| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Nov 2007 19:23:22 -0700 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:228 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : November 19, 2007 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4-1.5mdv2007.0.i586.rpm 29fd652c383d4ea688336bc143f1e5cf 2007.0/i586/cups-common-1.2.4-1.5mdv2007.0.i586.rpm 6a6c275bf900887bc34325ef552f39ab 2007.0/i586/cups-serial-1.2.4-1.5mdv2007.0.i586.rpm b2f487a129a0ae8cefd66bd89177f5bd 2007.0/i586/libcups2-1.2.4-1.5mdv2007.0.i586.rpm 853850aadbfed2e7a5fe76ddfd293990 2007.0/i586/libcups2-devel-1.2.4-1.5mdv2007.0.i586.rpm cdeaa28956923402a8986821fb01ec53 2007.0/i586/php-cups-1.2.4-1.5mdv2007.0.i586.rpm 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7df3b74de7c7d06ca7e750912993b85a 2007.0/x86_64/cups-1.2.4-1.5mdv2007.0.x86_64.rpm 7c8463926c7a618df34b5e31ddb3b80f 2007.0/x86_64/cups-common-1.2.4-1.5mdv2007.0.x86_64.rpm 49b51564f1e7ce0df1da99f7f86bff3c 2007.0/x86_64/cups-serial-1.2.4-1.5mdv2007.0.x86_64.rpm e6c50f4ec69f14569036549ee1402beb 2007.0/x86_64/lib64cups2-1.2.4-1.5mdv2007.0.x86_64.rpm 0d4f42989dc3604a551cf1f9f4bb1c76 2007.0/x86_64/lib64cups2-devel-1.2.4-1.5mdv2007.0.x86_64.rpm 8a9a47b66a117d76b6612ac247ee76fb 2007.0/x86_64/php-cups-1.2.4-1.5mdv2007.0.x86_64.rpm 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm Mandriva Linux 2007.1: 8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10-2.3mdv2007.1.i586.rpm 8d84223e130eb9039dd5e25dfcf47684 2007.1/i586/cups-common-1.2.10-2.3mdv2007.1.i586.rpm c73459d19f605e2093fe8e7753510cf8 2007.1/i586/cups-serial-1.2.10-2.3mdv2007.1.i586.rpm 9f4e634eb3e900ffefd59562780a3f28 2007.1/i586/libcups2-1.2.10-2.3mdv2007.1.i586.rpm fd0883a8e8243ff1ceb862f14b9f032b 2007.1/i586/libcups2-devel-1.2.10-2.3mdv2007.1.i586.rpm bbb9b69f0e77c2e89f82328fa96a254f 2007.1/i586/php-cups-1.2.10-2.3mdv2007.1.i586.rpm a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: b1ae2a278de78e5e90cd818af06c8869 2007.1/x86_64/cups-1.2.10-2.3mdv2007.1.x86_64.rpm feb3659cf805bbb8d7d528ec00007416 2007.1/x86_64/cups-common-1.2.10-2.3mdv2007.1.x86_64.rpm f10bf7760a46b9bf195d0ee2f0b20ad0 2007.1/x86_64/cups-serial-1.2.10-2.3mdv2007.1.x86_64.rpm 7dccd2d2bd22194c72821a2315be71f0 2007.1/x86_64/lib64cups2-1.2.10-2.3mdv2007.1.x86_64.rpm 1690756e08eed05d08b9b1dad4554a69 2007.1/x86_64/lib64cups2-devel-1.2.10-2.3mdv2007.1.x86_64.rpm 9d0f9f960a4e171d5b69a51650a0e97c 2007.1/x86_64/php-cups-1.2.10-2.3mdv2007.1.x86_64.rpm a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm Mandriva Linux 2008.0: fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0-3.3mdv2008.0.i586.rpm 0f32262c9fd557a33653d346cf561eb0 2008.0/i586/cups-common-1.3.0-3.3mdv2008.0.i586.rpm 679603be0ff46880b67a8a526fc5e0f6 2008.0/i586/cups-serial-1.3.0-3.3mdv2008.0.i586.rpm 2c475b6dbc51abb97f4978fb38f805aa 2008.0/i586/libcups2-1.3.0-3.3mdv2008.0.i586.rpm c8bfa0b793dc2f75c15f19e4822bb02d 2008.0/i586/libcups2-devel-1.3.0-3.3mdv2008.0.i586.rpm 002037d0c0296df0f488b6827abd3621 2008.0/i586/php-cups-1.3.0-3.3mdv2008.0.i586.rpm 