|
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Command execution vulnerability in dvips Advisory ID: RHSA-2002:194-18 Issue date: 2002-09-04 Updated on: 2002-10-08 Product: Red Hat Linux Keywords: dvips tetex system Cross references:=20=20 Obsoletes: RHSA-2001:102 CVE Names: CAN-2002-0836 --------------------------------------------------------------------- 1. Topic: dvips contains a vulnerability allowing print users to execute arbitrary commands 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 3. Problem description: The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that would allow them to execute arbitrary code as the user 'lp'.=20 A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this: rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue. This vulnerability was discovered by Olaf Kirch of SuSE. Additionally, the file /var/lib/texmf/ls-R had world-writable permissions. This is also fixed in the packages referenced in this advisory. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/tetex-1.0.6-11.3.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/tetex-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-afm-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-dvilj-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-dvips-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-fonts-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-latex-1.0.6-11.3.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/tetex-xdvi-1.0.6-11.3.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/tetex-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-afm-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-dvilj-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-dvips-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-fonts-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-latex-1.0.6-11.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/tetex-xdvi-1.0.6-11.3.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/tetex-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-afm-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-dvilj-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-dvips-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-fonts-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-latex-1.0.6-11.3.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/tetex-xdvi-1.0.6-11.3.sparc.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/tetex-1.0.7-8.3.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/tetex-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-afm-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-dvilj-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-dvips-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-fonts-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-latex-1.0.7-8.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/tetex-xdvi-1.0.7-8.3.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/tetex-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-afm-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-dvilj-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-dvips-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-fonts-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-latex-1.0.7-8.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/tetex-xdvi-1.0.7-8.3.i386.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/tetex-1.0.7-15.10.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/tetex-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-afm-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-dvilj-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-dvips-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-fonts-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-latex-1.0.7-15.10.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/tetex-xdvi-1.0.7-15.10.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/tetex-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-afm-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-dvilj-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-dvips-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-fonts-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-latex-1.0.7-15.10.