English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71805
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:1201
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2012:1201.

teTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (DVI) file as output.

teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1
fonts. The following issues affect t1lib code:

Two heap-based buffer overflow flaws were found in the way t1lib processed
Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened
by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2010-2642,
CVE-2011-0433)

An invalid pointer dereference flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash or, potentially, execute
arbitrary code with the privileges of the user running teTeX.
(CVE-2011-0764)

A use-after-free flaw was found in t1lib. A specially-crafted font file
could, when opened, cause teTeX to crash or, potentially, execute arbitrary
code with the privileges of the user running teTeX. (CVE-2011-1553)

An off-by-one flaw was found in t1lib. A specially-crafted font file could,
when opened, cause teTeX to crash or, potentially, execute arbitrary code
with the privileges of the user running teTeX. (CVE-2011-1554)

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted
font file could, when opened, cause teTeX to crash. (CVE-2011-1552)

teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)
file viewer, to allow adding images in PDF format to the generated PDF
documents. The following issues affect Xpdf code:

An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was
used to process a TeX document referencing a specially-crafted PDF file, it
could cause pdflatex to crash or, potentially, execute arbitrary code with
the privileges of the user running pdflatex. (CVE-2010-3702)

An array index error was found in the way Xpdf parsed PostScript Type 1
fonts embedded in PDF documents. If pdflatex was used to process a TeX
document referencing a specially-crafted PDF file, it could cause pdflatex
to crash or, potentially, execute arbitrary code with the privileges of the
user running pdflatex. (CVE-2010-3704)

Red Hat would like to thank the Evince development team for reporting
CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the
original reporter of CVE-2010-2642.

All users of tetex are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1201.html

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2642
BugTraq ID: 45678
http://www.securityfocus.com/bid/45678
Debian Security Information: DSA-2357 (Google Search)
http://www.debian.org/security/2011/dsa-2357
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
https://security.gentoo.org/glsa/201701-57
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2011-0009.html
RedHat Security Advisories: RHSA-2012:1201
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://www.securitytracker.com/id?1024937
http://secunia.com/advisories/42769
http://secunia.com/advisories/42821
http://secunia.com/advisories/42847
http://secunia.com/advisories/42872
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.ubuntu.com/usn/USN-1035-1
http://www.vupen.com/english/advisories/2011/0029
http://www.vupen.com/english/advisories/2011/0043
http://www.vupen.com/english/advisories/2011/0056
http://www.vupen.com/english/advisories/2011/0097
http://www.vupen.com/english/advisories/2011/0102
http://www.vupen.com/english/advisories/2011/0193
http://www.vupen.com/english/advisories/2011/0194
Common Vulnerability Exposure (CVE) ID: CVE-2010-3702
42141
http://secunia.com/advisories/42141
42357
http://secunia.com/advisories/42357
42397
http://secunia.com/advisories/42397
42691
http://secunia.com/advisories/42691
43079
http://secunia.com/advisories/43079
43845
http://www.securityfocus.com/bid/43845
ADV-2010-2897
http://www.vupen.com/english/advisories/2010/2897
ADV-2010-3097
http://www.vupen.com/english/advisories/2010/3097
ADV-2011-0230
http://www.vupen.com/english/advisories/2011/0230
DSA-2119
http://www.debian.org/security/2010/dsa-2119
DSA-2135
http://www.debian.org/security/2010/dsa-2135
FEDORA-2010-15857
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
FEDORA-2010-15911
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
FEDORA-2010-15981
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
FEDORA-2010-16662
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
FEDORA-2010-16705
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
FEDORA-2010-16744
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
MDVSA-2012:144
RHSA-2010:0749
http://www.redhat.com/support/errata/RHSA-2010-0749.html
RHSA-2010:0750
http://www.redhat.com/support/errata/RHSA-2010-0750.html
RHSA-2010:0751
http://www.redhat.com/support/errata/RHSA-2010-0751.html
RHSA-2010:0752
http://www.redhat.com/support/errata/RHSA-2010-0752.html
RHSA-2010:0753
http://www.redhat.com/support/errata/RHSA-2010-0753.html
RHSA-2010:0754
http://www.redhat.com/support/errata/RHSA-2010-0754.html
RHSA-2010:0755
http://www.redhat.com/support/errata/RHSA-2010-0755.html
RHSA-2010:0859
http://www.redhat.com/support/errata/RHSA-2010-0859.html
RHSA-2012:1201
SSA:2010-324-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
SUSE-SR:2010:022
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
USN-1005-1
http://www.ubuntu.com/usn/USN-1005-1
[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
http://www.openwall.com/lists/oss-security/2010/10/04/6
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
https://bugzilla.redhat.com/show_bug.cgi?id=595245
Common Vulnerability Exposure (CVE) ID: CVE-2010-3704
43841
http://www.securityfocus.com/bid/43841
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
https://bugzilla.redhat.com/show_bug.cgi?id=638960
Common Vulnerability Exposure (CVE) ID: CVE-2011-0433
http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/
http://secunia.com/advisories/48985
Common Vulnerability Exposure (CVE) ID: CVE-2011-0764
BugTraq ID: 46941
http://www.securityfocus.com/bid/46941
Bugtraq: 20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution (Google Search)
http://www.securityfocus.com/archive/1/517205/100/0/threaded
CERT/CC vulnerability note: VU#376500
http://www.kb.cert.org/vuls/id/376500
http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://securitytracker.com/id?1025266
http://secunia.com/advisories/43823
http://secunia.com/advisories/47347
http://securityreason.com/securityalert/8171
http://www.ubuntu.com/usn/USN-1316-1
http://www.vupen.com/english/advisories/2011/0728
XForce ISS Database: xpdf-t1lib-code-execution(66208)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
Common Vulnerability Exposure (CVE) ID: CVE-2011-1552
Common Vulnerability Exposure (CVE) ID: CVE-2011-1553
Common Vulnerability Exposure (CVE) ID: CVE-2011-1554
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.