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 908ceb359b83acc57734a535e1b7b7a5 2008.0/x86_64/cups-1.3.0-3.3mdv2008.0.x86_64.rpm 3ef9fbbffa74d7ea35ec501c074f6195 2008.0/x86_64/cups-common-1.3.0-3.3mdv2008.0.x86_64.rpm b29c75dd2616451c33800772d77f6d22 2008.0/x86_64/cups-serial-1.3.0-3.3mdv2008.0.x86_64.rpm 7bc26d62f62bebfd13f748a3e1c92f40 2008.0/x86_64/lib64cups2-1.3.0-3.3mdv2008.0.x86_64.rpm bd7fca05e68b64f71532007f0d3336b6 2008.0/x86_64/lib64cups2-devel-1.3.0-3.3mdv2008.0.x86_64.rpm f8a5c7b8727652c48080c7d42ebbbb98 2008.0/x86_64/php-cups-1.3.0-3.3mdv2008.0.x86_64.rpm 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm Corporate 3.0: d8f8b23034ed04134c3adffe8900c3c0 corporate/3.0/i586/cups-1.1.20-5.14.C30mdk.i586.rpm 692d4cc10f27d0b032414bd49047a0d5 corporate/3.0/i586/cups-common-1.1.20-5.14.C30mdk.i586.rpm f51f15805a46410360a735d266b05513 corporate/3.0/i586/cups-serial-1.1.20-5.14.C30mdk.i586.rpm ac8c8341c807fe425b95b2d36e540632 corporate/3.0/i586/libcups2-1.1.20-5.14.C30mdk.i586.rpm 9e4381efa99b4259291d83ce12fbbfd1 corporate/3.0/i586/libcups2-devel-1.1.20-5.14.C30mdk.i586.rpm dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm Corporate 3.0/X86_64: af60c4b209e2d7c8b2926152484d7a16 corporate/3.0/x86_64/cups-1.1.20-5.14.C30mdk.x86_64.rpm 04723ab4e6928c7c94509970ee3affe5 corporate/3.0/x86_64/cups-common-1.1.20-5.14.C30mdk.x86_64.rpm 633e04aa6a1a94e4c16ff06b80c5b0a1 corporate/3.0/x86_64/cups-serial-1.1.20-5.14.C30mdk.x86_64.rpm 8455649b95bd3ccbbbd83643355d0d9d corporate/3.0/x86_64/lib64cups2-1.1.20-5.14.C30mdk.x86_64.rpm b0bb5f82abe5e63f2330a2ce3856d9fd corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.14.C30mdk.x86_64.rpm dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm Corporate 4.0: 601bc4824031861920955ad8555aa4d7 corporate/4.0/i586/cups-1.2.4-0.5.20060mlcs4.i586.rpm 47167ce1b770bf583616d86a06e4b434 corporate/4.0/i586/cups-common-1.2.4-0.5.20060mlcs4.i586.rpm 8b12a32bd46ce350143b1722dbf76de2 corporate/4.0/i586/cups-serial-1.2.4-0.5.20060mlcs4.i586.rpm 7bded05fbaf5b485aef109404f0132f9 corporate/4.0/i586/libcups2-1.2.4-0.5.20060mlcs4.i586.rpm 09c2660b9004454c07b15d3e57124acc corporate/4.0/i586/libcups2-devel-1.2.4-0.5.20060mlcs4.i586.rpm 55eddc1759513c131465e61564977618 corporate/4.0/i586/php-cups-1.2.4-0.5.20060mlcs4.i586.rpm 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1e3565148aa5da08a4b999b42d7763c8 corporate/4.0/x86_64/cups-1.2.4-0.5.20060mlcs4.x86_64.rpm a1da7ffbc6fb5294967fde1b785dc7fa corporate/4.0/x86_64/cups-common-1.2.4-0.5.20060mlcs4.x86_64.rpm 306ffbfbf7606ffc31c197f77c539eef corporate/4.0/x86_64/cups-serial-1.2.4-0.5.20060mlcs4.x86_64.rpm f0364ad9115ceb82978847ab6cdc66e1 corporate/4.0/x86_64/lib64cups2-1.2.4-0.5.20060mlcs4.x86_64.rpm d93d6cb48d60436c9f1b32181f82b6c7 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.5.20060mlcs4.x86_64.rpm 802a3f4c3167f06640d2a8c3394cb26c corporate/4.0/x86_64/php-cups-1.2.4-0.5.20060mlcs4.x86_64.rpm 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W z5jyh/u/+4QFVsSocymKj/g= =RkrY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists