Oval Definition:	oval:com.redhat.rhsa:def:20050026
Revision Date: 2005-03-16 Version: 502 Title: RHSA-2005:026: tetex security update (Moderate) Description: The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. Family: unix Class: patch Status: Reference(s): CVE-2004-1125 CVE-2005-0064 RHSA-2005:026-01 Platform(s): Red Hat Enterprise Linux 4 Product(s): Definition Synopsis Red Hat Enterprise Linux 4 is installed AND Package Information tetex-xdvi is earlier than 0:2.0.2-22.EL4.4 AND tetex-xdvi is signed with Red Hat master key OR tetex is earlier than 0:2.0.2-22.EL4.4 AND tetex is signed with Red Hat master key OR tetex-fonts is earlier than 0:2.0.2-22.EL4.4 AND tetex-fonts is signed with Red Hat master key OR tetex-doc is earlier than 0:2.0.2-22.EL4.4 AND tetex-doc is signed with Red Hat master key OR tetex-latex is earlier than 0:2.0.2-22.EL4.4 AND tetex-latex is signed with Red Hat master key OR tetex-dvips is earlier than 0:2.0.2-22.EL4.4 AND tetex-dvips is signed with Red Hat master key OR tetex-afm is earlier than 0:2.0.2-22.EL4.4 AND tetex-afm is signed with Red Hat master key
BACK