Description: | Description:
The remote host is missing an update to tetex announced via advisory FEDORA-2005-028.
Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.
This package also updates bindings in texdoc and causes the local texmf tree to be searched first. * Wed Jan 11 2006 Jindrich Novy 3.0-9.FC4 - apply additional patch to fix xpdf flaws from Ludwig Nussel (CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193) (#177128) - /usr/share/texmf/doc is now owned by tetex package (#177065) - update searching order for kpathsea (local texmf tree is searched first) - don't use obsolete bindings in texdoc * Mon Dec 19 2005 Jindrich Novy 3.0-8.FC4 - apply more complete fix for CVE-2005-3193 (#175110) suggested by security response team, taken from xpdf
Solution: Apply the appropriate updates.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2005-028
Risk factor : Critical
CVSS Score: 10.0
|