lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RDHEu-0001RW-KA@titan.mandriva.com>
Date: Mon, 10 Oct 2011 16:54:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:146 ] cups

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:146
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : October 11, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in cups:
 
 The cupsDoAuthentication function in auth.c in the client in CUPS
 before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a
 demand for authorization, which allows remote CUPS servers to cause
 a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses
 (CVE-2010-2432).
 
 The LZW decompressor in the LWZReadByte function in giftoppm.c in
 the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
 function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
 function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
 the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
 and earlier, and other products, does not properly handle code words
 that are absent from the decompression table when encountered, which
 allows remote attackers to trigger an infinite loop or a heap-based
 buffer overflow, and possibly execute arbitrary code, via a crafted
 compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
 (CVE-2011-2896).
 
 The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
 earlier does not properly handle the first code word in an LZW stream,
 which allows remote attackers to trigger a heap-based buffer overflow,
 and possibly execute arbitrary code, via a crafted stream, a different
 vulnerability than CVE-2011-2896 (CVE-2011-3170).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 451f5c217b5607e6ae8e2c091b7ecc75  2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm
 0c7f78718f376f9df426aa4dc1b6f93e  2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm
 deefb9a51325690a9f4fe8fe519faf9f  2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm
 bdea2daf7c44f8a5250df2d548a9e030  2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm
 dd60444ba124fa9c024375b9356848d6  2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm
 680ac463439bb2332229a52fb1d8a4c4  2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm 
 67417654d026df854d35370724c1565b  2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 557d87c9d241ae39c785c6373dd8b70f  2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm
 f68379827c3e1dd18601fff8dd19621f  2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm
 5439dfb021e198212a04698d95ddb5f2  2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm
 6567d318f829bafaa625262159589806  2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm
 17f56ba710371a2297d13880fc7676d7  2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm
 8d29304cb6f1bbb89682bf852a2da6ed  2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm 
 67417654d026df854d35370724c1565b  2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 333f2b8f389a7210be1123ce092bbb8b  2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm
 2f753bd61e2726d1099d2dd3d57f2eca  2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm
 2d9ae53f0a159618391ef18c94561408  2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm
 9fbb242780d33b802667d5babdeff105  2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm
 461913f016aa628f81379e1a4e67151b  2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm
 3b907ebc975bbf2d700edd64d44e5e79  2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm 
 d079c755b005a0336eef88cdaf7124a4  2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0eb77a9809fcd349c3fa223781f7794e  2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm
 e5e69d444efa6344cff81af4278c9755  2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm
 6c0a637a71baa5c5a58ce5c4b28d0137  2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm
 b34fcde9ed6ef29b76e816f800d11237  2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm
 ebc1a568d6dee5bf1d88bdceded2a716  2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm
 98f1846e79b75e9e0a3e98b15385d80d  2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm 
 d079c755b005a0336eef88cdaf7124a4  2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 776e12f8d570445f63c0a9437fcddd2e  mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm
 ad33a9c8115cc83c1008028bcb0e29c7  mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm
 21b795c7736553fd6a825598976c866b  mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm
 c3fd62dd50d3ce0b96ef0b3c2520ff89  mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm
 34b4518819bfac3d5ea9d6e925b7945b  mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm
 5403247140449d963d791c54df419b18  mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm 
 ad71fafb07ed353fa7addfad6049cf8b  mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 7f11915d7803d01df1840d891882e6ba  mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
 1a364126747bf4f24987c184344c4ec4  mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm
 3d728c0528cc1ad0d23b1a511c122f68  mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm
 1abee6673d58115557b11c5fded196d2  mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm
 dab5b4d9ef8442301b180e21fc003b45  mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm
 91955cdd36674dc12ba5bb716c2bee36  mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm 
 ad71fafb07ed353fa7addfad6049cf8b  mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOktgPmqjQ0CJFipgRAhG2AKCAuUZh2rvZdtbjtd0ycVemOY39TQCgn0jF
Ee6oHfd4+Nq17qNb0y7s7Nc=
=lZgy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