dvips contains a vulnerability allowing print users to execute arbitrary
commands
|
|
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Command execution vulnerability in dvips
Advisory ID: RHSA-2002:194-18
Issue date: 2002-09-04
Updated on: 2002-10-08
Product: Red Hat Linux
Keywords: dvips tetex system
Cross references:
Obsoletes: RHSA-2001:102
CVE Names: CAN-2002-0836
---------------------------------------------------------------------
1. Topic:
dvips contains a vulnerability allowing print users to execute arbitrary
commands
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
The dvips utility converts DVI format into PostScript(TM), and is used in
Red Hat Linux as a print filter for printing DVI files. A vulnerability
has been found in dvips which uses the system() function insecurely when
managing fonts.
Since dvips is used in a print filter, this allows local or remote
attackers who have print access to carefully craft a print job that
would allow them to execute arbitrary code as the user 'lp'.
A work around for this vulnerability is to remove the print filter for DVI
files. The following commands, run as root, will accomplish this:
rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi
However, to fix the problem in the dvips utility as well as removing the
print filter we recommend that all users upgrade these errata packages
which contain a patch for this issue.
This vulnerability was discovered by Olaf Kirch of SuSE.
Additionally, the file /var/lib/texmf/ls-R had world-writable permissions.
This is also fixed in the packages referenced in this advisory.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/tetex-1.0.6-11.3.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-afm-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-dvilj-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-dvips-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-fonts-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-latex-1.0.6-11.3.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tetex-xdvi-1.0.6-11.3.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/tetex-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-afm-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-dvilj-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-dvips-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-fonts-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-latex-1.0.6-11.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tetex-xdvi-1.0.6-11.3.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-afm-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-dvilj-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-dvips-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-fonts-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-latex-1.0.6-11.3.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tetex-xdvi-1.0.6-11.3.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/tetex-1.0.7-8.3.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-afm-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-dvilj-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-dvips-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-fonts-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-latex-1.0.7-8.3.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tetex-xdvi-1.0.7-8.3.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/tetex-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-afm-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-dvilj-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-dvips-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-fonts-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-latex-1.0.7-8.3.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tetex-xdvi-1.0.7-8.3.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/tetex-1.0.7-15.10.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-afm-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-dvilj-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-dvips-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-fonts-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-latex-1.0.7-15.10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tetex-xdvi-1.0.7-15.10.