324019 – app-text/texlive-core Integer overflow in dvips (CVE-2010-{0739,0827,1440})

Bug 324019 - app-text/texlive-core Integer overflow in dvips (CVE-2010-{0739,0827,1440})

Summary: app-text/texlive-core Integer overflow in dvips (CVE-2010-{0739,0827,1440})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-06-14 21:03 UTC by Matthias Geerdsen (RETIRED)
Modified:	2012-06-25 19:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Geerdsen (RETIRED) gentoo-dev

2010-06-14 21:03:32 UTC

CVE-2010-0827 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0827):
  Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
  allows remote attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via a crafted virtual font
  (VF) file associated with a DVI file.

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2010-06-14 21:25:50 UTC

CVE-2010-1440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1440):
  Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
  2009 and earlier, and teTeX, allow remote attackers to cause a denial
  of service (application crash) or possibly execute arbitrary code via
  a special command in a DVI file, related to the (1) predospecial and
  (2) bbdospecial functions, a different vulnerability than
  CVE-2010-0739.

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2010-06-15 21:01:06 UTC

CVE-2010-0739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0739):
  Integer overflow in the predospecial function in dospecial.c in dvips
  in (1) TeX Live and (2) teTeX might allow user-assisted remote
  attackers to execute arbitrary code via a crafted DVI file that
  triggers a heap-based buffer overflow.  NOTE: some of these details
  are obtained from third party information.

Comment 3 Alexis Ballier gentoo-dev

2010-06-20 11:04:26 UTC

texlive-core-2008-r8 fixes this as is our stable candidate

I'll fix 2009 asap for ~arch; I'll probably skip stabilizing 2009 since TeX Live 2010 is expected soon and should fix a couple of annoying issues.

Comment 4 Alexis Ballier gentoo-dev

2010-06-20 12:15:20 UTC

FWIW texlive-core-2009-r2 fixes this also

Comment 5 Dustin Polke 2010-12-14 16:17:55 UTC

(In reply to comment #3)
> texlive-core-2008-r8 fixes this as is our stable candidate

This should be pushed to stable I guess. Please consider adding ARCHs. Current stable 2008-r7:
alpha, amd64, arm, hppa, ia64, ppc, ppc64, s390, sh, sparc, x86

Comment 6 Alexis Ballier gentoo-dev

2011-10-05 21:06:34 UTC

texlive 2010 is now stable, guess you can close the bug / do the glsa stuff

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2011-10-09 23:16:06 UTC

(In reply to comment #6)
> texlive 2010 is now stable, guess you can close the bug / do the glsa stuff

Thanks, Alexis. Rated this B2 and added to existing GLSA request.

Comment 8 Johannes Huber (RETIRED) gentoo-dev

2012-05-17 13:33:09 UTC

Thank you all. Remove tex from CC as its nothing to do here anymore.

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2012-06-25 19:10:36 UTC

This issue was resolved and addressed in
 GLSA 201206-28 at http://security.gentoo.org/glsa/glsa-201206-28.xml
by GLSA coordinator Stefan Behte (craig).