Gentoo Security Advisory GLSA 200501-31 (teTeX) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-31.

Solution

All teTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/tetex-2.0.2-r5' All CSTeX users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/cstetex-2.0.2-r1' Finally, all pTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/ptex-3.1.4-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-31 http://bugs.gentoo.org/show_bug.cgi?id=75801

Insight

teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.

Severity

Classification

CVE CVE-2004-0888, CVE-2004-0889, CVE-2004-1125, CVE-2005-0064
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-03 (sitecopy)
Gentoo Security Advisory GLSA 200404-19 (lcdproc)
Gentoo Security Advisory GLSA 200311-08 (Libnids)
Gentoo Security Advisory GLSA 200408-23 (kdelibs)
Gentoo Security Advisory GLSA 200409-03 (Python)

Take action and discover your vulnerabilities