[SECURITY] Fedora 8 Update: tetex-3.0-44.3.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 20 18:04:54 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3308
2007-11-20 18:04:21.051542
--------------------------------------------------------------------------------

Name        : tetex
Product     : Fedora 8
Version     : 3.0
Release     : 44.3.fc8
URL         : http://www.tug.org/teTeX/
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly. The output format needn't to be DVI, but also PDF,
when using pdflatex or similar tools.

Install tetex if you want to use the TeX text formatting system. Consider
to install tetex-latex (a higher level formatting package which provides
an easier-to-use interface for TeX). Unless you are an expert at using TeX,
you should also install the tetex-doc package, which includes the
documentation for TeX.

--------------------------------------------------------------------------------
Update Information:

- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591)
- fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 16 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44.3
- temporarily disable check-buildroot so that we don't get
  broken fmt files after buildroot references removal (#325311)
* Tue Nov 13 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44.2
- fix dvips -z buffer overflow with long href (#368591)
- fix insecure usage of temporary file in dviljk (#368611, #368641)
* Thu Nov  8 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44.1
- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- remove links to buildroot from installed files
- fix BuildRoot
* Tue Oct 16 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44
- xdvi won't segfault if DVI file contains character which
  is not present in font (#243630)
- enable compilation with ccache
* Thu Aug 23 2007 Jindrich Novy <jnovy at redhat.com> 3.0-43
- update License
- rebuild for BuildID
* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-42
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248194)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #352271 - CVE-2007-4033 t1lib font filename string overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=352271
  [ 2 ] Bug #345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
        https://bugzilla.redhat.com/show_bug.cgi?id=345121
  [ 3 ] Bug #368591 - CVE-2007-5935 dvips -z buffer overflow with long href
        https://bugzilla.redhat.com/show_bug.cgi?id=368591
  [ 4 ] Bug #368611 - CVE-2007-5936 dviljk uses insecure temporary file
        https://bugzilla.redhat.com/show_bug.cgi?id=368611
  [ 5 ] Bug #368641 - CVE-2007-5937 Multiple dviljk buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=368641
  [ 6 ] Bug #379861 - Multiple tetex vulnerabilities [f8]
        https://bugzilla.redhat.com/show_bug.cgi?id=379861
--------------------------------------------------------------------------------
Updated packages:

53e28dfdd6fefce452ccd5f5e5e128dfde631077 tetex-fonts-3.0-44.3.fc8.ppc64.rpm
d8d6742c1eae9b613eacfcec8f85e544a2b0919f tetex-afm-3.0-44.3.fc8.ppc64.rpm
725dec3711cfdf06f9ff49165a33a39cab0be83b tetex-xdvi-3.0-44.3.fc8.ppc64.rpm
cca0d0dce90638b2c36fd0e23d9f8894244c9fb9 tetex-debuginfo-3.0-44.3.fc8.ppc64.rpm
170437b7ec175dadf12575fe0b2c896f002b3a4f tetex-dvips-3.0-44.3.fc8.ppc64.rpm
eff680a8982557241a1a42b9b7cd7bd9ecc675eb tetex-latex-3.0-44.3.fc8.ppc64.rpm
92749f7b01ab67f8a6ff589212e2a0c76dd98a6c tetex-doc-3.0-44.3.fc8.ppc64.rpm
c0f547436c04042982272ddde06d9d75f7436898 tetex-3.0-44.3.fc8.ppc64.rpm
084180bdcce7b5e29fe544ff6b9a84ccd809d8de tetex-latex-3.0-44.3.fc8.i386.rpm
8ab6010c7c308600aef3146b2fc4d32e80e4ae1f tetex-debuginfo-3.0-44.3.fc8.i386.rpm
263b17ce108880e452d7432c6a9849d07976eaa7 tetex-3.0-44.3.fc8.i386.rpm
1bc4b6ce752553572135ff06ae623971221079ff tetex-dvips-3.0-44.3.fc8.i386.rpm
db7049f25c25f1dd510b996901117f3e7c3f93e0 tetex-xdvi-3.0-44.3.fc8.i386.rpm
98777f8c0169862e484280e16d8c3cdf9ecd27fb tetex-fonts-3.0-44.3.fc8.i386.rpm
d2c269aadce92cc1b24098b4c0a16b0cb790d00f tetex-doc-3.0-44.3.fc8.i386.rpm
6dda49a6b3dde94b9515d28767e1c087976d5da4 tetex-afm-3.0-44.3.fc8.i386.rpm
70cfdb8e7f23bd20dcd4d80d71fb4fd6126d4863 tetex-afm-3.0-44.3.fc8.x86_64.rpm
e442dcf76c2cc1f44e3670ed85350fd27e1f1d85 tetex-doc-3.0-44.3.fc8.x86_64.rpm
f84f4608281b87a193a913022c281ba8a1868357 tetex-debuginfo-3.0-44.3.fc8.x86_64.rpm
f0a238114a1b9419f7d44b9c16963115483d8e2d tetex-dvips-3.0-44.3.fc8.x86_64.rpm
e6e0ea29d900bf6031adbe5af2e48c98fde5c73f tetex-fonts-3.0-44.3.fc8.x86_64.rpm
2f23524179584ce43f13ad928c197c127c56b43c tetex-latex-3.0-44.3.fc8.x86_64.rpm
2fd9e736d469d34b11f923161b4f75f935755d2c tetex-xdvi-3.0-44.3.fc8.x86_64.rpm
4fb56c7df2d785282866a7b938800ed3cf29f0e6 tetex-3.0-44.3.fc8.x86_64.rpm
76bf73ae24c3007c589def54262aada1e02a9d7e tetex-dvips-3.0-44.3.fc8.ppc.rpm
f75e2804b7543e1e586fb3f076711c2f9863e018 tetex-latex-3.0-44.3.fc8.ppc.rpm
23b7f04c55e77057d43650a6a7db864398140b70 tetex-xdvi-3.0-44.3.fc8.ppc.rpm
308b2c8d03c6a8018e0a7f8c36969ab6084bc8c6 tetex-fonts-3.0-44.3.fc8.ppc.rpm
52743a815a81caa40bc1da8cda644cd4bdcfe4f6 tetex-afm-3.0-44.3.fc8.ppc.rpm
54729723593e9bdf706ff231b4a783393851fab4 tetex-doc-3.0-44.3.fc8.ppc.rpm
765e74f9e1681405411508c170a8d71805cbcc09 tetex-debuginfo-3.0-44.3.fc8.ppc.rpm
74fe2afddadb4b2f938f7fb8a1f9eb824c6d4ea6 tetex-3.0-44.3.fc8.ppc.rpm
c86baf96de4f9bdbcb4c4509859fb9c100c49714 tetex-3.0-44.3.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tetex' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list