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/tetex-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-afm-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-dvilj-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-dvips-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-fonts-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-latex-1.0.7-15.10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tetex-xdvi-1.0.7-15.10.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-afm-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-dvilj-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-dvips-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-fonts-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-latex-1.0.7-15.10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tetex-xdvi-1.0.7-15.10.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/tetex-1.0.7-38.3.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/tetex-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-afm-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-dvilj-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-dvips-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-fonts-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-latex-1.0.7-38.3.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tetex-xdvi-1.0.7-38.3.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-afm-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-dvilj-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-dvips-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-fonts-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-latex-1.0.7-38.3.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tetex-xdvi-1.0.7-38.3.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/tetex-1.0.7-47.1.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/tetex-1.0.7-47.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/tetex-dvips-1.0.7-47.1.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/tetex-1.0.7-57.1.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/tetex-1.0.7-57.1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/tetex-dvips-1.0.7-57.1.i386.rpm
6. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
d35e49c0fe59bf0b96966fa19ec47b57 6.2/en/os/SRPMS/tetex-1.0.6-11.3.src.rpm
fb4b8d44ccc59d72a72f993a6e167a13 6.2/en/os/alpha/tetex-1.0.6-11.3.alpha.rpm
1686d5bff924d8dae502be0368ab6cf2 6.2/en/os/alpha/tetex-afm-1.0.6-11.3.alpha.rpm
873ffaf5cd8424640ae6838570066032 6.2/en/os/alpha/tetex-dvilj-1.0.6-11.3.alpha.rpm
680116a49b367be5263f66b8540aff80 6.2/en/os/alpha/tetex-dvips-1.0.6-11.3.alpha.rpm
9882986ef5d167421c09a6761a261c1d 6.2/en/os/alpha/tetex-fonts-1.0.6-11.3.alpha.rpm
919b8c0e45ea283c2fce90fbf2de206b 6.2/en/os/alpha/tetex-latex-1.0.6-11.3.alpha.rpm
c2ee32bcd8bea9ec60a4e7270eb3f0ce 6.2/en/os/alpha/tetex-xdvi-1.0.6-11.3.alpha.rpm
6f38dfed92db31b8397ba4367d674fdd 6.2/en/os/i386/tetex-1.0.6-11.3.i386.rpm
05aa1552cc33c63c5ce2f8151bbe2546 6.2/en/os/i386/tetex-afm-1.0.6-11.3.i386.rpm
8fa0951d85ff6a42233545825ee96dfc 6.2/en/os/i386/tetex-dvilj-1.0.6-11.3.i386.rpm
8a6ad82eae0ac00d30f6583bb905dd59 6.2/en/os/i386/tetex-dvips-1.0.6-11.3.i386.rpm
d1c77db508673cd502048542177a05b6 6.2/en/os/i386/tetex-fonts-1.0.6-11.3.i386.rpm
e63e7fbddfc98ac804556034f4225a26 6.2/en/os/i386/tetex-latex-1.0.6-11.3.i386.rpm
dcc5466c379f809101372ef1fd5bf0c4 6.2/en/os/i386/tetex-xdvi-1.0.6-11.3.i386.rpm
123eb5de22f993ad883f78a6d7ed11d3 6.2/en/os/sparc/tetex-1.0.6-11.3.sparc.rpm
6897ea394215ca4bdb7f3a3542cd0824 6.2/en/os/sparc/tetex-afm-1.0.6-11.3.sparc.rpm
aa274b5a3cae0698345b99a1f51ac486 6.2/en/os/sparc/tetex-dvilj-1.0.6-11.3.sparc.rpm
55dacd7458629737fac811641f2232da 6.2/en/os/sparc/tetex-dvips-1.0.6-11.3.sparc.rpm
f9834f9f1b544d8e9e42f319e4388033 6.2/en/os/sparc/tetex-fonts-1.0.6-11.3.sparc.rpm
ef7946747c838cf7b3dca8f32ca3a1e1 6.2/en/os/sparc/tetex-latex-1.0.6-11.3.sparc.rpm
914e423b9c17d108f4ae3de36e2ba9a1 6.2/en/os/sparc/tetex-xdvi-1.0.6-11.3.sparc.rpm
c0cf74323eb57cbe86cccdca5a0f7819 7.0/en/os/SRPMS/tetex-1.0.7-8.3.src.rpm
c221d42ffbe889f434bf8d1edf9470db 7.0/en/os/alpha/tetex-1.0.7-8.3.alpha.rpm
f4f43737495983e45c8e91cdcd221fc0 7.0/en/os/alpha/tetex-afm-1.0.7-8.3.alpha.rpm
262a2b56d32a7a9a24c3099a3b0eb3ad 7.0/en/os/alpha/tetex-dvilj-1.0.7-8.3.alpha.rpm
