Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8273
2010-05-10 16:33:12
--------------------------------------------------------------------------------

Name        : texlive
Product     : Fedora 11
Version     : 2007
Release     : 47.fc11
URL         : http://tug.org/texlive/
Summary     : Binaries for the TeX formatting system
Description :
TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
printable file as output. Usually, TeX is used in conjunction with
a higher level formatting package like LaTeX or PlainTeX, since TeX by
itself is not very user-friendly.

Install texlive if you want to use the TeX text formatting system. Consider
to install texlive-latex (a higher level formatting package which provides
an easier-to-use interface for TeX).

The TeX documentation is located in the texlive-doc package.

--------------------------------------------------------------------------------
Update Information:

Changes in this update:  * fixes for CVE-2010-0739 and CVE-2010-1440  * adds
missing defattr to filelists  * fixes directory ownership of
/var/lib/texmf/web2c  * uses official tarball for jpatch  * fixes post/postun
scriptlets
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 10 2010 Jindrich Novy <jnovy@redhat.com> 2007-47
- fix CVE-2010-0739 and CVE-2010-1440 (#584795)
- fix CVE-2010-0829 (#589607)
- add missing defattr to filelists
- fix directory ownership of /var/lib/texmf/web2c (#512459)
- use official tarball for jpatch
- fix post/postun scriptlets (#532466)
* Fri Oct 23 2009 Jindrich Novy <jnovy@redhat.com> 2007-46
- add missing dependency on kpathsea
* Thu Oct 15 2009 Jindrich Novy <jnovy@redhat.com> 2007-45
- make kpathsea not dependent on texlive
- fix lacheck again (#451513)
- fix dvips configuration (#467542)
- update kpathsea description and summary (#519257)
- use upstream patch to fix pool overflow CVE-2009-1284 (#492136)
- don't complain if the pdvipsk hunks touching config.ps don't apply
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
        https://bugzilla.redhat.com/show_bug.cgi?id=572941
  [ 2 ] Bug #586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands
        https://bugzilla.redhat.com/show_bug.cgi?id=586819
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update texlive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce