Bug 352271 - (CVE-2007-4033) CVE-2007-4033 t1lib font filename string overflow
CVE-2007-4033 t1lib font filename string overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
reported=20070921,public=20070726,sou...
: Security
Depends On: 303021 356691 356701 356711 356721 356781 356791
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-25 09:30 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-20 13:04 EST (History)
4 users (show)

See Also:
Fixed In Version: 3.0-40.3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-20 13:00:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Comment 1 Mark J. Cox (Product Security) 2007-10-25 09:31:58 EDT
        local copy in xpdf and tetex code

        CVE-2007-4033 Maybe Affects: tetex rhel-3
        CVE-2007-4033 Maybe Affects: tetex rhel-4
        CVE-2007-4033 Maybe Affects: tetex rhel-5

        CVE-2007-4033 Maybe Affects: xpdf rhel-2.1
        CVE-2007-4033 Maybe Affects: xpdf rhel-3
        CVE-2007-4033 Doesn't Affect: xpdf rhel-4  (--without-t1-library)

For RHEL5 this will be caught by fortify_source (strcat())
Comment 2 Mark J. Cox (Product Security) 2007-10-25 09:35:26 EDT
patch at http://bugs.gentoo.org/show_bug.cgi?id=193437#c1
Comment 3 Tom "spot" Callaway 2007-10-25 10:02:40 EDT
There's no local copy of t1lib in xpdf (at least not in FC-6, F-7, F-8,
rawhide). We're using the system t1lib.
Comment 9 Fedora Update System 2007-11-14 22:32:23 EST
tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 10 Fedora Update System 2007-11-14 22:46:16 EST
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 11 Fedora Update System 2007-11-20 13:00:45 EST
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2007-11-20 13:04:54 EST
tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.