|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200603-02] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code Vulnerability Scan
Vulnerability Scan Summary
teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200603-02
(teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code)
CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This
XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as
well as several buffer and integer overflows discovered by Chris Evans
(CESA-2005-003).
Impact
A possible hacker could entice a user to open a specially crafted PDF
file with teTeX, pTeX or CSTeX, potentially resulting in the execution
of arbitrary code with the rights of the user running the affected
application.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
http://scary.beasts.org/security/CESA-2005-003.txt
Solution:
All teTex users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8"
All CSTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2"
All pTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