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/tetex-xdvi-1.0.7-15.10.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/tetex-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-afm-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-dvilj-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-dvips-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-fonts-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-latex-1.0.7-15.10.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/tetex-xdvi-1.0.7-15.10.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/tetex-1.0.7-38.3.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/tetex-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-afm-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-dvilj-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-dvips-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-fonts-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-latex-1.0.7-38.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/tetex-xdvi-1.0.7-38.3.i386.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/tetex-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-afm-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-dvilj-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-dvips-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-fonts-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-latex-1.0.7-38.3.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/tetex-xdvi-1.0.7-38.3.ia64.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/tetex-1.0.7-47.1.src.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/tetex-1.0.7-47.1.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/tetex-dvips-1.0.7-47.1.i386.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/tetex-1.0.7-57.1.src.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/tetex-1.0.7-57.1.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/tetex-dvips-1.0.7-57.1.i386.rpm 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- d35e49c0fe59bf0b96966fa19ec47b57 6.2/en/os/SRPMS/tetex-1.0.6-11.3.src.rpm fb4b8d44ccc59d72a72f993a6e167a13 6.2/en/os/alpha/tetex-1.0.6-11.3.alpha.rpm 1686d5bff924d8dae502be0368ab6cf2 6.2/en/os/alpha/tetex-afm-1.0.6-11.3.alpha= .rpm 873ffaf5cd8424640ae6838570066032 6.2/en/os/alpha/tetex-dvilj-1.0.6-11.3.alp= ha.rpm 680116a49b367be5263f66b8540aff80 6.2/en/os/alpha/tetex-dvips-1.0.6-11.3.alp= ha.rpm 9882986ef5d167421c09a6761a261c1d 6.2/en/os/alpha/tetex-fonts-1.0.6-11.3.alp= ha.rpm 919b8c0e45ea283c2fce90fbf2de206b 6.2/en/os/alpha/tetex-latex-1.0.6-11.3.alp= ha.rpm c2ee32bcd8bea9ec60a4e7270eb3f0ce 6.2/en/os/alpha/tetex-xdvi-1.0.6-11.3.alph= a.rpm 6f38dfed92db31b8397ba4367d674fdd 6.2/en/os/i386/tetex-1.0.6-11.3.i386.rpm 05aa1552cc33c63c5ce2f8151bbe2546 6.2/en/os/i386/tetex-afm-1.0.6-11.3.i386.r= pm 8fa0951d85ff6a42233545825ee96dfc 6.2/en/os/i386/tetex-dvilj-1.0.6-11.3.i386= .rpm 8a6ad82eae0ac00d30f6583bb905dd59 6.2/en/os/i386/tetex-dvips-1.0.6-11.3.i386= .rpm d1c77db508673cd502048542177a05b6 6.2/en/os/i386/tetex-fonts-1.0.6-11.3.i386= .rpm e63e7fbddfc98ac804556034f4225a26 6.2/en/os/i386/tetex-latex-1.0.6-11.3.i386= .rpm dcc5466c379f809101372ef1fd5bf0c4 6.2/en/os/i386/tetex-xdvi-1.0.6-11.3.i386.= rpm 123eb5de22f993ad883f78a6d7ed11d3 6.2/en/os/sparc/tetex-1.0.6-11.3.sparc.rpm 6897ea394215ca4bdb7f3a3542cd0824 6.2/en/os/sparc/tetex-afm-1.0.6-11.3.sparc= .rpm aa274b5a3cae0698345b99a1f51ac486 6.2/en/os/sparc/tetex-dvilj-1.0.6-11.3.spa= rc.rpm 55dacd7458629737fac811641f2232da 6.2/en/os/sparc/tetex-dvips-1.0.6-11.3.spa= rc.rpm f9834f9f1b544d8e9e42f319e4388033 6.2/en/os/sparc/tetex-fonts-1.0.6-11.3.spa= rc.rpm ef7946747c838cf7b3dca8f32ca3a1e1 6.2/en/os/sparc/tetex-latex-1.0.6-11.3.spa= rc.rpm 914e423b9c17d108f4ae3de36e2ba9a1 6.2/en/os/sparc/tetex-xdvi-1.0.6-11.3.spar= c.rpm c0cf74323eb57cbe86cccdca5a0f7819 7.0/en/os/SRPMS/tetex-1.0.7-8.3.src.rpm c221d42ffbe889f434bf8d1edf9470db 7.0/en/os/alpha/tetex-1.0.7-8.3.alpha.rpm f4f43737495983e45c8e91cdcd221fc0 7.0/en/os/alpha/tetex-afm-1.0.7-8.3.alpha.