Updated teTeX packages are available, fixing a temporary file handling vulnerability and an insecure invocation of dvips in a print filter.
A flaw has been discovered in the temporary file handling of some of the scripts from the teTeX set of packages. This can, under some circumstances, lead to a compromise of the groups that LPRng runs as. Several scripts used the current process ID as temporary file names and have now been altered to use the 'mktemp' program instead. Additionally, an insecure invocation of the 'dvips' program has been discovered in the print filter used for handling DVI files. This has been corrected to use the -R option. The temporary file handling flaw affects Red Hat Linux 7.1 and earlier. The DVI print filter problem affects Red Hat Linux 7.0 and earlier. This vulnerability was discovered by zen-parse.