[30410] in bugtraq
Immunix Secured OS 7+ tetex update
daemon@ATHENA.MIT.EDU (Immunix Security Team)
Tue Jun 10 10:16:05 2003
Date: Mon, 9 Jun 2003 16:32:18 -0700
From: Immunix Security Team <security@immunix.com>
To: bugtraq@securityfocus.com
Message-ID: <20030609233218.GC31593@wirex.com>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="4jXrM3lyYWu4nBt5"
Content-Disposition: inline
--4jXrM3lyYWu4nBt5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: tetex, psutils, w3c-libwww
Affected products: Immunix OS 7+
Bugs fixed: CAN-2002-0836
Date: Mon Jun 9 2003
Advisory ID: IMNX-2003-7+-016-01
Author: Seth Arnold <sarnold@immunix.com>
-----------------------------------------------------------------------
Description:
Olaf Kirch has discovered an unsafe use of system(3) in the dvips(1)
tool in the teTeX suite. This fix disallows use of characters outside
of A-Za-z0-9_-. in font names, to ensure shell metacharacters aren't
used improperly.
This release also removes the dvi-to-ps.fpi print filter which allowed
direct printing of dvi files with LPRng. zen-parse discovered the
script called dvips unsafely. This can be leveraged into a remote
attack, if LPRng is configured to accept remote connections.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0836
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/psutils-1.17-13_imn=
x_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-1.0.7-47.1_im=
nx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-afm-1.0.7-47.=
1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-doc-1.0.7-47.=
1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-dvilj-1.0.7-4=
7.1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-dvips-1.0.7-4=
7.1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-fonts-1.0.7-4=
7.1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-latex-1.0.7-4=
7.1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-xdvi-1.0.7-47=
.1_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-5.3.2-5_=
imnx_0.1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-apps-5.3=
.2-5_imnx_0.1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-devel-5.=
3.2-5_imnx_0.1.i386.rpm
Source packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/psutils-1.17-13_im=
nx_1.src.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/tetex-1.0.7-47.1_i=
mnx_1.src.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/w3c-libwww-5.3.2-5=
_imnx_0.1.src.rpm
Immunix OS 7+ md5sums:
45c88d0eede5af1e0bb9c51147969344 RPMS/tetex-1.0.7-47.1_imnx_1.i386.rpm
0ef640df004e97371d11023e8fb24d41 RPMS/tetex-afm-1.0.7-47.1_imnx_1.i386.rpm
05157875704d2d619369d9375f4e2e4a RPMS/tetex-doc-1.0.7-47.1_imnx_1.i386.rpm
f79bd08c4c6e40de490cd8ce59226390 RPMS/tetex-dvilj-1.0.7-47.1_imnx_1.i386.=
rpm
28cba1da26c8f42a00ed60d99b8ea981 RPMS/tetex-dvips-1.0.7-47.1_imnx_1.i386.=
rpm
cdd76e275ca84bad4d93d8311b6571d1 RPMS/tetex-fonts-1.0.7-47.1_imnx_1.i386.=
rpm
0d894fb565f6f47fc92025088a394037 RPMS/tetex-latex-1.0.7-47.1_imnx_1.i386.=
rpm
4d469d67f6076948da2a808c67639172 RPMS/tetex-xdvi-1.0.7-47.1_imnx_1.i386.r=
pm
991a4075e39f5143883d9dfc7f4874e4 SRPMS/tetex-1.0.7-47.1_imnx_1.src.rpm
d69029862a145682d1a5ad3f6125c81e RPMS/psutils-1.17-13_imnx_1.i386.rpm
b88265794beb2abd9be444fb228f3cd0 SRPMS/psutils-1.17-13_imnx_1.src.rpm
2e183c95643b209194cc1448b81e13cc RPMS/w3c-libwww-5.3.2-5_imnx_0.1.i386.rpm
862edc7d919a62bf74ea89234395e402 RPMS/w3c-libwww-apps-5.3.2-5_imnx_0.1.i3=
86.rpm
75e8801d793dcbc353944e81d485df52 RPMS/w3c-libwww-devel-5.3.2-5_imnx_0.1.i=
386.rpm
dd25ce9cd60355a9f01d747d10a4b0ce SRPMS/w3c-libwww-5.3.2-5_imnx_0.1.src.rpm
GPG verification: =
=20
Our public key is available at: http://download.immunix.org/GPG_KEY =
=20
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@immunix.com. Immunix
attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
--4jXrM3lyYWu4nBt5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj7lGQIACgkQVQcWL60UVMtrrACdFcMc5YU+iUMhm2SpoMc6H2s3
efkAn29kjCtsg2yc1sJqxYQzv4zvEsyY
=nZjW
-----END PGP SIGNATURE-----
--4jXrM3lyYWu4nBt5--
