exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-004

Mandriva Linux Security Advisory 2012-004
Posted Jan 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2011-0433, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | f9a48e9ae40316e20b4d213e0862b9dee1e34ba82c1cf80d054005a9862897ce

Mandriva Linux Security Advisory 2012-004

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:004
http://www.mandriva.com/security/
_______________________________________________________________________

Package : t1lib
Date : January 12, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in t1lib:

A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document
viewer and other products, processed line tokens from the given input
stream. A remote attacker could provide a DVI file, with embedded
specially-crafted font file, and trick the local user to open it with
an application using the AFM font parser, leading to that particular
application crash or, potentially, arbitrary code execution with the
privileges of the user running the application. Different vulnerability
than CVE-2010-2642 (CVE-2011-0433).

t1lib 5.1.2 and earlier reads from invalid memory locations, which
allows remote attackers to cause a denial of service (application
crash) via a crafted Type 1 font in a PDF document, a different
vulnerability than CVE-2011-0764 (CVE-2011-1552).

Use-after-free vulnerability in t1lib 5.1.2 and earlier allows
remote attackers to cause a denial of service (application crash)
via a PDF document containing a crafted Type 1 font that triggers an
invalid memory write, a different vulnerability than CVE-2011-0764
(CVE-2011-1553).

Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers
to cause a denial of service (application crash) via a PDF document
containing a crafted Type 1 font that triggers an invalid memory
read, integer overflow, and invalid pointer dereference, a different
vulnerability than CVE-2011-0764 (CVE-2011-1554).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
https://bugzilla.redhat.com/show_bug.cgi?id=679732
http://www.toucan-system.com/advisories/tssa-2011-01.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
906e9b289b52af0b8cd8876cea5a662a 2010.1/i586/libt1lib5-5.1.2-8.3mdv2010.2.i586.rpm
7e2588f8d40dde88a76762c655561cd4 2010.1/i586/libt1lib-devel-5.1.2-8.3mdv2010.2.i586.rpm
3f52b411430b7c121f3f5c3e6208fa35 2010.1/i586/libt1lib-static-devel-5.1.2-8.3mdv2010.2.i586.rpm
0819703d1a566dbb89ef2a20aac7eab3 2010.1/i586/t1lib-config-5.1.2-8.3mdv2010.2.i586.rpm
0a27570fe99a3c8b0060658e80fa31a9 2010.1/i586/t1lib-progs-5.1.2-8.3mdv2010.2.i586.rpm
1330f9cde66d30a4e0b6adfea3ed627c 2010.1/SRPMS/t1lib-5.1.2-8.3mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
4a750fd24b6023d30a40b86146c7c3cf 2010.1/x86_64/lib64t1lib5-5.1.2-8.3mdv2010.2.x86_64.rpm
33d849053852d299235845f5d6f89d31 2010.1/x86_64/lib64t1lib-devel-5.1.2-8.3mdv2010.2.x86_64.rpm
49c35baf2d21c037d3c418970d76f7fc 2010.1/x86_64/lib64t1lib-static-devel-5.1.2-8.3mdv2010.2.x86_64.rpm
289fd06ba3966e353e0ddee95f9d482f 2010.1/x86_64/t1lib-config-5.1.2-8.3mdv2010.2.x86_64.rpm
df7434fc99f8ddabe69dfb094e37f807 2010.1/x86_64/t1lib-progs-5.1.2-8.3mdv2010.2.x86_64.rpm
1330f9cde66d30a4e0b6adfea3ed627c 2010.1/SRPMS/t1lib-5.1.2-8.3mdv2010.2.src.rpm

Mandriva Linux 2011:
4f34e6057ce31346d38e9fc9001d61c2 2011/i586/libt1lib5-5.1.2-11.2-mdv2011.0.i586.rpm
77aa1a06d09601db56f3fc05bf9faa7e 2011/i586/libt1lib-devel-5.1.2-11.2-mdv2011.0.i586.rpm
222228ade6add3fd7125ed8bb36d27da 2011/i586/libt1lib-static-devel-5.1.2-11.2-mdv2011.0.i586.rpm
9b7b97c247969ee2d19168b8292e2421 2011/i586/t1lib-config-5.1.2-11.2-mdv2011.0.i586.rpm
ed73e55ca60889ce0b2be65d963c08ce 2011/i586/t1lib-progs-5.1.2-11.2-mdv2011.0.i586.rpm
94fd5bc64f8e01f1687b5c58c99c5b35 2011/SRPMS/t1lib-5.1.2-11.2.src.rpm

Mandriva Linux 2011/X86_64:
d670c2d035cabd66078503e9fb975919 2011/x86_64/lib64t1lib5-5.1.2-11.2-mdv2011.0.x86_64.rpm
173579a5a2e2be525e6f0f18216a15d8 2011/x86_64/lib64t1lib-devel-5.1.2-11.2-mdv2011.0.x86_64.rpm
7c591e3e11d340923fbb3c5285fc9365 2011/x86_64/lib64t1lib-static-devel-5.1.2-11.2-mdv2011.0.x86_64.rpm
b3d85f999794d5ced9dda7e1ebd44bd0 2011/x86_64/t1lib-config-5.1.2-11.2-mdv2011.0.x86_64.rpm
430daefeed13b85e4df03de1e2ba6b73 2011/x86_64/t1lib-progs-5.1.2-11.2-mdv2011.0.x86_64.rpm
94fd5bc64f8e01f1687b5c58c99c5b35 2011/SRPMS/t1lib-5.1.2-11.2.src.rpm

Mandriva Enterprise Server 5:
617329fd6d27f015da5063d4122d7414 mes5/i586/libt1lib5-5.1.2-4.3mdvmes5.2.i586.rpm
cd261ce6f85f3830c90145637e8189b3 mes5/i586/libt1lib-devel-5.1.2-4.3mdvmes5.2.i586.rpm
d544329a165b971a0aea3fce24dd2084 mes5/i586/libt1lib-static-devel-5.1.2-4.3mdvmes5.2.i586.rpm
3f287590d1eeeec0758fc9b41b814b80 mes5/i586/t1lib-config-5.1.2-4.3mdvmes5.2.i586.rpm
ae2a57893d1daa1b21c798181d87e8c0 mes5/i586/t1lib-progs-5.1.2-4.3mdvmes5.2.i586.rpm
00d9c9fe6fdea354b2ae5829ad69186d mes5/SRPMS/t1lib-5.1.2-4.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
a5834c68430fa0983aa5f86eb30d548d mes5/x86_64/lib64t1lib5-5.1.2-4.3mdvmes5.2.x86_64.rpm
de4489f06460799dd96a16c59961a7d7 mes5/x86_64/lib64t1lib-devel-5.1.2-4.3mdvmes5.2.x86_64.rpm
6ee693bfba9b31dacb6d63e3be6a7278 mes5/x86_64/lib64t1lib-static-devel-5.1.2-4.3mdvmes5.2.x86_64.rpm
5b653b672c557f8ac0b24f7d9bacc182 mes5/x86_64/t1lib-config-5.1.2-4.3mdvmes5.2.x86_64.rpm
405cb3191a475b026d146782c3c236fb mes5/x86_64/t1lib-progs-5.1.2-4.3mdvmes5.2.x86_64.rpm
00d9c9fe6fdea354b2ae5829ad69186d mes5/SRPMS/t1lib-5.1.2-4.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPDuaZmqjQ0CJFipgRAnPJAJ9mYAnw85yoh9c9tBFnvAiPQyMqwACfXTY2
KbTRllp+EhE/rMY4I4zgqoo=
=mYB5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close