[SECURITY] Fedora Core 3 Update: tetex-2.0.2-21.7.FC3

Jindrich Novy jnovy at redhat.com
Thu Jan 12 16:16:08 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-029
2006-01-12
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : tetex
Version     : 2.0.2                      
Release     : 21.7.FC3                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.

---------------------------------------------------------------------
Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and
CVE-2005-3627 to these issues.
---------------------------------------------------------------------
* Wed Jan 11 2006 Jindrich Novy <jnovy at redhat.com> 2.0.2-21.7.FC3
- apply additional patch to fix xpdf flaws from Ludwig Nussel
  (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
* Mon Dec 19 2005 Jindrich Novy <jnovy at redhat.com> 2.0.2-21.6
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
  security response team, taken from xpdf

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

cf7ccd06a85a2a3eaa876706971fe32f5cba66b9  SRPMS/tetex-2.0.2-21.7.FC3.src.rpm
c4b3207cd02981b2c6f96ad2e27e2c882664c444  x86_64/tetex-2.0.2-21.7.FC3.x86_64.rpm
cfe7477d6307af610983d7b3b4bd8ab1b23026bc  x86_64/tetex-latex-2.0.2-21.7.FC3.x86_64.rpm
6de73df47b772f7631692c4c392a02a32630acc4  x86_64/tetex-xdvi-2.0.2-21.7.FC3.x86_64.rpm
ec4cc2f62901e9714f5fc0a1e482ac87868a38e3  x86_64/tetex-dvips-2.0.2-21.7.FC3.x86_64.rpm
7b7380a14999d0fb2ea794cf48afea1bf4fcb608  x86_64/tetex-afm-2.0.2-21.7.FC3.x86_64.rpm
5f58c8f32f80ae9f3940918cb77dc4145ac87d15  x86_64/tetex-fonts-2.0.2-21.7.FC3.x86_64.rpm
8269c2c6f763acc64d4b7230b3e2b9e30de0e5e6  x86_64/tetex-doc-2.0.2-21.7.FC3.x86_64.rpm
fa6a0fe488ddca27adddf8fd8e86efd5d3c96702  x86_64/debug/tetex-debuginfo-2.0.2-21.7.FC3.x86_64.rpm
0199f223161ef36cc20d6c8d3975bc93cf5b859a  i386/tetex-2.0.2-21.7.FC3.i386.rpm
ebf60610fcb7883a7fd51fc9149ca0ce39c25f88  i386/tetex-latex-2.0.2-21.7.FC3.i386.rpm
9b33603eaf128f8175b5d6a76b11dc2a1f7938a9  i386/tetex-xdvi-2.0.2-21.7.FC3.i386.rpm
0bca7c80842a921535f9f169873bba67857a9262  i386/tetex-dvips-2.0.2-21.7.FC3.i386.rpm
b10d1f4ab980b22f1b8c2998bba514294438e3e4  i386/tetex-afm-2.0.2-21.7.FC3.i386.rpm
439315089cf95886e7e93531df42779a5b3c9225  i386/tetex-fonts-2.0.2-21.7.FC3.i386.rpm
26316d94c329dbc63f732451cd92eac25a376bed  i386/tetex-doc-2.0.2-21.7.FC3.i386.rpm
62428a292a5e896a2e13e95ad6dc58be9559af9e  i386/debug/tetex-debuginfo-2.0.2-21.7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




More information about the announce mailing list