= rpm 262a2b56d32a7a9a24c3099a3b0eb3ad 7.0/en/os/alpha/tetex-dvilj-1.0.7-8.3.alph= a.rpm 42243a0dfbb7e6427a86780693a19f12 7.0/en/os/alpha/tetex-dvips-1.0.7-8.3.alph= a.rpm cf68134a6836de4f0130b5e56b4c5db6 7.0/en/os/alpha/tetex-fonts-1.0.7-8.3.alph= a.rpm 4a0d0aea00ff5ed2b5c8f286dce50101 7.0/en/os/alpha/tetex-latex-1.0.7-8.3.alph= a.rpm 2b2df86a98f254f889e6399efa00234d 7.0/en/os/alpha/tetex-xdvi-1.0.7-8.3.alpha= .rpm c884677f02e634fafe3845f1087af8ee 7.0/en/os/i386/tetex-1.0.7-8.3.i386.rpm 36cc35cedbb4dbcd71ac3ad209dfbe6f 7.0/en/os/i386/tetex-afm-1.0.7-8.3.i386.rpm a10ee28b3afefafa648d1d7541c1a8ff 7.0/en/os/i386/tetex-dvilj-1.0.7-8.3.i386.= rpm 32a2b3c6b61f4803956db19cfdd8bfe8 7.0/en/os/i386/tetex-dvips-1.0.7-8.3.i386.= rpm 3f94fdb9376607abffb79733effc8e1b 7.0/en/os/i386/tetex-fonts-1.0.7-8.3.i386.= rpm febbc02e0d147856ee98565939c0736e 7.0/en/os/i386/tetex-latex-1.0.7-8.3.i386.= rpm af60aa4b2d0352de66855bb5c511db02 7.0/en/os/i386/tetex-xdvi-1.0.7-8.3.i386.r= pm d1d0d32689b2f715a29a6958d6fc459e 7.1/en/os/SRPMS/tetex-1.0.7-15.10.src.rpm f739fe8c8e08afd0d1ca59332b9a2a4b 7.1/en/os/alpha/tetex-1.0.7-15.10.alpha.rpm 9bd82d8fef450576fd79ec0dcbedc5fa 7.1/en/os/alpha/tetex-afm-1.0.7-15.10.alph= a.rpm b219676b9eafcf01970c3f9e719b6a33 7.1/en/os/alpha/tetex-dvilj-1.0.7-15.10.al= pha.rpm c9158359190fd9c0f165ac4d7db19139 7.1/en/os/alpha/tetex-dvips-1.0.7-15.10.al= pha.rpm eb1b1484ae73dbb93865eba449899c85 7.1/en/os/alpha/tetex-fonts-1.0.7-15.10.al= pha.rpm 27bfaf37c24c6f5cd84afe142ce92355 7.1/en/os/alpha/tetex-latex-1.0.7-15.10.al= pha.rpm 432313f082f6c8ec3b37d181a81135c4 7.1/en/os/alpha/tetex-xdvi-1.0.7-15.10.alp= ha.rpm 4c726844a775c9344b518ab45f587582 7.1/en/os/i386/tetex-1.0.7-15.10.i386.rpm 29d0a06fd48bf635183ea5623cd5e5bf 7.1/en/os/i386/tetex-afm-1.0.7-15.10.i386.= rpm 6c13bab1bb2fd016df8b3c17aed22836 7.1/en/os/i386/tetex-dvilj-1.0.7-15.10.i38= 6.rpm 90ff0ee3942a8153ebefbe4ff4a044c1 7.1/en/os/i386/tetex-dvips-1.0.7-15.10.i38= 6.rpm ab4f717906bcafbe7d301a98f7318feb 7.1/en/os/i386/tetex-fonts-1.0.7-15.10.i38= 6.rpm 048d8a64b78f5b7b28d4592fa921dc40 7.1/en/os/i386/tetex-latex-1.0.7-15.10.i38= 6.rpm 7d86c8b5efbacb3792b6c08a7a2b976a 7.1/en/os/i386/tetex-xdvi-1.0.7-15.10.i386= .rpm 0272ce74fd08e081f81a975897692de9 7.1/en/os/ia64/tetex-1.0.7-15.10.ia64.rpm 851c8f2395a8097b02d2dffa28b605d5 7.1/en/os/ia64/tetex-afm-1.0.7-15.10.ia64.= rpm 678ff241ec7ce1a0b8ffa81d3fd35085 7.1/en/os/ia64/tetex-dvilj-1.0.7-15.10.ia6= 4.rpm 96f4dfe31c744db3a0565c224a6d704e 7.1/en/os/ia64/tetex-dvips-1.0.7-15.10.ia6= 4.rpm 90326c3914382a62c5dcfb0bd49d549b 7.1/en/os/ia64/tetex-fonts-1.0.7-15.10.ia6= 4.rpm f5947a398939ccf254f26405dbcab914 7.1/en/os/ia64/tetex-latex-1.0.7-15.10.ia6= 4.rpm 7857c6a80ca6137c7b31d65f077462c7 7.1/en/os/ia64/tetex-xdvi-1.0.7-15.10.ia64= .rpm a8a0c5eb1dffd756e74d8346b1497921 7.2/en/os/SRPMS/tetex-1.0.7-38.3.src.rpm acc2f475d870616df1391d81009a1dfb 7.2/en/os/i386/tetex-1.0.7-38.3.i386.rpm 0273045a755bab23305b77a180e57d2d 7.2/en/os/i386/tetex-afm-1.0.7-38.3.i386.r= pm 7b6293f6083c04c4061a88714035234c 7.2/en/os/i386/tetex-dvilj-1.0.7-38.3.i386= .rpm f6d625d4202bd24c1ed8b7f5bafbb6b6 7.2/en/os/i386/tetex-dvips-1.0.7-38.3.i386= .rpm 9ac89cb811cd973105cd32feece86663 7.2/en/os/i386/tetex-fonts-1.0.7-38.3.i386= .rpm 345e3783d2fdd9a12262196d38d7fc78 7.2/en/os/i386/tetex-latex-1.0.7-38.3.i386= .rpm cf125cfcd694fbf689e8574006835881 7.2/en/os/i386/tetex-xdvi-1.0.7-38.3.i386.= rpm b0610bb10e8e826f528aea20dbf2738c 7.2/en/os/ia64/tetex-1.0.7-38.3.ia64.rpm d059a3e76bcdf10c97b5282b024c2c42 7.2/en/os/ia64/tetex-afm-1.0.7-38.3.ia64.r= pm 71978ded02174a4c431144fae9192b77 7.2/en/os/ia64/tetex-dvilj-1.0.7-38.3.ia64= .rpm 8b606329f14d864b54fb5b17076e7a41 7.2/en/os/ia64/tetex-dvips-1.0.7-38.3.ia64= .rpm 7ac68b306551e857b90dec86b30ede3f 7.2/en/os/ia64/tetex-fonts-1.0.7-38.3.ia64= .rpm 8e9a6921ce387f0dd7fe71a031ed4d5a 7.2/en/os/ia64/tetex-latex-1.0.7-38.3.ia64= .rpm 4c6c535c97cd773bcf980c4779f10452 7.2/en/os/ia64/tetex-xdvi-1.0.7-38.3.ia64.= rpm 23bb333be3e358d58dd018a22b79c1d4 7.3/en/os/SRPMS/tetex-1.0.7-47.1.src.rpm 146110a35a6c11d7de77782ac99c7419 7.3/en/os/i386/tetex-1.0.7-47.1.i386.rpm 74377518c4bc58db707009f02864ea84 7.3/en/os/i386/tetex-dvips-1.0.7-47.1.i386= .rpm 5c8831ab74f3e26401d23826b1725ae1 8.0/en/os/SRPMS/tetex-1.0.7-57.1.src.rpm 03e477d081e7a578f5a9d8dbc00b11d4 8.0/en/os/i386/tetex-1.0.7-57.1.i386.rpm 6125573e9f7b9da16a81deb6ade99a85 8.0/en/os/i386/tetex-dvips-1.0.7-57.1.i386= .rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0836 Copyright(c) 2000, 2001, 2002 Red Hat, Inc.