Bug 198238 - app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937})
|
Bug#:
198238
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: rbu@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937})
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa]
|
|
Opened: 2007-11-06 03:15 0000
|
+++ This bug was initially created as a clone of Bug #198229 +++
dviljk as shipped in app-text/tetex-3.0_p1-r4 is vulnerable to multiple buffer
overflows and insecure temporary file creation. See attached patch for details.
Created an attachment (id=135310) [details]
tetex-src-3.0-dviljk-security-fixes.patch
Please note that the attached patch contains changes to configure.in, but does
not include a regenerated configure file, (e)autoreconf is necessary befure
building.
^^ As mentioned above, another set of buffer overflows exist in dvips.
This also contains the fix for Xpdf, bug 196735. Thanks for handling it so
fast, Alexis.
Arches, please test and mark stable app-text/tetex-3.0_p1-r5.
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc
x86"
Alexis, I just discovered that tetex does not link against the system t1lib,
but its own version which is (probably) vulnerable to bug 193437.
I'll stop stabling here and we'll restart it with a new -r that passes
--with-system-t1lib to configure, ok?
hmmm...
configure.in:test "$with_dvipng" != no && : ${needs_libt1=yes}
configure.in:test "$with_xdvik" != no && : ${needs_libt1=yes}
configure.in:test "$with_oxdvik" != no && : ${needs_libt1=yes}
so in our case it only affects us with use=X;
in tetex.eclass:
if useq X ; then
addwrite /var/cache/fonts
xdvik="--with-xdvik --with-oxdvik"
#xdvik="$xdvik --with-system-t1lib"
else
I'll have to check why it's commented out...
(In reply to comment #15)
> note that t1lib + use doc needs a latex compiler so this will cause circular
> deps... monolithic ebuilds suck :/
That indeed is a problem. So I would advise to patch the bundled t1lib, or is
there any strategy to avoid this?
The patch in /media-libs/t1lib/files/t1lib-5.0.2-SA26241_buffer_overflow.patch
should work, if I remember the versions right.
(In reply to comment #16)
> (In reply to comment #15)
> > note that t1lib + use doc needs a latex compiler so this will cause circular
> > deps... monolithic ebuilds suck :/
>
> That indeed is a problem. So I would advise to patch the bundled t1lib, or is
> there any strategy to avoid this?
it should be possible to just not build xdvik in tetex, but as our tetex has
been doing this for years, I suppose it's better to keep it like this, patching
for security holes.
> The patch in /media-libs/t1lib/files/t1lib-5.0.2-SA26241_buffer_overflow.patch
> should work, if I remember the versions right.
applied in tetex-3.0_p1-r6
Arches, please test and mark stable app-text/tetex-3.0_p1-r6.
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc
x86"
*** Bug 199421 has been marked as a duplicate of this bug. ***
compiles and works, amd64 stable.
Does not affect current (2008.0) release. Removing release.
