Bug 511049 - (CVE-2009-1382, CVE-2009-2459) CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws
CVE-2009-1382 CVE-2009-2459 mimeTeX: various flaws
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://scary.beasts.org/security/CESA...
impact=important,public=20090526,repo...
: Security
Depends On: 581023 651261 922139
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-13 09:08 EDT by Jan Lieskovsky
Modified: 2013-03-15 10:56 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-15 10:56:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-07-13 09:08:11 EDT
Multiple stack-based buffer overflow were found in mimeTeX. A remote
attacker could provide a specially-crafted LaTeX expression, which might
lead to arbitrary code execution or disclosure of sensitive information,
when processed by the expression processing engine.

References:
-----------
http://scary.beasts.org/security/CESA-2009-009.html
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578#
Comment 1 Jan Lieskovsky 2009-07-15 10:50:17 EDT
MITRE's CVE record (CVE-2009-1382):

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when
downloaded before 20090713, allow remote attackers to execute
arbitrary code via a TeX file with long (1) picture, (2) circle, or
(3) input tags.

References:
----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1382
http://www.securityfocus.com/archive/1/archive/1/504919/100/0/threaded
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
http://scary.beasts.org/security/CESA-2009-009.html
http://secunia.com/advisories/35752
http://secunia.com/advisories/35816
http://www.vupen.com/english/advisories/2009/1875
Comment 2 Jan Lieskovsky 2009-07-15 10:59:29 EDT
MITRE's CVE record (CVE-2009-2459):

Multiple unspecified vulnerabilities in mimeTeX, when downloaded
before 20090713, have unknown impact and attack vectors related to the
(1) \environ, (2) \input, and (3) \counter TeX directives.

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2459
http://scary.beasts.org/security/CESA-2009-009.html
http://secunia.com/advisories/35752
http://www.vupen.com/english/advisories/2009/1875
Comment 3 Vincent Danen 2009-09-25 20:29:59 EDT
This issue has not yet been corrected and affects Fedora 10, 11, and rawhide.

Upstream fixes are available; any mimetex release after 20090713 is supposed to have the fixes so if you grabbed the latest upstream zip these issues would be corrected.

Could you please create updated packages to correct these issues?  Thanks.
Comment 4 cq92j9y+rlkr0w 2009-10-01 23:17:16 EDT
Hi,

I've built updated packages for f10, f11, f12 and rawhide (already queued in Bodhi). They seem to work OK for the test cases on scary.beasts.org.

http://koji.fedoraproject.org/koji/buildinfo?buildID=134803
http://koji.fedoraproject.org/koji/buildinfo?buildID=134804
http://koji.fedoraproject.org/koji/buildinfo?buildID=134805
http://koji.fedoraproject.org/koji/buildinfo?buildID=134806
Comment 5 Fedora Update System 2009-11-04 07:21:44 EST
mimetex-1.71-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-11-04 07:37:46 EST
mimetex-1.71-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Vincent Danen 2010-04-09 15:44:25 EDT
Is there a reason why mimetex for Fedora 12 was built, but never submitted?  Current mimetex version in Fedora 12 is 1.60-7.fc12.  Could this get fixed and pushed for Fedora 12?  It looks like Fedora 13 is properly at 1.71-1.fc13.

Thanks.
Comment 9 Fedora Update System 2010-04-12 19:58:01 EDT
mimetex-1.71-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/mimetex-1.71-1.fc12
Comment 10 Fedora Update System 2010-04-13 21:35:26 EDT
mimetex-1.71-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Vincent Danen 2012-09-11 12:33:26 EDT
kadu includes an embedded mimetex; kadu 0.10.1 (in F16 testing) would correct the flaw if it was pushed to F16+ (see bug #651261).
Comment 12 Vincent Danen 2013-03-15 10:55:18 EDT
Created mimetex tracking bugs for this issue

Affects: epel-5 [bug 922139]
Comment 13 Vincent Danen 2013-03-15 10:56:15 EDT
While this is fixed in Fedora and EPEL6, this is still unfixed in EPEL5.  Now that a tracking bug has been created for EPEL, I'm going to close this bug and will rely on the tracking bug to get it fixed there.

Note You need to log in before you can comment on or make changes to this bug.