Bug 586819 (CVE-2010-1440)
Summary: | CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | mjc, security-response-team, vdanen | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2021-10-19 09:11:43 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 577309, 577322, 577323, 577328, 577329, 584793, 584795 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Jan Lieskovsky
2010-04-28 12:34:37 UTC
This is CVE-2010-1440. Created attachment 409893 [details]
Proposed patch for RHEL5
(In reply to comment #3) > Created an attachment (id=409893) [details] > Proposed patch for RHEL5 This may work in some cases, but not in general. nextstring + numbytes may still overflow for certain nextstring / numbytes values. Created attachment 410146 [details]
Proposed patch from Ludwig Nussel of SUSE
Created attachment 410148 [details]
And slightly adjusted one
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0399 https://rhn.redhat.com/errata/RHSA-2010-0399.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0401 https://rhn.redhat.com/errata/RHSA-2010-0401.html Upstream commit: http://www.tug.org/svn/texlive?view=revision&revision=18095 texlive-2007-47.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/texlive-2007-47.fc11 texlive-2007-48.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/texlive-2007-48.fc12 texlive-2007-51.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/texlive-2007-51.fc13 texlive-2007-51.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. texlive-2007-48.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. texlive-2007-47.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |