| Descripción: | Description:
The remote host is missing an update to tetex
announced via advisory MDVSA-2010:096.
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted virtual font
(VF) file associated with a DVI file (CVE-2010-0827).
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
teTeX, allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a malformed DVI file
(CVE-2010-0829).
Integer overflow in the predospecial function in dospecial.c in
dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote
attackers to execute arbitrary code via a crafted DVI file that
triggers a heap-based buffer overflow. NOTE: some of these details
are obtained from third party information (CVE-2010-0739).
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
2009 and earlier, and teTeX, allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a special command in a DVI file, related to the (1) predospecial and
(2) bbdospecial functions, a different vulnerability than CVE-2010-0739
(CVE-2010-1440).
The corrected packages solves these problems.
Affected: Corporate 4.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:096
Risk factor : Critical
CVSS Score:
9.3
|
