Summary
Ubuntu Update for Linux kernel vulnerabilities USN-554-1
Solution
Please Install the Updated Packages.
Insight
Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program. (CVE-2007-5937)
Affected
tetex-bin, texlive-bin vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 ,
Ubuntu 7.04 ,
Ubuntu 7.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5935, CVE-2007-5936, CVE-2007-5937 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities