Updated tetex packages that fix several security issues are now available
for CentOS Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
TeTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (dvi) file as output.
Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause TeTeX to crash
or potentially execute arbitrary code when opened.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
A flaw was found in the t1lib library, used in the handling of Type 1
fonts. An attacker could create a malicious file that would cause TeTeX to
crash, or potentially execute arbitrary code when opened. (CVE-2007-4033)
Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.