170861 – app-text/tetex < 3.0_p1-r4 Multiple buffer overflows (CVE-2007-0650)

Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 170861 - app-text/tetex < 3.0_p1-r4 Multiple buffer overflows (CVE-2007-0650)

Summary: app-text/tetex < 3.0_p1-r4 Multiple buffer overflows (CVE-2007-0650)

Keywords:
Status:	RESOLVED FIXED
Alias:	None
Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux
Importance :	High normal
Assignee:	Gentoo Security
URL:	https://issues.rpath.com/browse/RPL-1036
Whiteboard:	B2 [glsa] Falco
Depends on:
Blocks:	182055 188172
Show dependency tree

See Also:
Reported:	2007年03月14日 12:38 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2008年01月10日 08:53 UTC (History)
CC List:	5 users (show)
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007年03月14日 12:38:30 UTC

Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007年03月14日 12:56:56 UTC

CCign herd

Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007年03月14日 13:26:43 UTC

not all issues are patched according to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007年05月08日 10:28:37 UTC

Fixes for rPath are out.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007年05月31日 09:40:04 UTC

any news here?

Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007年07月19日 08:05:09 UTC

text-markup, any news here?

Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2007年09月01日 13:29:15 UTC

py, this is maintained by the tex herd in the meantime.

Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2007年09月01日 17:16:40 UTC

Fixed in app-text/tetex-3.0_p1-r4.

Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007年09月01日 22:04:17 UTC

Thanks rbu. Arches, please test and mark stable app-text/tetex-3.0_p1-r4.
Target keywords are: "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007年09月01日 23:53:23 UTC

py: shouldn't this bug also block bug 188172?

Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2007年09月02日 07:52:46 UTC

x86 stable and I added a other_bugs as suggested by rbu.

Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2007年09月02日 14:37:27 UTC

alpha/ia64 stable

Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007年09月02日 15:04:17 UTC

ppc64 stable

Comment 13 Jeroen Roovers (RETIRED) gentoo-dev 2007年09月02日 17:29:27 UTC

Stable for HPPA.

Comment 14 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007年09月02日 18:58:32 UTC

During the merging I saw the message:
"/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not found"
tetex-3.eclass run the function tetex_pkg_setup which is inherited from tetex.eclass. Problem is that QA remove the whole function as you can see in bug #156213.
Please remove it from tetex-3.eclass (if is no longer needed).

Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2007年09月02日 19:22:22 UTC

(In reply to comment #14)
> During the merging I saw the message:
> "/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not
> found"
> 
> tetex-3.eclass run the function tetex_pkg_setup which is inherited from
> tetex.eclass. Problem is that QA remove the whole function as you can see in
> bug #156213.
> 
> Please remove it from tetex-3.eclass (if is no longer needed).
This has been reported as bug #191046, too.

Comment 16 Tobias Scherbaum (RETIRED) gentoo-dev 2007年09月03日 17:43:22 UTC

ppc stable

Comment 17 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007年09月04日 09:04:44 UTC

(In reply to comment #15)
> (In reply to comment #14)
> > During the merging I saw the message:
> > "/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not
> > found"
> > 
> > tetex-3.eclass run the function tetex_pkg_setup which is inherited from
> > tetex.eclass. Problem is that QA remove the whole function as you can see in
> > bug #156213.
> > 
> > Please remove it from tetex-3.eclass (if is no longer needed).
> 
> This has been reported as bug #191046, too.
> 
Any chance to get it solved before marking tetex as stable?

Comment 18 Bo Ørsted Andresen (RETIRED) gentoo-dev 2007年09月04日 11:52:05 UTC

Wrt. bug #189716 (upstream changed the tarball with no bump) thus far two arch maintainers on this bug has stabled the wrong tarball. For the remaining arch teams do make sure to fetch the right tarball before stabilizing.. ;)

Comment 19 Robert Buchholz (RETIRED) gentoo-dev 2007年09月04日 12:09:07 UTC

(In reply to comment #18)
> For the remaining arch
> teams do make sure to fetch the right tarball before stabilizing.. ;)
To be more specific. Please make sure your Manifest contains:
DIST tetex-texmf-3.0.tar.gz 91402377 RMD160 a1e87733fa3cbef04e39a690ed8549aeaaddb241 SHA1 1be97f57a26a6e9b72ebfd932e45914a959aff16 SHA256 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2
(In reply to comment #17)
> > bug #191046.
> Any chance to get it solved before marking tetex as stable?
Peper just fixed it.

Comment 20 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007年09月05日 10:01:20 UTC

(In reply to comment #19)
> (In reply to comment #18)
> > For the remaining arch
> > teams do make sure to fetch the right tarball before stabilizing.. ;)
> 
> To be more specific. Please make sure your Manifest contains:
> DIST tetex-texmf-3.0.tar.gz 91402377 RMD160
> a1e87733fa3cbef04e39a690ed8549aeaaddb241 SHA1
> 1be97f57a26a6e9b72ebfd932e45914a959aff16 SHA256
> 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2
Tested the new tarball, works fine.
> 
> (In reply to comment #17)
> > > bug #191046.
> > Any chance to get it solved before marking tetex as stable?
> 
> Peper just fixed it.
> 
Thanks, sparc stable.

Comment 21 Steve Dibb (RETIRED) gentoo-dev 2007年09月08日 01:11:50 UTC

amd64 stable

Comment 22 Peter Ansell 2007年09月08日 08:50:44 UTC

Please make sure the manifest is correct when stabilising this bug :) It caused me about 600MB of download that I know of so far re-downloading the file so it does have an impact on users.
See bug #189716

Comment 23 Christian Faulhammer (RETIRED) gentoo-dev 2007年09月08日 22:12:28 UTC

All security supported arches done, glsa should be emitted combining this bug with bug 182055 and bug 188172.

Comment 24 Robert Buchholz (RETIRED) gentoo-dev 2007年09月08日 23:10:09 UTC

(In reply to comment #23)
> All security supported arches done, glsa should be emitted combining this bug
> with bug 182055 and bug 188172.
I'd also bet on the outcome, but shouldn't there be a vote?

Comment 25 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007年09月08日 23:18:32 UTC

nope, not with B2 ;-)

Comment 26 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007年09月28日 08:51:07 UTC

GLSA 200709-17, thanks everybody and sorry for the delay.

Comment 27 Honza 2007年10月01日 08:28:29 UTC

Isn't cstetex (last version - app-text/cstetex-2.0.2-r2) also affected by this bug ?

Comment 28 Robert Buchholz (RETIRED) gentoo-dev 2007年10月21日 22:46:34 UTC

(In reply to comment #27)
> Isn't cstetex (last version - app-text/cstetex-2.0.2-r2) also affected by this
> bug ?
Yes, thanks for reporting. See bug 196673.