Rapid7 Vulnerability & Exploit Database

RHSA-2001:102: New teTeX packages available

Back to Search

RHSA-2001:102: New teTeX packages available

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/31/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated teTeX packages are available, fixing a temporary file handling vulnerability and an insecure invocation of dvips in a print filter.

A flaw has been discovered in the temporary file handling of some of the scripts from the teTeX set of packages. This can, under some circumstances, lead to a compromise of the groups that LPRng runs as. Several scripts used the current process ID as temporary file names and have now been altered to use the 'mktemp' program instead. Additionally, an insecure invocation of the 'dvips' program has been discovered in the print filter used for handling DVI files. This has been corrected to use the -R option. The temporary file handling flaw affects Red Hat Linux 7.1 and earlier. The DVI print filter problem affects Red Hat Linux 7.0 and earlier. This vulnerability was discovered by zen-parse.

Solution(s)

  • redhat-upgrade-tetex
  • redhat-upgrade-tetex-afm
  • redhat-upgrade-tetex-doc
  • redhat-upgrade-tetex-dvilj
  • redhat-upgrade-tetex-dvips
  • redhat-upgrade-tetex-fonts
  • redhat-upgrade-tetex-latex
  • redhat-upgrade-tetex-xdvi

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;