From security@linux-mandrake.com Thu Dec 30 14:40:24 2004 From: Mandrake Linux Security Team To: bugtraq@securityfocus.com Date: 30 Dec 2004 04:09:59 -0000 Subject: MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: cups Advisory ID: MDKSA-2004:164 Date: December 29th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like cups, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: b67d5934f8bd177099ebf8e1b6540ae3 10.0/RPMS/cups-1.1.20-5.4.100mdk.i586.rpm f4b17f9ba9cf26a25cdaafa9726daa0f 10.0/RPMS/cups-common-1.1.20-5.4.100mdk.i586.rpm 99ad562f47750a34e1a0f0cc99eae4e5 10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.i586.rpm cef2d19f980919ef1e9a2b8af3b4cead 10.0/RPMS/libcups2-1.1.20-5.4.100mdk.i586.rpm 29fdd34d49359c8b389aba91dde1b422 10.0/RPMS/libcups2-devel-1.1.20-5.4.100mdk.i586.rpm c4e5d026db917225f268762c8c9369a7 10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm Mandrakelinux 10.0/AMD64: f2cb9fa8e8920286146f1ff050cf15bb amd64/10.0/RPMS/cups-1.1.20-5.4.100mdk.amd64.rpm 20e5ab702ab16b5b08eec1dbce974140 amd64/10.0/RPMS/cups-common-1.1.20-5.4.100mdk.amd64.rpm d93ee753b292aa9b3805d3ff4593abd5 amd64/10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.amd64.rpm d27eed817250622d43685e17a56b4d9c amd64/10.0/RPMS/lib64cups2-1.1.20-5.4.100mdk.amd64.rpm c2d560945ec3da09a626ff00721f0d08 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.4.100mdk.amd64.rpm c4e5d026db917225f268762c8c9369a7 amd64/10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm Mandrakelinux 10.1: 1fbddd234794b114962d24f83f6b26c0 10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.i586.rpm 4dd08ed3f27234979966236d33d76477 10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.i586.rpm 94b97f6c8c00fd012af6bd879985e9a6 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.i586.rpm 08e6da39f555e62348139051f18b2af3 10.1/RPMS/libcups2-1.1.21-0.rc1.7.2.101mdk.i586.rpm c57382ac31a060d385b66794f4ff8050 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.2.101mdk.i586.rpm fbaac3fb9814e4f267ee540234c10b87 10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 02ccc7c75c3ccf94b6e3ad8a8f0dc728 x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm 00eab10124a6828418d610797de1e5e6 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm 7d435407629f3e9498aaec4fcbf3a8ed x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm 65d3ef99d93326b35767ac5db613158c x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm 740e302fd7e121aa94ee35453859dead x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm fbaac3fb9814e4f267ee540234c10b87 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm Corporate Server 2.1: d076c80f75d8ffcc9482cedf9d7bba09 corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.i586.rpm 0a6a8091417391e595ef9959bca25b3c corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.i586.rpm 9685d21a06acaf51f4d02978bdf5d01b corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.i586.rpm 536209e55abf0107247b8fe8bcbda66c corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.i586.rpm 345a920fe9f393a30ac77c40e61dea38 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.i586.rpm 4046c29307f4afade503d5d6aff22fde corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm Corporate Server 2.1/x86_64: cf56b0736fe0f35469bad4856379b5ec x86_64/corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.x86_64.rpm 0b1661b006baf8d20e106f63e420adde x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.x86_64.rpm d5ce269bc10cd9135bbfabffd4ea02f5 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.x86_64.rpm 60b2c68c31e04397eaca15b5ea728c6f x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.x86_64.rpm 36dcd647bcc3ba5f33cf2dd9b3575b48 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.x86_64.rpm 4046c29307f4afade503d5d6aff22fde x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm Mandrakelinux 9.2: 69985b160e53ed0347dd82f2972203d6 9.2/RPMS/cups-1.1.19-10.4.92mdk.i586.rpm babb7de6513995617a4f8001e18c2242 9.2/RPMS/cups-common-1.1.19-10.4.92mdk.i586.rpm 394d55ca555dafc97f06a7c7ff9d2db3 9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.i586.rpm a52b336ab465412cae594191e90ab5e5 9.2/RPMS/libcups2-1.1.19-10.4.92mdk.i586.rpm 6bc6c365596ec6e091cadf64101ffbe2 9.2/RPMS/libcups2-devel-1.1.19-10.4.92mdk.i586.rpm 2ae6f83a4d7816662d426ccde81dfdbe 9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm Mandrakelinux 9.2/AMD64: af7c42d1eaafd736d7eb568ab8bc0e56 amd64/9.2/RPMS/cups-1.1.19-10.4.92mdk.amd64.rpm 8baf2bba293b959a061d02563dc51d2d amd64/9.2/RPMS/cups-common-1.1.19-10.4.92mdk.amd64.rpm 09117deea33a1d5c89e0d9302eb1b6d2 amd64/9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.amd64.rpm 7c3ad6a81022d25ad42e95d7dd373e15 amd64/9.2/RPMS/lib64cups2-1.1.19-10.4.92mdk.amd64.rpm 39eceead4c480afa4f71e791313dbcb7 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.4.92mdk.amd64.rpm 2ae6f83a4d7816662d426ccde81dfdbe amd64/9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm Multi Network Firewall 8.2: f9795b9106fc6f6193195a20b517f14e mnf8.2/RPMS/libcups1-1.1.18-2.4.M82mdk.i586.rpm 49a95e429e7df165a8911191ab085354 mnf8.2/SRPMS/cups-1.1.18-2.4.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFB03+XmqjQ0CJFipgRAqT+AJ0XSRrCHhoPmDwofiZ9Vs8fkjf70ACgjVQ/ /BLgR1EzSDwyBim6CRgQH8U= =S1lD -----END PGP SIGNATURE-----