tetex-3.0-33.15.1.0.1.AXS3
エラータID: AXSA:2012-906:01
リリース日:
2012/09/17 Monday - 20:27
題名:
tetex-3.0-33.15.1.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Evince の dvi-backend コンポーネントの AFM フォントパーサにはヒープベースのバッファーオーバーフローが存在し,巧妙に細工されたフォントによって,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2010-2642)
- xpdf の PDF パーサの Gfx::getPos 関数は,リモートの攻撃者がサービス拒否 (クラッシュ) を引き起こす脆弱性があります。(CVE-2010-3702)
- xpdf の PDF パーサ の FoFiType1::parse 関数には,巧妙に細工した Type 1 フォントを含む PDF ファイルによって,攻撃者がサービス拒否 (クラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性が存在します。(CVE-2010-3704)
- t1lib は逆参照の操作とともに不正なポインタを用いており,PDF ドキュメントの巧妙に細工された Type 1 フォントによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2011-0433)
- t1lib は不正なメモリの位置から読み込んでいるため,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。
なお,この脆弱性は CVE-2011-0764 とは異なる脆弱性です。(CVE-2011-1553)
- t1lib には一つずれエラーが存在し,巧妙に細工された Type 1 フォントを含む PDF ドキュメントによって,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。
なお,この脆弱性は CVE-2011-0764 とは異なる脆弱性です。(CVE-2011-1554)
現時点では CVE-2011-0433 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
CVE-2011-1552
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
CVE-2011-1553
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
CVE-2011-1554
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
追加情報:
N/A
ダウンロード:
SRPMS
- tetex-3.0-33.15.1.0.1.AXS3.src.rpm
MD5: 8b5be10d0a2fffc279d773682c483fa5
SHA-256: 90aeddf64ba64093d8532b25b4419465de0cfbdce5b80b1f93aa39f882d4b346
Size: 91.93 MB
Asianux Server 3 for x86
- tetex-3.0-33.15.1.0.1.AXS3.i386.rpm
MD5: 9c898831f99aadb355d230452044eab3
SHA-256: a5ea626909fce40c1f9b149d99b2a4adb6ad898de0eed4ae6c8dd459d0e33747
Size: 8.43 MB - tetex-dvips-3.0-33.15.1.0.1.AXS3.i386.rpm
MD5: 212693802da9ac36ef619bceb14881bd
SHA-256: f4b3f54acafb1a5b8b1d48a2281c9f4ade394234ef69b406b7bafcb85f0819db
Size: 560.99 kB - tetex-fonts-3.0-33.15.1.0.1.AXS3.i386.rpm
MD5: 0bc25114252ad5ee962e9cbd28401501
SHA-256: c5cb81c69a0e1a61218bc60a59be0d126613c80a2748d9a781b5ea5d738e4f5f
Size: 29.43 MB - tetex-latex-3.0-33.15.1.0.1.AXS3.i386.rpm
MD5: 29b2bf256dc64cda616f4cf8ba820b97
SHA-256: 19cada0b90ac0ffb718c5c4a8a7d7c38a46c54ddb5dafae1069f578ebd64872c
Size: 4.19 MB
Asianux Server 3 for x86_64
- tetex-3.0-33.15.1.0.1.AXS3.x86_64.rpm
MD5: c2f03e8605bfe6b3de89fd124df24f2e
SHA-256: 2cd2e461feb6287a1fbb02d0f1f0de90159c14e1789466ab5518f63bbec36532
Size: 8.80 MB - tetex-dvips-3.0-33.15.1.0.1.AXS3.x86_64.rpm
MD5: eb4f4ad2d594eaec69d44518a85fd15e
SHA-256: 78e46be27084fed80f7fae4f512a0021a59de66a1e0ff636b379ee2af9b72c68
Size: 579.96 kB - tetex-fonts-3.0-33.15.1.0.1.AXS3.x86_64.rpm
MD5: 5726a10c9cfa44d6ab466efce67dc09b
SHA-256: 9c3b7f13542cc7aa9e7ed98fe34f5467caa15acaf5e9f8cb7d897142c8828018
Size: 29.52 MB - tetex-latex-3.0-33.15.1.0.1.AXS3.x86_64.rpm
MD5: 4c5e93f34aa0254d272507481b0da9bf
SHA-256: 94385515d229894c50bd29459842a27e0b8dab91e8ec99a92e3b8a98c344f455
Size: 4.18 MB