texlive-2007-57.AXS4

エラータID: AXSA:2012-203:01

Release date: 
Monday, February 20, 2012 - 14:19
Subject: 
texlive-2007-57.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly.
Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX).
The TeX documentation is located in the texlive-doc package.
Security issues fixed with this release:
CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVE-2011-0433
No description available, see the CVE links below.
CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
CVE-2011-1552
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
CVE-2011-1553
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
CVE-2011-1554
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

Solution: 

Update packages.

CVEs: 
CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
CVE-2011-1552
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
CVE-2011-1553
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
CVE-2011-1554
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.




Additional Info: 

N/A

Download: 

SRPMS
  1. texlive-2007-57.AXS4.src.rpm
    MD5: b7a875281eaf03144195dda8e141fa6e
    SHA-256: d6c61ce02f3cc889f9de5b29d5b841c406e9c544a0c2a9dbaa21ed422b6f7dc0
    Size: 29.63 MB

Asianux Server 4 for x86
  1. kpathsea-2007-57.AXS4.i686.rpm
    MD5: 1cb0a4d91919986fe008fce7afdd1cd7
    SHA-256: d38293522eb0bb59fd63059beddf2a270cac1d73f3b81c228b1d4044cad46a3a
    Size: 116.96 kB
  2. texlive-2007-57.AXS4.i686.rpm
    MD5: fce5a6d9875f7e6d3c1cd009cf89a5c5
    SHA-256: 7cee997411c30a861978a58d18ac3e49fa69fa6c5b91eda5406057b020ecdc3a
    Size: 1.57 MB
  3. texlive-dvips-2007-57.AXS4.i686.rpm
    MD5: 9a783970d4f09eb190903859bebedf2c
    SHA-256: 66a920e86731ee553c022399a22269d8b13ca5ca5eba6beb3d0bdd7914e590cb
    Size: 184.43 kB
  4. texlive-latex-2007-57.AXS4.i686.rpm
    MD5: 24dd3dabd6c91091bb672e8cfa254e84
    SHA-256: 153b8826117c961f1fc3a9667c3faa8a655b0ab1a5e5d770787cf5e61ffae01f
    Size: 79.55 kB
  5. texlive-utils-2007-57.AXS4.i686.rpm
    MD5: b1bb0f6e1a80bc446e40c4569bf10f85
    SHA-256: 6c6312f0ef8e7753768e190fbf1c3a45e01c3f1e9859e0503509b49667d87a49
    Size: 232.70 kB

Asianux Server 4 for x86_64
  1. kpathsea-2007-57.AXS4.x86_64.rpm
    MD5: 06802e64bb28298ae1f803a76e0f961c
    SHA-256: e6ebc542c6b5023a3f3c232ccf8c12e2019d5a4ae19b5438d8dd785c24b84c6e
    Size: 116.65 kB
  2. texlive-2007-57.AXS4.x86_64.rpm
    MD5: c3bbde5624e753ddbe66f46ec93905d9
    SHA-256: cb52159572ccce9122681f738bc72dcfefed7bcf9fff988ebf7a4291a354d768
    Size: 1.79 MB
  3. texlive-dvips-2007-57.AXS4.x86_64.rpm
    MD5: 5ad3c6db172357d40cb93cc4d96786f0
    SHA-256: aaa8e0edb398881ba82a29fb15db22e517927a612b5501dca2f7f2cac9928540
    Size: 192.07 kB
  4. texlive-latex-2007-57.AXS4.x86_64.rpm
    MD5: ad06867a51f6e5214baeed033e30786f
    SHA-256: b577f3ae66d19eabeabf0235769f29e3148664b161b0dd60fa8dbb8239500aef
    Size: 81.94 kB
  5. texlive-utils-2007-57.AXS4.x86_64.rpm
    MD5: 8cb74bbfd4ac65e2905b38b8ca9e11df
    SHA-256: ef286450db3dfa33c413908817c45d34c550cf93a81842023e54cb7e6df10362
    Size: 252.53 kB