RHEL 4 : tetex (RHSA-2005:026)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated tetex packages that resolve security issues are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The tetex packages (teTeX) contain an implementation of TeX for Linux
or UNIX systems.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf
which also affects teTeX due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause teTeX to crash
or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1125 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects teTeX due to a shared codebase. An attacker
could construct a carefully crafted PDF file that could cause teTeX to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0064 to this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-1125.html
https://www.redhat.com/security/data/cve/CVE-2005-0064.html
http://rhn.redhat.com/errata/RHSA-2005-026.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17338 ()

Bugtraq ID:

CVE ID: CVE-2004-1125
CVE-2005-0064