[SECURITY] Fedora Core 4 Update: tetex-3.0-9.FC4

Jindrich Novy jnovy at redhat.com
Thu Jan 12 16:15:59 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-028
2006-01-12
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : tetex
Version     : 3.0                      
Release     : 9.FC4                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.


The Red Hat tetex package also contains software related to Japanese
support for teTeX such as ptex, what is not a part of teTeX project.

---------------------------------------------------------------------
Update Information:

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.

The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to
these issues.

This package also updates bindings in texdoc and causes the
local texmf tree to be searched first.
---------------------------------------------------------------------
* Wed Jan 11 2006 Jindrich Novy <jnovy at redhat.com> 3.0-9.FC4
- apply additional patch to fix xpdf flaws from Ludwig Nussel
  (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128)
- /usr/share/texmf/doc is now owned by tetex package (#177065)
- update searching order for kpathsea (local texmf tree is
  searched first)
- don't use obsolete bindings in texdoc
* Mon Dec 19 2005 Jindrich Novy <jnovy at redhat.com> 3.0-8.FC4
- apply more complete fix for CVE-2005-3193 (#175110) suggested by
  security response team, taken from xpdf

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d5803bb897ac8b307e604d9b5ff872c1ff314565  SRPMS/tetex-3.0-9.FC4.src.rpm
ff74404da788d6b5677d6edf10745564bafd43da  ppc/tetex-3.0-9.FC4.ppc.rpm
1ddbc8cb532cb20d101e490bb881621c994d8851  ppc/tetex-latex-3.0-9.FC4.ppc.rpm
c8329a5c0b491f82d37e7b7024b3d4b0cf2553f1  ppc/tetex-xdvi-3.0-9.FC4.ppc.rpm
7387673a1b7a69582e6f0c4b382430f9c71c5eec  ppc/tetex-dvips-3.0-9.FC4.ppc.rpm
59b640dee6af739cde5d2f7f8dbebaaabcb4ec28  ppc/tetex-afm-3.0-9.FC4.ppc.rpm
0e4a4804df1cfd756da3be2b93bbdc08548ce3cf  ppc/tetex-fonts-3.0-9.FC4.ppc.rpm
846dc3c32e28fc4b1bc703d62f6bf1f1daa26031  ppc/tetex-doc-3.0-9.FC4.ppc.rpm
4d054f78d197154f5de87f7118de6a01dd65230e  ppc/debug/tetex-debuginfo-3.0-9.FC4.ppc.rpm
aa56a1fce1d8d1b5213a588612bfbea03d2e18d8  x86_64/tetex-3.0-9.FC4.x86_64.rpm
ccd10c08e3342efd7e0345e3d6bf030574066262  x86_64/tetex-latex-3.0-9.FC4.x86_64.rpm
2abd94209f969ffad4e152d5fa84d9724495886c  x86_64/tetex-xdvi-3.0-9.FC4.x86_64.rpm
4a966b11d187f743445bf0a9193eab5e021bcc7b  x86_64/tetex-dvips-3.0-9.FC4.x86_64.rpm
9b0b54e67982188e20dcbafdd1c25cc559306345  x86_64/tetex-afm-3.0-9.FC4.x86_64.rpm
81c804112f3f557950f618a4d7d459f6d3683298  x86_64/tetex-fonts-3.0-9.FC4.x86_64.rpm
a3905125347b27476119eb2109f533f868898f00  x86_64/tetex-doc-3.0-9.FC4.x86_64.rpm
8c50c8246b1cd2eb16dc03f9f45ebbcb31470c87  x86_64/debug/tetex-debuginfo-3.0-9.FC4.x86_64.rpm
7afe7adda01e3a4cef49c7ff05975c1a2ebf4d8a  i386/tetex-3.0-9.FC4.i386.rpm
de7db2f913951772d3ea106472bc390b3bd6a391  i386/tetex-latex-3.0-9.FC4.i386.rpm
af8d0c5026e4fbd557cc06024af2952025c8ba5b  i386/tetex-xdvi-3.0-9.FC4.i386.rpm
3d7837c759ec17ac25a3ba82cc038eb0eab25558  i386/tetex-dvips-3.0-9.FC4.i386.rpm
cb11ce07500fe9f978f8d372358eb4dd664bd03a  i386/tetex-afm-3.0-9.FC4.i386.rpm
c483b2892a7b02e22ac96c91e39e24f0fb783a26  i386/tetex-fonts-3.0-9.FC4.i386.rpm
31592fdca8509bc0412293b707eaf02485640b8e  i386/tetex-doc-3.0-9.FC4.i386.rpm
d706dba1b43706096b7dcd29c8ef203d72c48731  i386/debug/tetex-debuginfo-3.0-9.FC4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




More information about the fedora-announce-list mailing list