![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Immunix Security Team <security@wirex.com>
To: undisclosed-recipients: ;
Subject: tetex update -- Immunix OS 6.2, 7.0-beta, and 7.0
Date: Tue, 3 Jul 2001 18:18:14 -0700
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: tetex
Affected products: Immunix OS 6.2, 7.0-beta, 7.0
Bugs fixed: immunix/1644
Date: Tue Jul 3 2001
Advisory ID: IMNX-2001-70-030-01
Author: Seth Arnold <sarnold@wirex,com>
-----------------------------------------------------------------------
Description:
zen-parse has discovered a flaw in the temporary file handling
cabilities of some teTeX filters used automatically as print filters
when printing .dvi files using 'lpr'. This can lead to an elevation
of privileges to lp:lp.
This patch replaces many instances of "$$" when creating temporary
files with a more robust routine using `mktemp`. As such, this
advisory relies upon Immunix OS Security Advisory IMNX-2001-70-021-01
which updated the mktemp package for Immunix OS 6.2.
We suggest all Immunix OS users upgrade their tetex packages when
possible.
References: http://www.securityfocus.com/archive/1/192647
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=43342
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-afm-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-doc-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-dvilj-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-dvips-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-fonts-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-latex-1.0.7-7_StackGuard_1.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/tetex-xdvi-1.0.7-7_StackGuard_1.i386.rpm
Source packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/tetex-1.0.7-7_StackGuard_1.src.rpm
Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-afm-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-doc-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-dvilj-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-dvips-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-fonts-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-latex-1.0.7-7_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/tetex-xdvi-1.0.7-7_imnx_1.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/tetex-1.0.7-7_imnx_1.src.rpm
Immunix OS 6.2 md5sums:
82095caabc048246ed25aebdabb0553f RPMS/tetex-1.0.7-7_StackGuard_1.i386.rpm
8adaec50bf8a67692f7401cee409e741 RPMS/tetex-afm-1.0.7-7_StackGuard_1.i386.rpm
2548d725320a97799ecaa5cf4ece3542 RPMS/tetex-doc-1.0.7-7_StackGuard_1.i386.rpm
0da22634ce4a831a64e289100652a068 RPMS/tetex-dvilj-1.0.7-7_StackGuard_1.i386.rpm
5e8793afee948fc8b82c4a377411abe9 RPMS/tetex-dvips-1.0.7-7_StackGuard_1.i386.rpm
496ac5d292d89147e49e49a69d49cf43 RPMS/tetex-fonts-1.0.7-7_StackGuard_1.i386.rpm
161aeb8bac18f729fc9b97dfd3321ce4 RPMS/tetex-latex-1.0.7-7_StackGuard_1.i386.rpm
448f2dd4f133f77db05a018a72305b9d RPMS/tetex-xdvi-1.0.7-7_StackGuard_1.i386.rpm
99f70f681a75e15bb1b8fc2bc479fecb SRPMS/tetex-1.0.7-7_StackGuard_1.src.rpm
Immunix OS 7.0 md5sums:
78b2adb8caaf593ecf99b0e0b05705a0 RPMS/tetex-1.0.7-7_imnx_1.i386.rpm
e46487c4794236c88c02def7949c7f02 RPMS/tetex-afm-1.0.7-7_imnx_1.i386.rpm
1655af092472bfd925c382a220de525c RPMS/tetex-doc-1.0.7-7_imnx_1.i386.rpm
cea21c96fc8def84772b168bf43ef782 RPMS/tetex-dvilj-1.0.7-7_imnx_1.i386.rpm
b928f683f7953b77714c1f5ac0873c39 RPMS/tetex-dvips-1.0.7-7_imnx_1.i386.rpm
3dba8f1c34575b82364749523860958e RPMS/tetex-fonts-1.0.7-7_imnx_1.i386.rpm
ee1cde997d45d47d0fbff57372e73ca4 RPMS/tetex-latex-1.0.7-7_imnx_1.i386.rpm
d14641c1cf268f5d8e081ff013e12f2d RPMS/tetex-xdvi-1.0.7-7_imnx_1.i386.rpm
0315efa3791b7d042e65aed2299aa4c3 SRPMS/tetex-1.0.7-7_imnx_1.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
*** NOTE *** This key is different from the one used in advisories
IMNX-2001-70-020-01 and earlier.
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.