[Security Announce] [ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability
Posted on: 06/14/2007 05:45 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:124
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tetex
Date : June 13, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

A flaw in libgd2 was found by Xavier Roche where it would not correctly
validate PNG callback results. If an application linked against
libgd2 was tricked into processing a specially-crafted PNG file, it
could cause a denial of service scenario via CPU resource consumption.

Tetex uses an embedded copy of the gd source and may also be affected
by this issue.

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
2e8c2ac6ad83cc072b76787be3d15299 2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm
957a3160ce764d40e12e6017130a6332 2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm
e6f1f57c2aab41833f5a2f4a46356144 2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm
8c6e7772152cfa5ebe14cef82e9c8886 2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm
94be356439d6932788d9f7550e9206d5 2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm
cd5db61b9bfd3e644efd262de24e84c5 2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm
846e037efab3a20fe81c1be5a5cbbfc0 2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm
33c7aa750310bfda386768f9e7f8055d 2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm
08db04b936e7d91644f21b54a423bcff 2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm
5bc245e88f789ded24c3b2c36740d24a 2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm
bb90c0b9833a35c31450f43149a5b076 2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm
dba9384f7d839111cacaee7511e080ed 2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm
626eb3c0c5f18540e14c25b098e882e5 2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm
468a678c98a37047027dc813274004ce 2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm
f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
ce0d6de4ce859af079ffe3afc49c05bf 2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm
4b2e945b215737269c192a6fbcf838b6 2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm
1673d2571a84c29b58385e02eb3bd6c3 2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm
60ca25d92303c6864a50559098c1b601 2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm
91d962afd5f258ab72c5ef2ab6bdfa1a 2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm
2c186f216f86f43920ad9904d28e3e0f 2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm
4d6ea1b35f033e1cd27d1d61393a0196 2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm
e4fc1eda06c96d9f72ec0415099d6094 2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm
a4daeeb22f0e9de15893df0d2b49614d 2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm
051377331be602aee494c41d7858b8a8 2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm
e341788602e2239080c80c111bc23d52 2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm
6486e09c3be46503b597666819f2dcb3 2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm
fe18bf6f511d0a8af4a52f8970102fcb 2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm
9b018058b8cae68e65228a151a849603 2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm
f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
50048a669bb05f151efa42105f43fb9c 2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm
e29de9eb213eb8b94539a1e3d6a22db9 2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm
81ca9f7536b997c3793df222442fb519 2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm
9659b9e7a5b8530c49cc9ceb40a32f18 2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm
2ba7ea077768d4c82351656578c984eb 2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm
6ea801e052eab5a1bd6258c08b6c8268 2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm
16160a0300b7a80c131a161fee536ccb 2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm
8fb693d4715e914d85d4ef97f57c91f8 2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm
bc1ad2d54861f6b447e6205024f7e52f 2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm
f672d69f2edb5d6a9d1ef562f570a7b9 2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm
028c8012150d66f65b0386f1c1bc85a4 2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm
67aa7bdf0e24c48f005ffdb6d5f1ed36 2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm
0f2a7b4946894afa7e126f9deb17a7b7 2007.1/i586/tetex-usrlocal-3.0-31.2mdv2007.1.i586.rpm
e481bed4173177025ae1ec8736be5d00 2007.1/i586/tetex-xdvi-3.0-31.2mdv2007.1.i586.rpm
5840aff2d781d350c725cfa542bd1703 2007.1/i586/xmltex-1.9-77.2mdv2007.1.i586.rpm
30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
ca693fc97d8d06f649dbf6ce495065a2 2007.1/x86_64/jadetex-3.12-129.2mdv2007.1.x86_64.rpm
c80a9f1e9d46d70acb08d8ff1ba79b89 2007.1/x86_64/tetex-3.0-31.2mdv2007.1.x86_64.rpm
384fbbfe1f41516e186217f772be285f 2007.1/x86_64/tetex-afm-3.0-31.2mdv2007.1.x86_64.rpm
2cde2d3ca5867704be94ad810b98545c 2007.1/x86_64/tetex-context-3.0-31.2mdv2007.1.x86_64.rpm
4a967f6eb42973b60120978d5b6552d5 2007.1/x86_64/tetex-devel-3.0-31.2mdv2007.1.x86_64.rpm
b5b172dba480c0c8fb56bca4e0625983 2007.1/x86_64/tetex-doc-3.0-31.2mdv2007.1.x86_64.rpm
a874b50dfb6ca67b3fa5e8a39f0570c0 2007.1/x86_64/tetex-dvilj-3.0-31.2mdv2007.1.x86_64.rpm
84c44363e7fb26726cdb47c3645a3e4a 2007.1/x86_64/tetex-dvipdfm-3.0-31.2mdv2007.1.x86_64.rpm
71cea521a62bcd4a019a46808df86f50 2007.1/x86_64/tetex-dvips-3.0-31.2mdv2007.1.x86_64.rpm
f0e20e8eb0957621fef83b324d24ec6d 2007.1/x86_64/tetex-latex-3.0-31.2mdv2007.1.x86_64.rpm
52e972b6404156a84bd101acd972e7de 2007.1/x86_64/tetex-mfwin-3.0-31.2mdv2007.1.x86_64.rpm
d0c983661de367d9c3b5ef8641d65784 2007.1/x86_64/tetex-texi2html-3.0-31.2mdv2007.1.x86_64.rpm
b12db36bc90330c6ac09677bc9a4dadc 2007.1/x86_64/tetex-usrlocal-3.0-31.2mdv2007.1.x86_64.rpm
54d7c5622d0923ba8514e23e3d730c0b 2007.1/x86_64/tetex-xdvi-3.0-31.2mdv2007.1.x86_64.rpm
51d9d825e1826d8a4a2e35830b789d32 2007.1/x86_64/xmltex-1.9-77.2mdv2007.1.x86_64.rpm
30fc9e3fdd1c57f5c3114ef62cd40206 2007.1/SRPMS/tetex-3.0-31.2mdv2007.1.src.rpm

