lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050119110053.GA20881@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-64-1] xpdf, CUPS vulnerabilities

===========================================================
Ubuntu Security Notice USN-64-1		   January 19, 2005
xpdf, cupsys vulnerabilities
CAN-2005-0064
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys
libcupsimage2
libcupsys2-gnutls10
xpdf-reader
xpdf-utils

The problem can be corrected by upgrading the affected package to
version 1.1.20final+cvs20040330-4ubuntu16.4 (cupsys, libcupsimage2,
and libcupsys2-gnutls10) and 3.00-8ubuntu1.4 (xpdf-reader and
xpdf-utils). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A buffer overflow has been found in the xpdf viewer. An insufficient
input validation of the encryption key length could be exploited by an
attacker providing a specially crafted PDF file which, when processed
by xpdf, could result in abnormal program termination or the execution
of attacker supplied program code with the user's privileges.

The Common UNIX Printing System (CUPS) uses the same code to print PDF
files. In this case, this bug could be exploited to gain the
privileges of the CUPS print server (by default, user cupsys).

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.4.diff.gz
      Size/MD5:  1353321 5877c65f6d8f858ae9e176be9ef6410d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.4.dsc
      Size/MD5:      867 7a5091f1718ccc0e56b655fb01b8057e
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.4.diff.gz
      Size/MD5:    47899 cbcf2ab245afbabd90086b1022ce65f2
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.4.dsc
      Size/MD5:      788 b4eb7934f273cd445ffe844242ba3e0c
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-common_3.00-8ubuntu1.4_all.deb
      Size/MD5:    56410 0f635571ea692f043fdbf3c2e1831253
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf_3.00-8ubuntu1.4_all.deb
      Size/MD5:     1274 300fa460fc04629eee23c0b4b9447fd7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:    58900 31f791a66c7d1404e04392b75760ba8e
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:   107172 d68ff02919de67e873cd8a606c748855
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:  3614588 e70e1a779b79268a9890a650d1dee919
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:    62546 d0e5bb648e62183786cbc75dce29edbe
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:    53208 3fbb37717ad9ac9e9795f3a2b5ff8bc1
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:   101676 f85c589f51c1aa70c019b31e152ba003
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.4_amd64.deb
      Size/MD5:    74738 7edd4f3093e35376a85d505cf4a3f050
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.4_amd64.deb
      Size/MD5:   666728 adda9e02ae08bb46029d6f1393fca20a
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.4_amd64.deb
      Size/MD5:  1270714 5cd25cc5661e99247ba0af7bcf31297f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:    58254 ad8a1dac7aa1dfb6cfff1bde76948f33
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:   104976 07e0832f69d47703c382038ef85395ff
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:  3603284 1b986defe60c5e32b99ff2d0be58ea26
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:    62126 70f6bdf50c1ea545e8bd573b375ae863
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:    52792 1ed36a6f187d3262e1d7fb575ed8f872
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:    98336 47854bc25adefebae9a5e1826dcd1b1a
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.4_i386.deb
      Size/MD5:    72012 2bba044150c4527dc11692b27f293755
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.4_i386.deb
      Size/MD5:   631720 706726bf857936af30380b07c72d6dd5
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.4_i386.deb
      Size/MD5:  1193210 34ae871124763656ac7e21c32612e511

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:    62844 e2b936306040808fef0bd3fe2590d981
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:   114812 1d78506eed2c9e352b861d6ba757cc6b
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:  3633666 95463d6cc9b4082f245bea30b0462964
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:    61738 5e6ae8a2b9d188ec901c17f851212530
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:    55432 714a7305c6a79feb99e2d939d206033d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:   101060 1c99fe289c0c5d046da10001842a6da2
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.4_powerpc.deb
      Size/MD5:    74834 7f1db6e2634579c504657b6162099db0
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-reader_3.00-8ubuntu1.4_powerpc.deb
      Size/MD5:   692876 f4b9b29c7c8ad9a8fb5a3d6dd332a776
    http://security.ubuntu.com/ubuntu/pool/main/x/xpdf/xpdf-utils_3.00-8ubuntu1.4_powerpc.deb
      Size/MD5:  1310912 b472d87db41d4ad4771cece71a55b7c5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050119/17f0358f/attachment.bin

Powered by blists - more mailing lists