Detections
Analytics

GLSA-200711-34 : CSTeX: Multiple vulnerabilities

medium Nessus Plugin ID 28323

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200711-34 (CSTeX: Multiple vulnerabilities)

 Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12).
 Impact :

 Remote attackers could possibly execute arbitrary code and local attackers could possibly overwrite arbitrary files with the privileges of the user running CSTeX via multiple vectors.
 Workaround :

 There is no known workaround at this time.

Solution

CSTeX is not maintained upstream, so the package was masked in Portage.
 We recommend that users unmerge CSTeX:
 # emerge --unmerge app-text/cstetex As an alternative, users should upgrade their systems to use teTeX or TeX Live with its Babel packages.

See Also

https://security.gentoo.org/glsa/200708-05

https://security.gentoo.org/glsa/200709-12

https://security.gentoo.org/glsa/200709-17

https://security.gentoo.org/glsa/200710-12

https://security.gentoo.org/glsa/200711-22

https://security.gentoo.org/glsa/200711-26

https://security.gentoo.org/glsa/200711-34

Plugin Details

Severity: Medium

ID: 28323

File Name: gentoo_GLSA-200711-34.nasl

Version: 1.21

Type: local

Published: 11/26/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:cstetex, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 11/25/2007

Reference Information

GLSA: 200711-34