Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: tetex
Date: Fri, 18 Oct 2002 16:52:01
Message-Id: 20021018215157.E93AE336EA@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200210-004
6 - - --------------------------------------------------------------------
7
8 PACKAGE : tetex
9 SUMMARY : Command execution vulnerability in dvips
10 EXPLOIT : local & remote
11 DATE    : 2002-10-18 22:00 UTC
12
13 - - --------------------------------------------------------------------
14
15 Olaf Kirch of SuSE has discovered a vulnerability in dvips that
16 allowed remote users with printing access to execute command as the
17 lp user by sending carefully crafted printjobs.
18
19 SOLUTION
20
21 It is recommended that all Gentoo Linux users who are running
22 app-text/tetex-1.0.7-r10 and earlier update their systems
23 as follows:
24
25 emerge rsync
26 emerge tetex
27 emerge clean
28
29 - - --------------------------------------------------------------------
30 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
31 - - --------------------------------------------------------------------
32 -----BEGIN PGP SIGNATURE-----
33 Version: GnuPG v1.2.0 (GNU/Linux)
34
35 iD8DBQE9sIOVfT7nyhUpoZMRAto7AJ0RU7DDa3SpqQvBoeUKImMs4mEisgCggQNe
36 4qSNCwk2T6bcxePUOmHbDy4=
37 =eIne
38 -----END PGP SIGNATURE-----