tetex is vulnerable to arbitrary code execution. The vulnerability exists through multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
tetex | eq | 3.0__33.2.el5_1.2 | |
tetex | eq | 3.0__33.1.el5 | |
tetex | eq | 3.0__33.2.el5_1.2 | |
tetex | eq | 3.0__33.1.el5 |
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/39390
security.gentoo.org/glsa/glsa-201206-28.xml
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/39500
www.ubuntu.com/usn/USN-937-1
access.redhat.com/errata/RHSA-2010:0399
access.redhat.com/errata/RHSA-2010:0400
access.redhat.com/errata/RHSA-2010:0401
access.redhat.com/security/cve/CVE-2010-0739
bugzilla.redhat.com/show_bug.cgi?id=572941
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468