Multiple stack-based buffer overflow were found in mimeTeX. A remote
attacker could provide a specially-crafted LaTeX expression, which might
lead to arbitrary code execution or disclosure of sensitive information,
when processed by the expression processing engine.
MITRE's CVE record (CVE-2009-1382):
Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when
downloaded before 20090713, allow remote attackers to execute
arbitrary code via a TeX file with long (1) picture, (2) circle, or
(3) input tags.
MITRE's CVE record (CVE-2009-2459):
Multiple unspecified vulnerabilities in mimeTeX, when downloaded
before 20090713, have unknown impact and attack vectors related to the
(1) \environ, (2) \input, and (3) \counter TeX directives.
This issue has not yet been corrected and affects Fedora 10, 11, and rawhide.
Upstream fixes are available; any mimetex release after 20090713 is supposed to have the fixes so if you grabbed the latest upstream zip these issues would be corrected.
Could you please create updated packages to correct these issues? Thanks.
I've built updated packages for f10, f11, f12 and rawhide (already queued in Bodhi). They seem to work OK for the test cases on scary.beasts.org.
mimetex-1.71-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
mimetex-1.71-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
Is there a reason why mimetex for Fedora 12 was built, but never submitted? Current mimetex version in Fedora 12 is 1.60-7.fc12. Could this get fixed and pushed for Fedora 12? It looks like Fedora 13 is properly at 1.71-1.fc13.
mimetex-1.71-1.fc12 has been submitted as an update for Fedora 12.
mimetex-1.71-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
kadu includes an embedded mimetex; kadu 0.10.1 (in F16 testing) would correct the flaw if it was pushed to F16+ (see bug #651261).
Created mimetex tracking bugs for this issue
Affects: epel-5 [bug 922139]
While this is fixed in Fedora and EPEL6, this is still unfixed in EPEL5. Now that a tracking bug has been created for EPEL, I'm going to close this bug and will rely on the tracking bug to get it fixed there.