An integer overflow was found in the way TeX text formatting system processed special commands. If a user was tricked into processing a specially-crafted typesetter-independent .dvi (DeVice Independent) file, it could lead to dvips executable crash or, potentially, to arbitrary code execution with the privileges of the user running dvips. Different vulnerability than CVE-2010-0739.
This is CVE-2010-1440.
Created attachment 409893 [details] Proposed patch for RHEL5
(In reply to comment #3) > Created an attachment (id=409893) [details] > Proposed patch for RHEL5 This may work in some cases, but not in general. nextstring + numbytes may still overflow for certain nextstring / numbytes values.
Created attachment 410146 [details] Proposed patch from Ludwig Nussel of SUSE
Created attachment 410148 [details] And slightly adjusted one
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0399 https://rhn.redhat.com/errata/RHSA-2010-0399.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0401 https://rhn.redhat.com/errata/RHSA-2010-0401.html
Upstream commit: http://www.tug.org/svn/texlive?view=revision&revision=18095
texlive-2007-47.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/texlive-2007-47.fc11
texlive-2007-48.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/texlive-2007-48.fc12
texlive-2007-51.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/texlive-2007-51.fc13
texlive-2007-51.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
texlive-2007-48.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
texlive-2007-47.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.