42243a0dfbb7e6427a86780693a19f12 7.0/en/os/alpha/tetex-dvips-1.0.7-8.3.alpha.rpm
cf68134a6836de4f0130b5e56b4c5db6 7.0/en/os/alpha/tetex-fonts-1.0.7-8.3.alpha.rpm
4a0d0aea00ff5ed2b5c8f286dce50101 7.0/en/os/alpha/tetex-latex-1.0.7-8.3.alpha.rpm
2b2df86a98f254f889e6399efa00234d 7.0/en/os/alpha/tetex-xdvi-1.0.7-8.3.alpha.rpm
c884677f02e634fafe3845f1087af8ee 7.0/en/os/i386/tetex-1.0.7-8.3.i386.rpm
36cc35cedbb4dbcd71ac3ad209dfbe6f 7.0/en/os/i386/tetex-afm-1.0.7-8.3.i386.rpm
a10ee28b3afefafa648d1d7541c1a8ff 7.0/en/os/i386/tetex-dvilj-1.0.7-8.3.i386.rpm
32a2b3c6b61f4803956db19cfdd8bfe8 7.0/en/os/i386/tetex-dvips-1.0.7-8.3.i386.rpm
3f94fdb9376607abffb79733effc8e1b 7.0/en/os/i386/tetex-fonts-1.0.7-8.3.i386.rpm
febbc02e0d147856ee98565939c0736e 7.0/en/os/i386/tetex-latex-1.0.7-8.3.i386.rpm
af60aa4b2d0352de66855bb5c511db02 7.0/en/os/i386/tetex-xdvi-1.0.7-8.3.i386.rpm
d1d0d32689b2f715a29a6958d6fc459e 7.1/en/os/SRPMS/tetex-1.0.7-15.10.src.rpm
f739fe8c8e08afd0d1ca59332b9a2a4b 7.1/en/os/alpha/tetex-1.0.7-15.10.alpha.rpm
9bd82d8fef450576fd79ec0dcbedc5fa 7.1/en/os/alpha/tetex-afm-1.0.7-15.10.alpha.rpm
b219676b9eafcf01970c3f9e719b6a33 7.1/en/os/alpha/tetex-dvilj-1.0.7-15.10.alpha.rpm
c9158359190fd9c0f165ac4d7db19139 7.1/en/os/alpha/tetex-dvips-1.0.7-15.10.alpha.rpm
eb1b1484ae73dbb93865eba449899c85 7.1/en/os/alpha/tetex-fonts-1.0.7-15.10.alpha.rpm
27bfaf37c24c6f5cd84afe142ce92355 7.1/en/os/alpha/tetex-latex-1.0.7-15.10.alpha.rpm
432313f082f6c8ec3b37d181a81135c4 7.1/en/os/alpha/tetex-xdvi-1.0.7-15.10.alpha.rpm
4c726844a775c9344b518ab45f587582 7.1/en/os/i386/tetex-1.0.7-15.10.i386.rpm
29d0a06fd48bf635183ea5623cd5e5bf 7.1/en/os/i386/tetex-afm-1.0.7-15.10.i386.rpm
6c13bab1bb2fd016df8b3c17aed22836 7.1/en/os/i386/tetex-dvilj-1.0.7-15.10.i386.rpm
90ff0ee3942a8153ebefbe4ff4a044c1 7.1/en/os/i386/tetex-dvips-1.0.7-15.10.i386.rpm
ab4f717906bcafbe7d301a98f7318feb 7.1/en/os/i386/tetex-fonts-1.0.7-15.10.i386.rpm
048d8a64b78f5b7b28d4592fa921dc40 7.1/en/os/i386/tetex-latex-1.0.7-15.10.i386.rpm
7d86c8b5efbacb3792b6c08a7a2b976a 7.1/en/os/i386/tetex-xdvi-1.0.7-15.10.i386.rpm
0272ce74fd08e081f81a975897692de9 7.1/en/os/ia64/tetex-1.0.7-15.10.ia64.rpm
851c8f2395a8097b02d2dffa28b605d5 7.1/en/os/ia64/tetex-afm-1.0.7-15.10.ia64.rpm
678ff241ec7ce1a0b8ffa81d3fd35085 7.1/en/os/ia64/tetex-dvilj-1.0.7-15.10.ia64.rpm
96f4dfe31c744db3a0565c224a6d704e 7.1/en/os/ia64/tetex-dvips-1.0.7-15.10.ia64.rpm
90326c3914382a62c5dcfb0bd49d549b 7.1/en/os/ia64/tetex-fonts-1.0.7-15.10.ia64.rpm
f5947a398939ccf254f26405dbcab914 7.1/en/os/ia64/tetex-latex-1.0.7-15.10.ia64.rpm
7857c6a80ca6137c7b31d65f077462c7 7.1/en/os/ia64/tetex-xdvi-1.0.7-15.10.ia64.rpm
a8a0c5eb1dffd756e74d8346b1497921 7.2/en/os/SRPMS/tetex-1.0.7-38.3.src.rpm
acc2f475d870616df1391d81009a1dfb 7.2/en/os/i386/tetex-1.0.7-38.3.i386.rpm
0273045a755bab23305b77a180e57d2d 7.2/en/os/i386/tetex-afm-1.0.7-38.3.i386.rpm
7b6293f6083c04c4061a88714035234c 7.2/en/os/i386/tetex-dvilj-1.0.7-38.3.i386.rpm
f6d625d4202bd24c1ed8b7f5bafbb6b6 7.2/en/os/i386/tetex-dvips-1.0.7-38.3.i386.rpm
9ac89cb811cd973105cd32feece86663 7.2/en/os/i386/tetex-fonts-1.0.7-38.3.i386.rpm
345e3783d2fdd9a12262196d38d7fc78 7.2/en/os/i386/tetex-latex-1.0.7-38.3.i386.rpm
cf125cfcd694fbf689e8574006835881 7.2/en/os/i386/tetex-xdvi-1.0.7-38.3.i386.rpm
b0610bb10e8e826f528aea20dbf2738c 7.2/en/os/ia64/tetex-1.0.7-38.3.ia64.rpm
d059a3e76bcdf10c97b5282b024c2c42 7.2/en/os/ia64/tetex-afm-1.0.7-38.3.ia64.rpm
71978ded02174a4c431144fae9192b77 7.2/en/os/ia64/tetex-dvilj-1.0.7-38.3.ia64.rpm
8b606329f14d864b54fb5b17076e7a41 7.2/en/os/ia64/tetex-dvips-1.0.7-38.3.ia64.rpm
7ac68b306551e857b90dec86b30ede3f 7.2/en/os/ia64/tetex-fonts-1.0.7-38.3.ia64.rpm
8e9a6921ce387f0dd7fe71a031ed4d5a 7.2/en/os/ia64/tetex-latex-1.0.7-38.3.ia64.rpm
4c6c535c97cd773bcf980c4779f10452 7.2/en/os/ia64/tetex-xdvi-1.0.7-38.3.ia64.rpm
23bb333be3e358d58dd018a22b79c1d4 7.3/en/os/SRPMS/tetex-1.0.7-47.1.src.rpm
146110a35a6c11d7de77782ac99c7419 7.3/en/os/i386/tetex-1.0.7-47.1.i386.rpm
74377518c4bc58db707009f02864ea84 7.3/en/os/i386/tetex-dvips-1.0.7-47.1.i386.rpm
5c8831ab74f3e26401d23826b1725ae1 8.0/en/os/SRPMS/tetex-1.0.7-57.1.src.rpm
03e477d081e7a578f5a9d8dbc00b11d4 8.0/en/os/i386/tetex-1.0.7-57.1.i386.rpm
6125573e9f7b9da16a81deb6ade99a85 8.0/en/os/i386/tetex-dvips-1.0.7-57.1.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
|