Bug 368641 (CVE-2007-5937)

Summary: CVE-2007-5937 Multiple dviljk buffer overflows
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jlieskov, jnovy
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.gentoo.org/show_bug.cgi?id=198238
Whiteboard:
Fixed In Version: 3.0-40.3.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-07 08:22:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 379831, 379841, 379851, 379861, 577309, 577322, 577323, 577328, 577329    
Bug Blocks:    

Description Lubomir Kundrak 2007-11-06 18:00:42 UTC 
Description of problem:

dviljk contains multiple buffer overflow conditions that can be triggered by a
DVI input file. This could possibly result in arbitrary code execution in case
user was tricked into print a specially crafted DVI file.

Additional info:

See URL filed for Gentoo report.
The attachment #249481 [details] fixes this bug together with bug #368611
It will most likely need some mungling as whitespace changes make the fixes less
obvious.
Comment 1 Lubomir Kundrak 2007-11-06 18:08:03 UTC 
The CVE identifier for this issue was requested.
Comment 4 Robert Buchholz 2007-11-07 13:59:41 UTC 
(In reply to comment #0)
> It will most likely need some mungling as whitespace changes make the fixes less
> obvious.

Cleaned up patch for texlive is here. Except for the autotools stuff and
ChangeLog, it should apply to tetex.
  http://bugs.gentoo.org/attachment.cgi?id=135423
Comment 7 Lubomir Kundrak 2007-11-13 13:22:20 UTC 
Pinged Mitre about the need for CVE.
Comment 8 Jindrich Novy 2007-11-13 14:29:00 UTC 
Fixed in rawhide. F8, F7, FC-6 pending.
Comment 9 Fedora Update System 2007-11-15 03:32:29 UTC 
tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 10 Fedora Update System 2007-11-15 03:46:25 UTC 
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 11 Fedora Update System 2007-11-20 18:00:52 UTC 
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2007-11-20 18:04:59 UTC 
tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Lubomir Kundrak 2007-12-05 19:31:28 UTC 
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Comment 15 Red Hat Bugzilla 2009-10-23 19:04:43 UTC 
Reporter changed to security-response-team by request of Jay Turner.
Comment 19 Tomas Hoger 2010-05-07 08:22:25 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide dviljk binary.