[USN-554-1] teTeX and TeX Live vulnerabilities
Ubuntu Security Notice USN-554-1 December 06, 2007 tetex-bin, texlive-bin vulnerabilities CVE-2007-5935, CVE-2007-5936, CVE-2007-5937Kwetsbare Ubuntu versies:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
- Ubuntu 6.06 LTS
- tetex-bin 3.0-13ubuntu6.1
- Ubuntu 6.10
- tetex-bin 3.0-17ubuntu2.1
- Ubuntu 7.10
- texlive-extra-utils 2007-12ubuntu3.1
- Ubuntu 7.04
- tetex-bin 3.0-27ubuntu1.2
In general, a standard system upgrade is sufficient to effect the necessary changes.
Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. (CVE-2007-5935) Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2007-5936) Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program. (CVE-2007-5937)
Ubuntero van de maand - Mei 2008 - Laacque
01-05-2008
Ooievaar brengt “Ruige Reiger”!
24-04-2008
Hardy Release Parties 2008
15-04-2008
Ubuntu demonstratie 19 april a.s. in Apeldoorn
10-04-2008
Ubuntero van de maand - April 2008 - Eendje
02-04-2008
Onverwachte downtime
01-04-2008
Nu ook chatten via de ubuntu NL website
30-03-2008
Ubuntero van de maand - Maart 2008 - profoX
01-03-2008
Ubuntero van de maand - Februari 2008 - Gandyman
03-02-2008
Ubuntero van de maand - Januari 2008
03-01-2008
Lees het nieuws via RSS