English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67421
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2010:094 (tetex)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to tetex
announced via advisory MDVSA-2010:094.

Multiple vulnerabilities has been discovered and fixed in tetex:

Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted virtual font
(VF) file associated with a DVI file (CVE-2010-0827).

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
teTeX, allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a malformed DVI file
(CVE-2010-0829).

Integer overflow in the predospecial function in dospecial.c in
dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote
attackers to execute arbitrary code via a crafted DVI file that
triggers a heap-based buffer overflow. NOTE: some of these details
are obtained from third party information (CVE-2010-0739).

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
2009 and earlier, and teTeX, allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a special command in a DVI file, related to the (1) predospecial and
(2) bbdospecial functions, a different vulnerability than CVE-2010-0739
(CVE-2010-1440).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

The corrected packages solves these problems.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:094

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1284
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.html
http://security.gentoo.org/glsa/glsa-201206-28.xml
http://www.openwall.com/lists/oss-security/2009/04/01/8
http://secunia.com/advisories/34445
http://www.ubuntu.com/usn/USN-937-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
1021706
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
1023029
http://securitytracker.com/id?1023029
274030
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
36703
http://www.securityfocus.com/bid/36703
37028
http://secunia.com/advisories/37028
37034
http://secunia.com/advisories/37034
37037
http://secunia.com/advisories/37037
37043
http://secunia.com/advisories/37043
37051
http://secunia.com/advisories/37051
37053
http://secunia.com/advisories/37053
37054
http://secunia.com/advisories/37054
37061
http://secunia.com/advisories/37061
37077
http://secunia.com/advisories/37077
37079
http://secunia.com/advisories/37079
37114
http://secunia.com/advisories/37114
37159
http://secunia.com/advisories/37159
39327
http://secunia.com/advisories/39327
39938
http://secunia.com/advisories/39938
ADV-2009-2924
http://www.vupen.com/english/advisories/2009/2924
ADV-2009-2925
http://www.vupen.com/english/advisories/2009/2925
ADV-2009-2926
http://www.vupen.com/english/advisories/2009/2926
ADV-2009-2928
http://www.vupen.com/english/advisories/2009/2928
ADV-2010-0802
http://www.vupen.com/english/advisories/2010/0802
ADV-2010-1220
http://www.vupen.com/english/advisories/2010/1220
DSA-1941
http://www.debian.org/security/2009/dsa-1941
DSA-2028
http://www.debian.org/security/2010/dsa-2028
DSA-2050
http://www.debian.org/security/2010/dsa-2050
FEDORA-2009-10823
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
FEDORA-2009-10845
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
FEDORA-2010-1377
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
FEDORA-2010-1805
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
FEDORA-2010-1842
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
MDVSA-2011:175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
SUSE-SR:2009:018
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
USN-850-1
http://www.ubuntu.com/usn/USN-850-1
USN-850-3
http://www.ubuntu.com/usn/USN-850-3
[oss-security] 20091130 Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/1
[oss-security] 20091130 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/5
[oss-security] 20091201 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/6
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
http://www.ocert.org/advisories/ocert-2009-016.html
https://bugzilla.redhat.com/show_bug.cgi?id=526637
oval:org.mitre.oval:def:9536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
xpdf-objectstream-bo(53794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
Common Vulnerability Exposure (CVE) ID: CVE-2010-0827
BugTraq ID: 39971
http://www.securityfocus.com/bid/39971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0829
Debian Security Information: DSA-2048 (Google Search)
http://www.debian.org/security/2010/dsa-2048
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041587.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718
http://secunia.com/advisories/39914
http://www.ubuntu.com/usn/USN-936-1
http://www.vupen.com/english/advisories/2010/1219
Common Vulnerability Exposure (CVE) ID: CVE-2010-0739
39390
http://secunia.com/advisories/39390
39500
http://www.securityfocus.com/bid/39500
FEDORA-2010-8273
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html
GLSA-201206-28
SUSE-SR:2010:012
SUSE-SR:2010:013
USN-937-1
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
https://bugzilla.redhat.com/show_bug.cgi?id=572941
oval:org.mitre.oval:def:11468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468
Common Vulnerability Exposure (CVE) ID: CVE-2010-1440
https://bugzilla.redhat.com/show_bug.cgi?id=586819
oval:org.mitre.oval:def:10068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.