Summary
The remote host is missing updates announced in
advisory GLSA 200501-31.
Solution
All teTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/tetex-2.0.2-r5'
All CSTeX users should also upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/cstetex-2.0.2-r1'
Finally, all pTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/ptex-3.1.4-r2'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-31 http://bugs.gentoo.org/show_bug.cgi?id=75801
Insight
teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.
Severity
Classification
-
CVE CVE-2004-0888, CVE-2004-0889, CVE-2004-1125, CVE-2005-0064 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities