[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041230040959.13985.qmail@updates.mandrakesoft.com>
Date: 30 Dec 2004 04:09:59 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2004:164
Date: December 29th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
iDefense reported a buffer overflow vulnerability, which affects
versions of xpdf <= xpdf-3.0 and several programs, like cups,
which use embedded xpdf code. An attacker could construct a malicious
payload file which could enable arbitrary code execution on the target
system.
The updated packages are patched to protect against these
vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
b67d5934f8bd177099ebf8e1b6540ae3 10.0/RPMS/cups-1.1.20-5.4.100mdk.i586.rpm
f4b17f9ba9cf26a25cdaafa9726daa0f 10.0/RPMS/cups-common-1.1.20-5.4.100mdk.i586.rpm
99ad562f47750a34e1a0f0cc99eae4e5 10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.i586.rpm
cef2d19f980919ef1e9a2b8af3b4cead 10.0/RPMS/libcups2-1.1.20-5.4.100mdk.i586.rpm
29fdd34d49359c8b389aba91dde1b422 10.0/RPMS/libcups2-devel-1.1.20-5.4.100mdk.i586.rpm
c4e5d026db917225f268762c8c9369a7 10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
f2cb9fa8e8920286146f1ff050cf15bb amd64/10.0/RPMS/cups-1.1.20-5.4.100mdk.amd64.rpm
20e5ab702ab16b5b08eec1dbce974140 amd64/10.0/RPMS/cups-common-1.1.20-5.4.100mdk.amd64.rpm
d93ee753b292aa9b3805d3ff4593abd5 amd64/10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.amd64.rpm
d27eed817250622d43685e17a56b4d9c amd64/10.0/RPMS/lib64cups2-1.1.20-5.4.100mdk.amd64.rpm
c2d560945ec3da09a626ff00721f0d08 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.4.100mdk.amd64.rpm
c4e5d026db917225f268762c8c9369a7 amd64/10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm
Mandrakelinux 10.1:
1fbddd234794b114962d24f83f6b26c0 10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.i586.rpm
4dd08ed3f27234979966236d33d76477 10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.i586.rpm
94b97f6c8c00fd012af6bd879985e9a6 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.i586.rpm
08e6da39f555e62348139051f18b2af3 10.1/RPMS/libcups2-1.1.21-0.rc1.7.2.101mdk.i586.rpm
c57382ac31a060d385b66794f4ff8050 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.2.101mdk.i586.rpm
fbaac3fb9814e4f267ee540234c10b87 10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
02ccc7c75c3ccf94b6e3ad8a8f0dc728 x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
00eab10124a6828418d610797de1e5e6 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
7d435407629f3e9498aaec4fcbf3a8ed x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
65d3ef99d93326b35767ac5db613158c x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
740e302fd7e121aa94ee35453859dead x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
fbaac3fb9814e4f267ee540234c10b87 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm
Corporate Server 2.1:
d076c80f75d8ffcc9482cedf9d7bba09 corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.i586.rpm
0a6a8091417391e595ef9959bca25b3c corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.i586.rpm
9685d21a06acaf51f4d02978bdf5d01b corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.i586.rpm
536209e55abf0107247b8fe8bcbda66c corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.i586.rpm
345a920fe9f393a30ac77c40e61dea38 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.i586.rpm
4046c29307f4afade503d5d6aff22fde corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
cf56b0736fe0f35469bad4856379b5ec x86_64/corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.x86_64.rpm
0b1661b006baf8d20e106f63e420adde x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.x86_64.rpm
d5ce269bc10cd9135bbfabffd4ea02f5 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.x86_64.rpm
60b2c68c31e04397eaca15b5ea728c6f x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.x86_64.rpm
36dcd647bcc3ba5f33cf2dd9b3575b48 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.x86_64.rpm
4046c29307f4afade503d5d6aff22fde x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm
Mandrakelinux 9.2:
69985b160e53ed0347dd82f2972203d6 9.2/RPMS/cups-1.1.19-10.4.92mdk.i586.rpm
babb7de6513995617a4f8001e18c2242 9.2/RPMS/cups-common-1.1.19-10.4.92mdk.i586.rpm
394d55ca555dafc97f06a7c7ff9d2db3 9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.i586.rpm
a52b336ab465412cae594191e90ab5e5 9.2/RPMS/libcups2-1.1.19-10.4.92mdk.i586.rpm
6bc6c365596ec6e091cadf64101ffbe2 9.2/RPMS/libcups2-devel-1.1.19-10.4.92mdk.i586.rpm
2ae6f83a4d7816662d426ccde81dfdbe 9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
af7c42d1eaafd736d7eb568ab8bc0e56 amd64/9.2/RPMS/cups-1.1.19-10.4.92mdk.amd64.rpm
8baf2bba293b959a061d02563dc51d2d amd64/9.2/RPMS/cups-common-1.1.19-10.4.92mdk.amd64.rpm
09117deea33a1d5c89e0d9302eb1b6d2 amd64/9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.amd64.rpm
7c3ad6a81022d25ad42e95d7dd373e15 amd64/9.2/RPMS/lib64cups2-1.1.19-10.4.92mdk.amd64.rpm
39eceead4c480afa4f71e791313dbcb7 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.4.92mdk.amd64.rpm
2ae6f83a4d7816662d426ccde81dfdbe amd64/9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm
Multi Network Firewall 8.2:
f9795b9106fc6f6193195a20b517f14e mnf8.2/RPMS/libcups1-1.1.18-2.4.M82mdk.i586.rpm
49a95e429e7df165a8911191ab085354 mnf8.2/SRPMS/cups-1.1.18-2.4.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB03+XmqjQ0CJFipgRAqT+AJ0XSRrCHhoPmDwofiZ9Vs8fkjf70ACgjVQ/
/BLgR1EzSDwyBim6CRgQH8U=
=S1lD
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists