[UCI-Linux] [SECURITY] Fedora Core 3 Update: tetex-2.0.2-21.7.FC3

Mike Iglesias iglesias at draco.acs.uci.edu
Thu Jan 12 08:24:20 PST 2006

From: "Jindrich Novy" <jnovy at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 12 Jan 2006 11:16:08 -0500
Subject: [SECURITY] Fedora Core 3 Update: tetex-2.0.2-21.7.FC3

Fedora Update Notification

Product     : Fedora Core 3
Name        : tetex
Version     : 2.0.2                      
Release     : 21.7.FC3                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.

Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and
CVE-2005-3627 to these issues.
* Wed Jan 11 2006 Jindrich Novy <jnovy at redhat.com> 2.0.2-21.7.FC3
- apply additional patch to fix xpdf flaws from Ludwig Nussel
  (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
* Mon Dec 19 2005 Jindrich Novy <jnovy at redhat.com> 2.0.2-21.6
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
  security response team, taken from xpdf

This update can be downloaded from:

cf7ccd06a85a2a3eaa876706971fe32f5cba66b9  SRPMS/tetex-2.0.2-21.7.FC3.src.rpm
c4b3207cd02981b2c6f96ad2e27e2c882664c444  x86_64/tetex-2.0.2-21.7.FC3.x86_64.rpm
cfe7477d6307af610983d7b3b4bd8ab1b23026bc  x86_64/tetex-latex-2.0.2-21.7.FC3.x86_64.rpm
6de73df47b772f7631692c4c392a02a32630acc4  x86_64/tetex-xdvi-2.0.2-21.7.FC3.x86_64.rpm
ec4cc2f62901e9714f5fc0a1e482ac87868a38e3  x86_64/tetex-dvips-2.0.2-21.7.FC3.x86_64.rpm
7b7380a14999d0fb2ea794cf48afea1bf4fcb608  x86_64/tetex-afm-2.0.2-21.7.FC3.x86_64.rpm
5f58c8f32f80ae9f3940918cb77dc4145ac87d15  x86_64/tetex-fonts-2.0.2-21.7.FC3.x86_64.rpm
8269c2c6f763acc64d4b7230b3e2b9e30de0e5e6  x86_64/tetex-doc-2.0.2-21.7.FC3.x86_64.rpm
fa6a0fe488ddca27adddf8fd8e86efd5d3c96702  x86_64/debug/tetex-debuginfo-2.0.2-21.7.FC3.x86_64.rpm
0199f223161ef36cc20d6c8d3975bc93cf5b859a  i386/tetex-2.0.2-21.7.FC3.i386.rpm
ebf60610fcb7883a7fd51fc9149ca0ce39c25f88  i386/tetex-latex-2.0.2-21.7.FC3.i386.rpm
9b33603eaf128f8175b5d6a76b11dc2a1f7938a9  i386/tetex-xdvi-2.0.2-21.7.FC3.i386.rpm
0bca7c80842a921535f9f169873bba67857a9262  i386/tetex-dvips-2.0.2-21.7.FC3.i386.rpm
b10d1f4ab980b22f1b8c2998bba514294438e3e4  i386/tetex-afm-2.0.2-21.7.FC3.i386.rpm
439315089cf95886e7e93531df42779a5b3c9225  i386/tetex-fonts-2.0.2-21.7.FC3.i386.rpm
26316d94c329dbc63f732451cd92eac25a376bed  i386/tetex-doc-2.0.2-21.7.FC3.i386.rpm
62428a292a5e896a2e13e95ad6dc58be9559af9e  i386/debug/tetex-debuginfo-2.0.2-21.7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list