Bug 214907 - texinfo multiple vulnerabilities - CVE-2005-3011, CVE-2006-4810
Summary: texinfo multiple vulnerabilities - CVE-2005-3011, CVE-2006-4810
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: texinfo (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: impact=moderate, LEGACY, 3, 4, publis...
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-09 22:27 UTC by Jeff Sheltren
Modified: 2007-07-16 10:51 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-16 10:51:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jeff Sheltren 2006-11-09 22:27:45 UTC
A buffer overflow flaw was found in Texinfo's texindex command. An attacker
could construct a carefully crafted Texinfo file that could cause texindex
to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary
files. A local user could leverage this flaw to overwrite files the user
executing texindex has write access to. (CVE-2005-3011)

See RedHat announcement:
https://rhn.redhat.com/errata/RHSA-2006-0727.html

Looks like this affects both FC3 and FC4.

Comment 1 Jeff Sheltren 2006-11-15 20:07:45 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2005-3011 was already patched in the FC3 and FC4 packages,
but I've created updated packages to fix CVE-2006-4810
using the patch from EL4.

FC3:
http://www.cs.ucsb.edu/~jeff/legacy/texinfo-4.8-2.3.legacy.src.rpm
eec94c695ff6a2806ef59f53b39a1d6c214c8ab6  texinfo-4.8-2.3.legacy.src.rpm

FC4:
http://www.cs.ucsb.edu/~jeff/legacy/texinfo-4.8-8.fc4.3.legacy.src.rpm
7bb1f141e55943ffae6a043336494a86efa98265  texinfo-4.8-8.fc4.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFW3JQKe7MLJjUbNMRAtxJAJ9eUffDF51j9d9VhNDzLTNVY7Mb8wCfXgro
nLeKeq7fwDChDbVico+bhKU=
=OzNS
-----END PGP SIGNATURE-----


Note You need to log in before you can comment on or make changes to this bug.