----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: tetex, psutils, w3c-libwww Affected products: Immunix OS 7+ Bugs fixed: CAN-2002-0836 Date: Mon Jun 9 2003 Advisory ID: IMNX-2003-7+-016-01 Author: Seth Arnold <sarnold@immunix.com> ----------------------------------------------------------------------- Description: Olaf Kirch has discovered an unsafe use of system(3) in the dvips(1) tool in the teTeX suite. This fix disallows use of characters outside of A-Za-z0-9_-. in font names, to ensure shell metacharacters aren't used improperly. This release also removes the dvi-to-ps.fpi print filter which allowed direct printing of dvi files with LPRng. zen-parse discovered the script called dvips unsafely. This can be leveraged into a remote attack, if LPRng is configured to accept remote connections. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/psutils-1.17-13_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-afm-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-doc-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-dvilj-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-dvips-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-fonts-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-latex-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/tetex-xdvi-1.0.7-47.1_imnx_1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-5.3.2-5_imnx_0.1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-apps-5.3.2-5_imnx_0.1.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/w3c-libwww-devel-5.3.2-5_imnx_0.1.i386.rpm Source packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/psutils-1.17-13_imnx_1.src.rpm http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/tetex-1.0.7-47.1_imnx_1.src.rpm http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/w3c-libwww-5.3.2-5_imnx_0.1.src.rpm Immunix OS 7+ md5sums: 45c88d0eede5af1e0bb9c51147969344 RPMS/tetex-1.0.7-47.1_imnx_1.i386.rpm 0ef640df004e97371d11023e8fb24d41 RPMS/tetex-afm-1.0.7-47.1_imnx_1.i386.rpm 05157875704d2d619369d9375f4e2e4a RPMS/tetex-doc-1.0.7-47.1_imnx_1.i386.rpm f79bd08c4c6e40de490cd8ce59226390 RPMS/tetex-dvilj-1.0.7-47.1_imnx_1.i386.rpm 28cba1da26c8f42a00ed60d99b8ea981 RPMS/tetex-dvips-1.0.7-47.1_imnx_1.i386.rpm cdd76e275ca84bad4d93d8311b6571d1 RPMS/tetex-fonts-1.0.7-47.1_imnx_1.i386.rpm 0d894fb565f6f47fc92025088a394037 RPMS/tetex-latex-1.0.7-47.1_imnx_1.i386.rpm 4d469d67f6076948da2a808c67639172 RPMS/tetex-xdvi-1.0.7-47.1_imnx_1.i386.rpm 991a4075e39f5143883d9dfc7f4874e4 SRPMS/tetex-1.0.7-47.1_imnx_1.src.rpm d69029862a145682d1a5ad3f6125c81e RPMS/psutils-1.17-13_imnx_1.i386.rpm b88265794beb2abd9be444fb228f3cd0 SRPMS/psutils-1.17-13_imnx_1.src.rpm 2e183c95643b209194cc1448b81e13cc RPMS/w3c-libwww-5.3.2-5_imnx_0.1.i386.rpm 862edc7d919a62bf74ea89234395e402 RPMS/w3c-libwww-apps-5.3.2-5_imnx_0.1.i386.rpm 75e8801d793dcbc353944e81d485df52 RPMS/w3c-libwww-devel-5.3.2-5_imnx_0.1.i386.rpm dd25ce9cd60355a9f01d747d10a4b0ce SRPMS/w3c-libwww-5.3.2-5_imnx_0.1.src.rpm GPG verification: Our public key is available at: http://download.immunix.org/GPG_KEY NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@immunix.com. Immunix attempts to conform to the RFP vulnerability disclosure protocol http://www.wiretrip.net/rfp/policy.html.
Attachment:
pgp00366.pgp
Description: PGP signature