From security@mandriva.com Thu Aug 11 16:29:47 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Thu, 11 Aug 2005 14:25:26 -0600 Subject: [Full-disclosure] MDKSA-2005:138 - Updated cups packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: cups Advisory ID: MDKSA-2005:138 Date: August 11th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 5d48bca988287653dd56975cc47a9011 10.0/RPMS/cups-1.1.20-5.8.100mdk.i586.rpm 4766df09a7d3dab61dff26d18210607e 10.0/RPMS/cups-common-1.1.20-5.8.100mdk.i586.rpm 01d3f0e9fbca7245d29e0008f511379e 10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.i586.rpm f654610a508b60e19a9fdd909a36ca50 10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm 2a8b8d18b2f3aafec1b3f5a6e27c8f76 10.0/RPMS/libcups2-devel-1.1.20-5.8.100mdk.i586.rpm e8fbda4a5bc004645231929662b461f0 10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm Mandrakelinux 10.0/AMD64: e6c500410c6737912b341994c1079a02 amd64/10.0/RPMS/cups-1.1.20-5.8.100mdk.amd64.rpm 290cbd28249758d012ce0f6405fe8bb7 amd64/10.0/RPMS/cups-common-1.1.20-5.8.100mdk.amd64.rpm a23b7e1868ff06db1c3358ddad003e08 amd64/10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.amd64.rpm 501e5559e13ab873eb84ee7449258c2c amd64/10.0/RPMS/lib64cups2-1.1.20-5.8.100mdk.amd64.rpm 39270cd3e6719b3a531c748a85d005e9 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.8.100mdk.amd64.rpm f654610a508b60e19a9fdd909a36ca50 amd64/10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm e8fbda4a5bc004645231929662b461f0 amd64/10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm Mandrakelinux 10.1: 175bc89b8c2aa3f49f3b264eb3d11c08 10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.i586.rpm a0f2a26a2c03c4eeb4b2d8c0edead1d7 10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.i586.rpm f266721618d085b9039f5dca9674ecb2 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.i586.rpm 631dbfd315035444776fd6cf95cf6acd 10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm d35a97d673a4ac95ace0a42537f88025 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.6.101mdk.i586.rpm 63feebc89515a0df9119c425c4a35884 10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm Mandrakelinux 10.1/X86_64: d36a3f804109352ab330793e97e1a0de x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm b50419737107d955258878707d575935 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm 0d9a6b76fc5eae9190f73ad14f5cfbc2 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm 7782f4c85b11d9eaf980488b84d06e93 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm ed0fe1a09d4564c4495bacb221df847d x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm 631dbfd315035444776fd6cf95cf6acd x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm 63feebc89515a0df9119c425c4a35884 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm Mandrakelinux 10.2: c1ef8da952cd9e56e2746be2b0bb5bd9 10.2/RPMS/cups-1.1.23-11.1.102mdk.i586.rpm 736fd01eacca34d04607795d1ef6547f 10.2/RPMS/cups-common-1.1.23-11.1.102mdk.i586.rpm 7d9dabe327857b8295bca0c689725732 10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.i586.rpm 829d2177b1f7317e5a8cde837aca55b4 10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm 16a599e6757a5bd5ed6820833d968b33 10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm 27c0d389d9a85467c9a70944b4362ec4 10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 3a1ccbf7ae89e47c1778f3c5997b178f x86_64/10.2/RPMS/cups-1.1.23-11.1.102mdk.x86_64.rpm d3275ccee68d7429fda7ba20f89c518c x86_64/10.2/RPMS/cups-common-1.1.23-11.1.102mdk.x86_64.rpm e665f3d80d4e13de539d9fa39a16d22e x86_64/10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.x86_64.rpm 9b5863c09729384a019f725d6861839e x86_64/10.2/RPMS/lib64cups2-1.1.23-11.1.102mdk.x86_64.rpm 63770318c658c4186d7d57a2208ed46a x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.1.102mdk.x86_64.rpm 829d2177b1f7317e5a8cde837aca55b4 x86_64/10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm 16a599e6757a5bd5ed6820833d968b33 x86_64/10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm 27c0d389d9a85467c9a70944b4362ec4 x86_64/10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm Corporate Server 2.1: cf770f5bf37c8318ba77c5fcde438172 corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.i586.rpm 524af59e822beba950b117106a1f96ed corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.i586.rpm 5be445e71199134e69dabe35c1e3be7d corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.i586.rpm a54a56a116a971a49bf2f0bdbb68e94f corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.i586.rpm 77365811d8997c9ffe4495b27005dfa6 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.i586.rpm 20c930c0306bfd6294ac99f4e479b61b corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: 65685f8e7a1d812a02e9cb589b2bce69 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.x86_64.rpm aadb1a546919cc920ebec02d2bc49cfd x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.x86_64.rpm 5cfc03537c65469e4d639ef0b70cae89 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.x86_64.rpm 5dcab751c4e4882492824dbcc7cb68d3 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.x86_64.rpm 0277512cc9357f1644abb49f3a514b9d x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.x86_64.rpm 20c930c0306bfd6294ac99f4e479b61b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm Corporate 3.0: ada77f1b64381034566313eb87f809c9 corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.i586.rpm 55be908096a2354e98f661ce596b2361 corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.i586.rpm 9d2b28df649b1a96e3937839adac1933 corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.i586.rpm 3dde8924c65df2232a1e908605a25c67 corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm 8aa74d6b8b151d6ca0520c8d8b23cab1 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.8.C30mdk.i586.rpm e0606323bf662289f25298c29d64faed corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm Corporate 3.0/X86_64: 88a009de39c8d2f7fa137c0f113ccac2 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.x86_64.rpm 7512d729ba5767b120390dd65b2d32d5 x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.x86_64.rpm 15c7f2318320357a8a54d3aa10206a99 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.x86_64.rpm a685089585d71ba77578a25187d4970c x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.8.C30mdk.x86_64.rpm 89507149b4b041b3d954e7c2e97c0feb x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.8.C30mdk.x86_64.rpm 3dde8924c65df2232a1e908605a25c67 x86_64/corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm e0606323bf662289f25298c29d64faed x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC+7Q2mqjQ0CJFipgRArJqAJ9Ct27CrTdqO+IWgn7o/t8y3QxvkACgxyg1 Kl+kyirBMLuNwZYU7mPLmpk= =HdMX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/