From openpkg@openpkg.org Mon Dec 16 13:40:46 2002 From: OpenPKG To: bugtraq@securityfocus.com Date: Mon, 16 Dec 2002 17:42:53 +0100 Subject: [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2002.015 16-Dec-2002 ________________________________________________________________________ Package: tetex Vulnerability: remote command execution OpenPKG Specific: no Dependent Packages: none Affected Releases: Affected Packages: Corrected Packages: OpenPKG 1.0 <= tetex-1.0.7-1.0.0 >= tetex-1.0.7-1.0.1 OpenPKG 1.1 <= tetex-1.0.7-1.1.0 >= tetex-1.0.7-1.1.1 OpenPKG CURRENT <= tetex-1.0.7-20021204 >= tetex-1.0.7-20021216 Description: A vulnerability [1] in the kpathsea(3) library of teTeX was discovered. This library is used by xdvi(1) and dvips(1). Both programs call the system(3) function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files. If dvips(1) is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printing system user. Check whether you are affected by running "/bin/rpm -q tetex". If you have an affected version of the samba package (see above), please upgrade it according to the solution below. Solution: Update existing packages to newly patched versions of teTeX. Select the updated source RPM appropriate for your OpenPKG release [2][3][4], and fetch it from the OpenPKG FTP service or a mirror location. Verify its integrity [5], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [6]. For the latest OpenPKG 1.1 release, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.1/UPD ftp> get tetex-1.0.7-1.1.1.src.rpm ftp> bye $ /bin/rpm -v --checksig tetex-1.0.7-1.1.1.src.rpm $ /bin/rpm --rebuild tetex-1.0.7-1.1.1.src.rpm $ su - # /bin/rpm -Fvh /RPM/PKG/tetex-1.0.7-1.1.1.*.rpm ________________________________________________________________________ References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 [2] ftp://ftp.openpkg.org/release/1.0/UPD/ [3] ftp://ftp.openpkg.org/release/1.1/UPD/ [4] ftp://ftp.openpkg.org/current/SRC/ [5] http://www.openpkg.org/security.html#signature [6] http://www.openpkg.org/tutorial.html#regular-source ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For example, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iEYEARECAAYFAj3+AOwACgkQgHWT4GPEy59EaQCg3nIl3ru+vU27i/Wcqm+cUH5N /tAAn0QY3lN4bmUtNXIwMGsGitW2LMsz =6F8t -----END PGP SIGNATURE-----