DSA-1917-1 mimetex -- several vulnerabilitiesID: oval:org.secpod.oval:def:600248 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1382 Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. CVE-2009-2459 Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information. For the oldstable distribution , these problems have been fixed in version 1.50-1+etch1. Due to a bug in the archive system, the fix for the stable distribution will be released as version 1.50-1+lenny1 once it is available. For the testing distribution , and the unstable distribution , these problems have been fixed in version 1.50-1.1. We recommend that you upgrade your mimetex packages.