BugTraq
FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts Aug 14 2007 07:47PM
Foresight Linux Essential Announcement Service (foresight-security-noreply foresightlinux org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0044-1
Published: 2007-08-14

Rating: Major

Updated Versions:
tetex=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
tetex-dvips=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
tetex-fonts=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1[desktop is: x86]
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.8-1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604

Description:
Previous versions of the tetex package are vulnerable to an int overflow in
included xpdf code, which can be exploited via a specially-crafted PDF file
to execute arbitrary code.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRsIG09fwEn07iAtZAQKFRw/9HOvYe6J2uongwNtmIN7H0D+3g5Tmtc8j
g75EVNYMU8F/uNT5/i1P5oJgWNf0Vr/3FgjsK36vngeXft7szRMQmhG0NEz2/QM5
KHxg32M7gREJnkfpGFZI4ny01VQqBgCTpMnBbed5fEhLmc+cDk+CeqEK3fiqmfsM
bwO2XdY2DmnH77rtPUjb9thFWu381b9Yx1BtnSGggsmwM+Ft8uPaCHqR9hKf4eyW
oT3iQNb1N//NbSoZ3rGUioDPZHDzCp48XNMlZG85CWMwz3hfFBezRiiJOpaKW2am
QGYBg/e0Lds8hKPoP+OAI+HrB24QkjLYYOxQKDjOlHrnGTpIePbL60eguvOG6Oiz
Z3HtMaXCy67x8sAQReXFSx/QnsW6fzRQ9TZOSw6tO/91uuDKW34eAlpXB/f1Bhex
tO5DlAsV9Ghlc0WF0SOC6UJW620JVAq2JrWMY6lpueLf4qO4OYiLde2ErB9gHB24
FYyGM+TgC6twg+gN3fwzf2Xd4xkkX0mFjuNoFTVT+UMe4DQA1CYbZMXGAtX7j+Ni
jLhym0LEpvP0EDzBvtPms+N1F2F5w1s6hiarrfrBV5JLVPFjMDZS+dKnd841Wtaa
J7ZpYyJt5RAqJsCfEu4XuTo71Rm+oFsAyxjMSAV6vZ+BYRw31i7nBItuTOMi0Meh
IzTcy+F5PfU=
=L7pD
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus