GLSA-200805-13 : PTeX: Multiple vulnerabilities

medium Nessus Plugin ID 32304

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200805-13 (PTeX: Multiple vulnerabilities)

Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12).
Impact :

Remote attackers could possibly execute arbitrary code and local attackers could possibly overwrite arbitrary files with the privileges of the user running PTeX via multiple vectors, e.g. enticing users to open specially crafted files.
Workaround :

There is no known workaround at this time.

Solution

All PTeX users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/ptex-3.1.10_p20071203'

See Also

https://security.gentoo.org/glsa/200708-05

https://security.gentoo.org/glsa/200709-12

https://security.gentoo.org/glsa/200709-17

https://security.gentoo.org/glsa/200710-12

https://security.gentoo.org/glsa/200711-22

https://security.gentoo.org/glsa/200711-26

https://security.gentoo.org/glsa/200805-13

Plugin Details

Severity: Medium

ID: 32304

File Name: gentoo_GLSA-200805-13.nasl

Version: 1.19

Type: local

Published: 5/13/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:ptex, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 5/12/2008

Reference Information

GLSA: 200805-13