[UCI-Linux] [SECURITY] Fedora Core 4 Update: tetex-3.0-9.FC4

Mike Iglesias iglesias at draco.acs.uci.edu
Thu Jan 12 08:24:22 PST 2006

From: "Jindrich Novy" <jnovy at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 12 Jan 2006 11:15:59 -0500
Subject: [SECURITY] Fedora Core 4 Update: tetex-3.0-9.FC4

Fedora Update Notification

Product     : Fedora Core 4
Name        : tetex
Version     : 3.0                      
Release     : 9.FC4                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.

The Red Hat tetex package also contains software related to Japanese
support for teTeX such as ptex, what is not a part of teTeX project.

Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to
these issues.

This package also updates bindings in texdoc and causes the
local texmf tree to be searched first.
* Wed Jan 11 2006 Jindrich Novy <jnovy at redhat.com> 3.0-9.FC4
- apply additional patch to fix xpdf flaws from Ludwig Nussel
  (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
- /usr/share/texmf/doc is now owned by tetex package (#177065)
- update searching order for kpathsea (local texmf tree is
  searched first)
- don't use obsolete bindings in texdoc
* Mon Dec 19 2005 Jindrich Novy <jnovy at redhat.com> 3.0-8.FC4
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
  security response team, taken from xpdf

This update can be downloaded from:

d5803bb897ac8b307e604d9b5ff872c1ff314565  SRPMS/tetex-3.0-9.FC4.src.rpm
ff74404da788d6b5677d6edf10745564bafd43da  ppc/tetex-3.0-9.FC4.ppc.rpm
1ddbc8cb532cb20d101e490bb881621c994d8851  ppc/tetex-latex-3.0-9.FC4.ppc.rpm
c8329a5c0b491f82d37e7b7024b3d4b0cf2553f1  ppc/tetex-xdvi-3.0-9.FC4.ppc.rpm
7387673a1b7a69582e6f0c4b382430f9c71c5eec  ppc/tetex-dvips-3.0-9.FC4.ppc.rpm
59b640dee6af739cde5d2f7f8dbebaaabcb4ec28  ppc/tetex-afm-3.0-9.FC4.ppc.rpm
0e4a4804df1cfd756da3be2b93bbdc08548ce3cf  ppc/tetex-fonts-3.0-9.FC4.ppc.rpm
846dc3c32e28fc4b1bc703d62f6bf1f1daa26031  ppc/tetex-doc-3.0-9.FC4.ppc.rpm
4d054f78d197154f5de87f7118de6a01dd65230e  ppc/debug/tetex-debuginfo-3.0-9.FC4.ppc.rpm
aa56a1fce1d8d1b5213a588612bfbea03d2e18d8  x86_64/tetex-3.0-9.FC4.x86_64.rpm
ccd10c08e3342efd7e0345e3d6bf030574066262  x86_64/tetex-latex-3.0-9.FC4.x86_64.rpm
2abd94209f969ffad4e152d5fa84d9724495886c  x86_64/tetex-xdvi-3.0-9.FC4.x86_64.rpm
4a966b11d187f743445bf0a9193eab5e021bcc7b  x86_64/tetex-dvips-3.0-9.FC4.x86_64.rpm
9b0b54e67982188e20dcbafdd1c25cc559306345  x86_64/tetex-afm-3.0-9.FC4.x86_64.rpm
81c804112f3f557950f618a4d7d459f6d3683298  x86_64/tetex-fonts-3.0-9.FC4.x86_64.rpm
a3905125347b27476119eb2109f533f868898f00  x86_64/tetex-doc-3.0-9.FC4.x86_64.rpm
8c50c8246b1cd2eb16dc03f9f45ebbcb31470c87  x86_64/debug/tetex-debuginfo-3.0-9.FC4.x86_64.rpm
7afe7adda01e3a4cef49c7ff05975c1a2ebf4d8a  i386/tetex-3.0-9.FC4.i386.rpm
de7db2f913951772d3ea106472bc390b3bd6a391  i386/tetex-latex-3.0-9.FC4.i386.rpm
af8d0c5026e4fbd557cc06024af2952025c8ba5b  i386/tetex-xdvi-3.0-9.FC4.i386.rpm
3d7837c759ec17ac25a3ba82cc038eb0eab25558  i386/tetex-dvips-3.0-9.FC4.i386.rpm
cb11ce07500fe9f978f8d372358eb4dd664bd03a  i386/tetex-afm-3.0-9.FC4.i386.rpm
c483b2892a7b02e22ac96c91e39e24f0fb783a26  i386/tetex-fonts-3.0-9.FC4.i386.rpm
31592fdca8509bc0412293b707eaf02485640b8e  i386/tetex-doc-3.0-9.FC4.i386.rpm
d706dba1b43706096b7dcd29c8ef203d72c48731  i386/debug/tetex-debuginfo-3.0-9.FC4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list