Bug 572941 (CVE-2010-0739) - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
Summary: CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
Status: CLOSED ERRATA
Alias: CVE-2010-0739
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,source=redhat,reporte...
Keywords: Security
Depends On: 577309 577322 577323 577328 577329 584793 584795
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-03-12 12:02 UTC by Jan Lieskovsky
Modified: 2019-06-08 12:57 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2013-05-08 18:31:47 UTC


Attachments (Terms of Use)
Patch to fix the integer allocation overflow (698 bytes, patch)
2010-03-12 14:22 UTC, Jindrich Novy
no flags Details | Diff
Updated patch from Karl Berry (496 bytes, patch)
2010-03-22 09:28 UTC, Jan Lieskovsky
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0399 normal SHIPPED_LIVE Moderate: tetex security update 2010-05-06 18:53:52 UTC
Red Hat Product Errata RHSA-2010:0400 normal SHIPPED_LIVE Moderate: tetex security update 2010-05-06 19:09:35 UTC
Red Hat Product Errata RHSA-2010:0401 normal SHIPPED_LIVE Moderate: tetex security update 2010-05-06 19:10:40 UTC

Description Jan Lieskovsky 2010-03-12 12:02:59 UTC
Marc Schoenefeld found an integer overflow in the way
TeX text formatting system processed special commands.
If a user was tricked into processing a specially-crafted
typesetter-independent .dvi (DeVice Independent) file,
it could lead to dvips executable crash or, potentially,
to arbitrary code execution with the privileges of the user
running dvips.

Comment 1 Jan Lieskovsky 2010-03-12 12:04:30 UTC
This issue affects the versions of the tetex package,
as shipped with Red Hat Enterprise Linux 3, 4, and 5.

This issue affects the versions of the texlive package,
as shipped with Fedora release of 11 and 12.

Comment 6 Jindrich Novy 2010-03-12 14:22:27 UTC
Created attachment 399653 [details]
Patch to fix the integer allocation overflow

Patch like this should handle this overflow. Please review.

Comment 7 Jan Lieskovsky 2010-03-19 11:41:51 UTC
This is CVE-2010-0739.

Comment 8 Jan Lieskovsky 2010-03-22 09:28:26 UTC
Created attachment 401680 [details]
Updated patch from Karl Berry

Comment 18 errata-xmlrpc 2010-05-06 18:54:08 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0399 https://rhn.redhat.com/errata/RHSA-2010-0399.html

Comment 19 errata-xmlrpc 2010-05-06 19:09:48 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html

Comment 20 errata-xmlrpc 2010-05-06 19:10:49 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2010:0401 https://rhn.redhat.com/errata/RHSA-2010-0401.html

Comment 21 Tomas Hoger 2010-05-10 09:01:03 UTC
Original upstream commit for this issue is:
  http://www.tug.org/svn/texlive?view=revision&revision=17559

Subsequent patch r18095 is needed to address related CVE-2010-1440 too:
  https://bugzilla.redhat.com/show_bug.cgi?id=586819#c13

Comment 22 Fedora Update System 2010-05-10 09:19:21 UTC
texlive-2007-47.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/texlive-2007-47.fc11

Comment 23 Fedora Update System 2010-05-10 09:19:34 UTC
texlive-2007-48.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/texlive-2007-48.fc12

Comment 24 Fedora Update System 2010-05-10 09:20:21 UTC
texlive-2007-51.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/texlive-2007-51.fc13

Comment 25 Fedora Update System 2010-05-18 21:43:54 UTC
texlive-2007-51.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2010-05-18 21:49:24 UTC
texlive-2007-48.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2010-05-18 21:51:33 UTC
texlive-2007-47.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.