72 lines
2.6 KiB
XML
72 lines
2.6 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200805-13">
|
|
<title>PTeX: Multiple vulnerabilities</title>
|
|
<synopsis>
|
|
Multiple vulnerabilities were discovered in PTeX, possibly allowing the
|
|
execution of arbitrary code or overwriting arbitrary files.
|
|
</synopsis>
|
|
<product type="ebuild">ptex</product>
|
|
<announced>2008-05-12</announced>
|
|
<revised count="01">2008-05-12</revised>
|
|
<bug>196673</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="app-text/ptex" auto="yes" arch="*">
|
|
<unaffected range="ge">3.1.10_p20071203</unaffected>
|
|
<vulnerable range="lt">3.1.10_p20071203</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
PTeX is a TeX distribution with Japanese support. It is used for
|
|
creating and manipulating LaTeX documents.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
Multiple issues were found in the teTeX 2 codebase that PTeX builds
|
|
upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable
|
|
code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
|
|
GLSA 200711-22) and from T1Lib (GLSA 200710-12).
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
Remote attackers could possibly execute arbitrary code and local
|
|
attackers could possibly overwrite arbitrary files with the privileges
|
|
of the user running PTeX via multiple vectors, e.g. enticing users to
|
|
open specially crafted files.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All PTeX users should upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.10_p20071203"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200708-05.xml">GLSA 200708-05</uri>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-12.xml">GLSA 200709-12</uri>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200709-17.xml">GLSA 200709-17</uri>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200710-12.xml">GLSA 200710-12</uri>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-22.xml">GLSA 200711-22</uri>
|
|
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200711-26.xml">GLSA 200711-26</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="2008-05-07T22:31:38Z">
|
|
p-y
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="2008-05-07T22:32:17Z">
|
|
p-y
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="2008-05-12T11:34:22Z">
|
|
p-y
|
|
</metadata>
|
|
</glsa>
|