RHSA-2012:0137: Moderate: texlive security update

First published: Wed Feb 15 2012(Updated: )

TeX Live is an implementation of TeX. TeX takes a text file and a set of<br>formatting commands as input, and creates a typesetter-independent DeVice<br>Independent (DVI) file as output. The texlive packages provide a number of<br>utilities, including dvips.<br>TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize<br>bitmaps from PostScript Type 1 fonts. The following issues affect t1lib<br>code:<br>Two heap-based buffer overflow flaws were found in the way t1lib processed<br>Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened<br>by a TeX Live utility, it could cause the utility to crash or, potentially,<br>execute arbitrary code with the privileges of the user running the utility.<br>(CVE-2010-2642, CVE-2011-0433)<br>An invalid pointer dereference flaw was found in t1lib. A specially-crafted<br>font file could, when opened, cause a TeX Live utility to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>the utility. (CVE-2011-0764)<br>A use-after-free flaw was found in t1lib. A specially-crafted font file<br>could, when opened, cause a TeX Live utility to crash or, potentially,<br>execute arbitrary code with the privileges of the user running the utility.<br>(CVE-2011-1553)<br>An off-by-one flaw was found in t1lib. A specially-crafted font file could,<br>when opened, cause a TeX Live utility to crash or, potentially, execute<br>arbitrary code with the privileges of the user running the utility.<br>(CVE-2011-1554)<br>An out-of-bounds memory read flaw was found in t1lib. A specially-crafted<br>font file could, when opened, cause a TeX Live utility to crash.<br>(CVE-2011-1552)<br>Red Hat would like to thank the Evince development team for reporting<br>CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the<br>original reporter of CVE-2010-2642.<br>All users of texlive are advised to upgrade to these updated packages,<br>which contain backported patches to correct these issues.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2012:0137
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat