lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LyV0m-0004vG-TO@titan.mandriva.com>
Date: Mon, 27 Apr 2009 19:53:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:096-1 ] printer-drivers


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:096-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : printer-drivers
 Date    : April 24, 2009
 Affected: Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 A buffer underflow in Ghostscript's CCITTFax decoding filter allows
 remote attackers to cause denial of service and possibly to execute
 arbitrary by using a crafted PDF file (CVE-2007-6725).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images. Note: this issue exists because of
 an incomplete fix for CVE-2009-0583 (CVE-2009-0792).
 
 This update provides fixes for that vulnerabilities.

 Update:

 The previous update went with a wrong require version of perl-base
 in the foomatic-db-engine package. It is fixed on this update.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 96dbc60a93ce4a6763d2455faf174a7b  corporate/3.0/i586/cups-drivers-1.1-138.7.C30mdk.i586.rpm
 22dc1a762f9a3a2fe5d7110b5eba3455  corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 d2c14e583a164b7869cf948e3c9807fa  corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 bac7e6a9dc1c0001ce0e52ca46478ef8  corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 d21db35d010cec004a08b81ea931e099  corporate/3.0/i586/ghostscript-7.07-19.7.C30mdk.i586.rpm
 4a5ff90f604335520030e009c9bfa88f  corporate/3.0/i586/ghostscript-module-X-7.07-19.7.C30mdk.i586.rpm
 4f7585ce74121c1d5ac778502514b282  corporate/3.0/i586/gimpprint-4.2.7-2.7.C30mdk.i586.rpm
 5d151dd1c5722bc6772f50906f1f8021  corporate/3.0/i586/libgimpprint1-4.2.7-2.7.C30mdk.i586.rpm
 6451feff86856479e8a35ebf49f185f4  corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.7.C30mdk.i586.rpm
 c4d87b25765d2db2efe1e45ad6ef9e16  corporate/3.0/i586/libijs0-0.34-76.7.C30mdk.i586.rpm
 76d95e81afaba7c85f2263fb24a98ee8  corporate/3.0/i586/libijs0-devel-0.34-76.7.C30mdk.i586.rpm
 2e816acf32ad22a5297565750840fa35  corporate/3.0/i586/printer-filters-1.0-138.7.C30mdk.i586.rpm
 480c4991734be95df224865468a45e9a  corporate/3.0/i586/printer-testpages-1.0-138.7.C30mdk.i586.rpm
 5d0845002a84eb2a8c341039ce64a2fc  corporate/3.0/i586/printer-utils-1.0-138.7.C30mdk.i586.rpm 
 903215b475cf0031bdd3f79983734c87  corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a45bd1c244e8c09768e8482ef0db740a  corporate/3.0/x86_64/cups-drivers-1.1-138.7.C30mdk.x86_64.rpm
 42836893a4f590eede9ffe95309c44f5  corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 97681dcc24ba1d656f5ccb90a3dc9551  corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 7988477ee8ec84c17d404300db27de1e  corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 dc7d3d21e5311227c9c7326e31b4a5b5  corporate/3.0/x86_64/ghostscript-7.07-19.7.C30mdk.x86_64.rpm
 caf9a2010f126f6c5e75204ce97ae2a0  corporate/3.0/x86_64/ghostscript-module-X-7.07-19.7.C30mdk.x86_64.rpm
 2b3ac0b759e0695a80a12f23f8f5e26a  corporate/3.0/x86_64/gimpprint-4.2.7-2.7.C30mdk.x86_64.rpm
 3bf97787fedfe9e9f4348c77a8aca100  corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.7.C30mdk.x86_64.rpm
 9653764019d8fad3994332efd55a541a  corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.7.C30mdk.x86_64.rpm
 0d818179492f74a124d6bd28a3e2afe4  corporate/3.0/x86_64/lib64ijs0-0.34-76.7.C30mdk.x86_64.rpm
 ca55063d9e24ac47784e6f5606bdc981  corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.7.C30mdk.x86_64.rpm
 0e8cc9cc04b70fc207ebd843cd82bf5d  corporate/3.0/x86_64/printer-filters-1.0-138.7.C30mdk.x86_64.rpm
 ddf46b5e1937b911e7f8650ddc569798  corporate/3.0/x86_64/printer-testpages-1.0-138.7.C30mdk.x86_64.rpm
 f90b734db08f01cac31a7f3b8c86528f  corporate/3.0/x86_64/printer-utils-1.0-138.7.C30mdk.x86_64.rpm 
 903215b475cf0031bdd3f79983734c87  corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9caLmqjQ0CJFipgRAq0AAKDMk/At0KOjwv8z1lMVVONLt8oU3ACg18sa
/GHaS3O+LLgMH6XSBnHCfiE=
=YDBP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