[SECURITY] Fedora Core 4 Update: tetex-3.0-9.FC4
Posted on: 01/12/2006 06:22 PM

A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: tetex-3.0-9.FC4. Here the announcement:

Fedora Update Notification
FEDORA-2005-028
2006-01-12
---------------------------------------------------------------------

Product : Fedora Core 4
Name : tetex
Version : 3.0
Release : 9.FC4
Summary : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.


The Red Hat tetex package also contains software related to Japanese
support for teTeX such as ptex, what is not a part of teTeX project.

---------------------------------------------------------------------
Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to
these issues.

This package also updates bindings in texdoc and causes the
local texmf tree to be searched first.
---------------------------------------------------------------------
* Wed Jan 11 2006 Jindrich Novy lt;jnovy@redhat.comgt; 3.0-9.FC4
- apply additional patch to fix xpdf flaws from Ludwig Nussel
(CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
- /usr/share/texmf/doc is now owned by tetex package (#177065)
- update searching order for kpathsea (local texmf tree is
searched first)
- don't use obsolete bindings in texdoc
* Mon Dec 19 2005 Jindrich Novy lt;jnovy@redhat.comgt; 3.0-8.FC4
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
security response team, taken from xpdf

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d5803bb897ac8b307e604d9b5ff872c1ff314565 SRPMS/tetex-3.0-9.FC4.src.rpm
ff74404da788d6b5677d6edf10745564bafd43da ppc/tetex-3.0-9.FC4.ppc.rpm
1ddbc8cb532cb20d101e490bb881621c994d8851 ppc/tetex-latex-3.0-9.FC4.ppc.rpm
c8329a5c0b491f82d37e7b7024b3d4b0cf2553f1 ppc/tetex-xdvi-3.0-9.FC4.ppc.rpm
7387673a1b7a69582e6f0c4b382430f9c71c5eec ppc/tetex-dvips-3.0-9.FC4.ppc.rpm
59b640dee6af739cde5d2f7f8dbebaaabcb4ec28 ppc/tetex-afm-3.0-9.FC4.ppc.rpm
0e4a4804df1cfd756da3be2b93bbdc08548ce3cf ppc/tetex-fonts-3.0-9.FC4.ppc.rpm
846dc3c32e28fc4b1bc703d62f6bf1f1daa26031 ppc/tetex-doc-3.0-9.FC4.ppc.rpm
4d054f78d197154f5de87f7118de6a01dd65230e ppc/debug/tetex-debuginfo-3.0-9.FC4.ppc.rpm
aa56a1fce1d8d1b5213a588612bfbea03d2e18d8 x86_64/tetex-3.0-9.FC4.x86_64.rpm
ccd10c08e3342efd7e0345e3d6bf030574066262 x86_64/tetex-latex-3.0-9.FC4.x86_64.rpm
2abd94209f969ffad4e152d5fa84d9724495886c x86_64/tetex-xdvi-3.0-9.FC4.x86_64.rpm
4a966b11d187f743445bf0a9193eab5e021bcc7b x86_64/tetex-dvips-3.0-9.FC4.x86_64.rpm
9b0b54e67982188e20dcbafdd1c25cc559306345 x86_64/tetex-afm-3.0-9.FC4.x86_64.rpm
81c804112f3f557950f618a4d7d459f6d3683298 x86_64/tetex-fonts-3.0-9.FC4.x86_64.rpm
a3905125347b27476119eb2109f533f868898f00 x86_64/tetex-doc-3.0-9.FC4.x86_64.rpm
8c50c8246b1cd2eb16dc03f9f45ebbcb31470c87 x86_64/debug/tetex-debuginfo-3.0-9.FC4.x86_64.rpm
7afe7adda01e3a4cef49c7ff05975c1a2ebf4d8a i386/tetex-3.0-9.FC4.i386.rpm
de7db2f913951772d3ea106472bc390b3bd6a391 i386/tetex-latex-3.0-9.FC4.i386.rpm
af8d0c5026e4fbd557cc06024af2952025c8ba5b i386/tetex-xdvi-3.0-9.FC4.i386.rpm
3d7837c759ec17ac25a3ba82cc038eb0eab25558 i386/tetex-dvips-3.0-9.FC4.i386.rpm
cb11ce07500fe9f978f8d372358eb4dd664bd03a i386/tetex-afm-3.0-9.FC4.i386.rpm
c483b2892a7b02e22ac96c91e39e24f0fb783a26 i386/tetex-fonts-3.0-9.FC4.i386.rpm
31592fdca8509bc0412293b707eaf02485640b8e i386/tetex-doc-3.0-9.FC4.i386.rpm
d706dba1b43706096b7dcd29c8ef203d72c48731 i386/debug/tetex-debuginfo-3.0-9.FC4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_fedora_core_4_update_tetex_30_9fc4.html)