Corporate 4.0:
e599963f57bf4cbabcfa0bc5cd85361a corporate/4.0/i586/jadetex-3.12-110.5.20060mlcs4.i586.rpm
3d51ae4ec1cb2d9257990de218735b7c corporate/4.0/i586/tetex-3.0-12.5.20060mlcs4.i586.rpm
f54c81df83907d8465375ebf0cc0be51 corporate/4.0/i586/tetex-afm-3.0-12.5.20060mlcs4.i586.rpm
628d170cfd5848644efccc75e3c7b2ee corporate/4.0/i586/tetex-context-3.0-12.5.20060mlcs4.i586.rpm
e8414063f9a970b11eb259e4f247d6a4 corporate/4.0/i586/tetex-devel-3.0-12.5.20060mlcs4.i586.rpm
766cadc5ead080da2714132785abbc2b corporate/4.0/i586/tetex-doc-3.0-12.5.20060mlcs4.i586.rpm
a1a0d027f353f029eff92e44d1d380b2 corporate/4.0/i586/tetex-dvilj-3.0-12.5.20060mlcs4.i586.rpm
4878794c86296306e98e3083b0888da9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.5.20060mlcs4.i586.rpm
13fded1d09028f0f6a09745dde2c9195 corporate/4.0/i586/tetex-dvips-3.0-12.5.20060mlcs4.i586.rpm
bf586503d8f18aeb0e4d039b0a5811ac corporate/4.0/i586/tetex-latex-3.0-12.5.20060mlcs4.i586.rpm
6addfcd795b2760417bd6322b1e06161 corporate/4.0/i586/tetex-mfwin-3.0-12.5.20060mlcs4.i586.rpm
dadfda7a6b914a804ca9064f3ccd858b corporate/4.0/i586/tetex-texi2html-3.0-12.5.20060mlcs4.i586.rpm
7d503c927bed3c8f4900bb63dc5fa1cb corporate/4.0/i586/tetex-xdvi-3.0-12.5.20060mlcs4.i586.rpm
14abc9b3821b8fed85ccc324d2750464 corporate/4.0/i586/xmltex-1.9-58.5.20060mlcs4.i586.rpm
6eeeae7b2e2a3f73041996ed6bb455b6 corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
20945c9decacd27b855bbf1a234f51fe corporate/4.0/x86_64/jadetex-3.12-110.5.20060mlcs4.x86_64.rpm
051d3485b5f89420dd2d88ec53307412 corporate/4.0/x86_64/tetex-3.0-12.5.20060mlcs4.x86_64.rpm
0e26a770001875de05795cbed4206a77 corporate/4.0/x86_64/tetex-afm-3.0-12.5.20060mlcs4.x86_64.rpm
d9fdf4240acec0a31dbc5e0c96887de5 corporate/4.0/x86_64/tetex-context-3.0-12.5.20060mlcs4.x86_64.rpm
428e660f5caf899f82a9f9aca31ed4a0 corporate/4.0/x86_64/tetex-devel-3.0-12.5.20060mlcs4.x86_64.rpm
51c6a7ed18b59d381156ffe1291cf4a5 corporate/4.0/x86_64/tetex-doc-3.0-12.5.20060mlcs4.x86_64.rpm
2f182feb9728673a4f97bfc60fb3e6fb corporate/4.0/x86_64/tetex-dvilj-3.0-12.5.20060mlcs4.x86_64.rpm
9ae5269b4468ce485ad0488cabc2f91e corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.5.20060mlcs4.x86_64.rpm
75b50d9c33d183728796d845b0f07c14 corporate/4.0/x86_64/tetex-dvips-3.0-12.5.20060mlcs4.x86_64.rpm
1f0454ee084c06cce0739937441e0487 corporate/4.0/x86_64/tetex-latex-3.0-12.5.20060mlcs4.x86_64.rpm
97a2f90d8e8f5f19fde44b25834af43b corporate/4.0/x86_64/tetex-mfwin-3.0-12.5.20060mlcs4.x86_64.rpm
27b66f9466cf9ff3f4850fe0e6a412de corporate/4.0/x86_64/tetex-texi2html-3.0-12.5.20060mlcs4.x86_64.rpm
9568e6f8b9efa04ea56b943dc1ac6383 corporate/4.0/x86_64/tetex-xdvi-3.0-12.5.20060mlcs4.x86_64.rpm
8672d507807a9f69cd8457ccaec313af corporate/4.0/x86_64/xmltex-1.9-58.5.20060mlcs4.x86_64.rpm
6eeeae7b2e2a3f73041996ed6bb455b6 corporate/4.0/SRPMS/tetex-3.0-12.5.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGcH29mqjQ0CJFipgRAtkAAJkBxXRe2D5sxrXM3DquTkeyiJa9NACeN+/g
YNHAIvisoAStqxxVjL2y0ks=
=eT9G
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007124__updated_tetex_packages_fix_vulnerability.html)