Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

rPSA-2007-0154-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts te

from [rPath Update Announcements] Network Security [Permanent Link]
Subject: rPSA-2007-0154-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi
Date: Fri, 10 Aug 2007 09:37:40 -0400 
rPath Security Advisory: 2007-0154-1
Published: 2007-08-10
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Remote System User Deterministic Privilege Escalation
Updated Versions:
    cups=/conary.rpath.com@rpl:devel//1/1.1.23-14.2-1
    poppler=/conary.rpath.com@rpl:devel//1/0.4.5-1.2-1
    tetex=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1
    tetex-afm=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1
    tetex-dvips=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1
    tetex-fonts=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1
    tetex-latex=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1
    tetex-xdvi=/conary.rpath.com@rpl:devel//1/2.0.2-28.7-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720
    https://issues.rpath.com/browse/RPL-1596
    https://issues.rpath.com/browse/RPL-1609
    https://issues.rpath.com/browse/RPL-1173

Description:
    Previous versions of multiple packages are vulnerable to multiple
    attacks involving PDF files, the worst of which may allow an
    authenticated or user-assisted attacker to execute arbitrary code.
    Note that in the case of CUPS, authentication may be as simple as
    being connected to a trusted network.
    
    In addition, a minor Denial of Service attack against the cups
    daemon is ameliorated in this update.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • rPSA-2007-0154-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements <=
Previous by Date:  [Full-disclosure] iDefense Security Advisory 08.09.07: Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities, iDefense Labs
Next by Date:  rPSA-2007-0155-1 openssl openssl-scripts, rPath Update Announcements
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 08.09.07: Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities, iDefense Labs
Next by Thread:  rPSA-2007-0155-1 openssl openssl-scripts, rPath Update Announcements
Indexes:  [Date] [Thread] [Top] [All Lists]