfdb/38903
Common Vulnerability Exposure (CVE) ID: CVE-2007-5939
http://marc.info/?l=full-disclosure&m=119704362903699&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
BugTraq ID: 26758
http://www.securityfocus.com/bid/26758
http://osvdb.org/44750
http://securitytracker.com/id?1019057
Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
http://www.ubuntulinux.org/support/documentation/usn/usn-546-1
http://www.ubuntu.com/usn/usn-546-2
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9873
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27816
http://secunia.com/advisories/27944
http://secunia.com/advisories/27957
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/27955
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/27800
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/28398
http://secunia.com/advisories/27855
http://secunia.com/advisories/27979
http://secunia.com/advisories/29164
XForce ISS Database: firefox-jar-uri-xss(38356)
http://xforce.iss.net/xforce/xfdb/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
BugTraq ID: 26593
http://www.securityfocus.com/bid/26593
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11014
http://securitytracker.com/id?1018994
http://secunia.com/advisories/27725
XForce ISS Database: mozilla-multiple-memcorrupt-code-execution(38643)
http://xforce.iss.net/xforce/xfdb/38643
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
BugTraq ID: 26589
http://www.securityfocus.com/bid/26589
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9794
http://securitytracker.com/id?1018995
XForce ISS Database: mozilla-http-referer-spoofing(38644)
http://xforce.iss.net/xforce/xfdb/38644
Common Vulnerability Exposure (CVE) ID: CVE-2007-5491
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
Debian Security Information: DSA-1423 (Google Search)
http://www.debian.org/security/2007/dsa-1423
http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
BugTraq ID: 26126
http://www.securityfocus.com/bid/26126
http://www.vupen.com/english/advisories/2007/3768
http://secunia.com/advisories/27503
http://secunia.com/advisories/28008
Common Vulnerability Exposure (CVE) ID: CVE-2007-5492
Bugtraq: 20071018 Serious holes affecting SiteBar 3.3.8 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
http://osvdb.org/43760
Common Vulnerability Exposure (CVE) ID: CVE-2007-5693
http://osvdb.org/43604
http://securityreason.com/securityalert/3318
Common Vulnerability Exposure (CVE) ID: CVE-2007-5694
http://osvdb.org/41110
Common Vulnerability Exposure (CVE) ID: CVE-2007-5695
http://osvdb.org/41581
Common Vulnerability Exposure (CVE) ID: CVE-2007-5692
http://osvdb.org/41355
http://osvdb.org/41356
http://osvdb.org/41357
http://osvdb.org/41358
http://osvdb.org/41359
Common Vulnerability Exposure (CVE) ID: CVE-2007-4135
http://www.mandriva.com/security/advisories?name=MDKSA-2007:240
http://www.redhat.com/support/errata/RHSA-2007-0951.html
SuSE Security Announcement: SUSE-SR:2007:018 (Google Search)
http://www.novell.com/linux/security/advisories/2007_18_sr.html
BugTraq ID: 26767
http://www.securityfocus.com/bid/26767
http://osvdb.org/45825
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9864
http://secunia.com/advisories/26674
http://secunia.com/advisories/27043
XForce ISS Database: nfsv4-idmapper-uid-unspecified(36396)
http://xforce.iss.net/xforce/xfdb/36396
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.