Amazon Linux 1 Security Advisory: ALAS-2012-48
Advisory Release Date: 2012-03-04 16:08 Pacific
Advisory Updated Date: 2014-09-14 15:23 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:
Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2010-2642, CVE-2011-0433)
An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-0764)
A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1553)
An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1554)
An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. (CVE-2011-1552)
Affected Packages:
texlive
Issue Correction:
Run yum update texlive to update your system.
i686:
texlive-dviutils-2007-57.9.amzn1.i686
kpathsea-2007-57.9.amzn1.i686
texlive-context-2007-57.9.amzn1.i686
texlive-afm-2007-57.9.amzn1.i686
mendexk-2.6e-57.9.amzn1.i686
texlive-xetex-2007-57.9.amzn1.i686
texlive-east-asian-2007-57.9.amzn1.i686
texlive-debuginfo-2007-57.9.amzn1.i686
texlive-utils-2007-57.9.amzn1.i686
texlive-dvips-2007-57.9.amzn1.i686
texlive-latex-2007-57.9.amzn1.i686
kpathsea-devel-2007-57.9.amzn1.i686
texlive-2007-57.9.amzn1.i686
src:
texlive-2007-57.9.amzn1.src
x86_64:
texlive-dvips-2007-57.9.amzn1.x86_64
mendexk-2.6e-57.9.amzn1.x86_64
texlive-2007-57.9.amzn1.x86_64
kpathsea-2007-57.9.amzn1.x86_64
texlive-debuginfo-2007-57.9.amzn1.x86_64
texlive-context-2007-57.9.amzn1.x86_64
texlive-afm-2007-57.9.amzn1.x86_64
texlive-latex-2007-57.9.amzn1.x86_64
texlive-utils-2007-57.9.amzn1.x86_64
texlive-xetex-2007-57.9.amzn1.x86_64
texlive-east-asian-2007-57.9.amzn1.x86_64
texlive-dviutils-2007-57.9.amzn1.x86_64
kpathsea-devel-2007-57.9.amzn1.x86_64