lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Jh9mS-0005Co-VU@artemis.annvix.ca>
Date: Wed, 02 Apr 2008 14:42:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:081 ] - Updated CUPS packages fix
	multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:081
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : April 2, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A heap-based buffer overflow in CUPS 1.2.x and later was discovered by
 regenrecht of VeriSign iDenfense that could allow a remote attacker
 to execute arbitrary code via a crafted CGI search expression
 (CVE-2008-0047).
 
 A validation error in the Hp-GL/2 filter was also discovered
 (CVE-2008-0053).
 
 Finally, a vulnerability in how CUPS handled GIF files was found by
 Tomas Hoger of Red Hat, similar to previous issues corrected in PHP,
 gd, tk, netpbm, and SDL_image (CVE-2008-1373).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 4ecbfe664ba6820bf06dc406133e265c  2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm
 6d51733a95884e36cca9570738537ff6  2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm
 abe0591d8b2b390a82dffcd2fed43b14  2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm
 91ffe19d342810de71e056e213056552  2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm
 71fd9246da1e48b2dc6a60ceeae41e48  2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm
 bd0f3b69fe5dc7bddd6c121200db014d  2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm 
 cb50a10a1096424175c1a49e8e22a8a1  2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 d9423a942f4f779959cfe489866b52f5  2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm
 8b13ba591a7dc53c658876dae447ce17  2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm
 9e434edde16c05fded1b706adaae859d  2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm
 9733f3116c8488148471af3d5bdafd16  2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm
 fbb5010088c23aa2cf635875179adc3c  2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm
 00e05d49f33ef5d0067287ef1a27246c  2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm 
 cb50a10a1096424175c1a49e8e22a8a1  2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 dc81f96bd48732eed770b0090b333695  2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm
 3545d312400a8f5aad55e323d2ff3543  2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm
 f4656b26df51f63813a49006415a783b  2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm
 ab1869c8ddeda927fdfbc49c386756f1  2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm
 5de192ed26380212896fcd376a1b3e23  2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm
 a347c58fc3e76e064cabf8425d0245ab  2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm 
 15c9274e61f9dbe98150fa1ae58ef7bc  2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 1faa57f00d0577f6d25cddf7fccd7edb  2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm
 26a14fabfef38f2fd4ab88c6184d4e2f  2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm
 b5a49bfbeb004af58e1e5f9c1660dece  2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm
 6b81f4e888dec6e94231b01fd5d162bf  2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm
 256313a9ac10203a7d59deb6ff0a3da0  2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm
 41e268b0e9e8a5e256c9af6192dfcae0  2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm 
 15c9274e61f9dbe98150fa1ae58ef7bc  2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 27ee99856a1c4448cdee618f2db8ae52  2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm
 09a6026a683b1ea029b63b0480aa2d4b  2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm
 7974c9c3a572a389fea83250cd57c8e1  2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm
 a6432e417d401b7900113763255bf8c3  2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm
 cfb0fd68a1d60f1dfa985da0bb79190f  2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm
 aba1862f9db0e18f09d581ef0a95fde8  2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm 
 e034c775d5b04fffb14cb441b8174a55  2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b18f356dc9fc5cda784e576e3f20a801  2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm
 bccc98b2ad3205d2c301036ba9d28f61  2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm
 1c1837c8a8eb04609daa405553ab7fe8  2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm
 5748bf84c1239e2b4255446cbf6c8285  2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm
 bd593d10e724d5fcb41a474ceb985996  2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm
 f2db5dfbb8dc8327965a45a5d88e0b6d  2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm 
 e034c775d5b04fffb14cb441b8174a55  2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

 Corporate 3.0:
 21bb1e12de3ad442d1abcf6b748e4612  corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm
 0b98a618d204f1cb5d93cfc8bc17ce04  corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm
 b4d7d4823f4a052f1b88de95c15fdd35  corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm
 15ff4fca1070bde09536ef5c152f93fa  corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm
 29a49e9cd1dab4afc7d4b45f756db2ec  corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm 
 2d3ba4ca7a10c5842f6eeb6a7f847e86  corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f977134efb9f309911bfc1b4850e82f0  corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm
 36fff0b8424e4f651e6f055c70008521  corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm
 696c4e4cc405b9ca56f22819fa2f818b  corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm
 942d626665fe5a05f879411e7ca80030  corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm
 e191a6945b87e3b33617a3de06561d3e  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm 
 2d3ba4ca7a10c5842f6eeb6a7f847e86  corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

 Corporate 4.0:
 a091b07a3a414304cf24e76ab99d3afe  corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm
 4cabdbd655b65028ee5bdfb3452f4506  corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm
 534437dd5a286f0484df0e2cdfd9e636  corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm
 0dd449c47be977964034d699749738f7  corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm
 6aad89786cfec35bc5e81eb3a1dc8cd4  corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm
 fc46181aa746a4f637d66681fb975560  corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm 
 83a55c89caf98419e9f76b58c6bee2e5  corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7c7624e35383c614691e4063215f8d65  corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm
 17f29e8614a988900a09305adfd1c85b  corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm
 773484820406d7285608081cb7e262d2  corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm
 a53e7a817a42ccc1ac5a5daa7602c4d8  corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm
 ad933e76d237bbb83bf568071566ba37  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm
 4c6d20646db4de2ab03907c9b6705067  corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 
 83a55c89caf98419e9f76b58c6bee2e5  corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH88NLmqjQ0CJFipgRAvgQAJ9PyMfRvtdcft3hCuqCnGg+4dLucQCgrz1i
QDjzjtxa/ZH8ibtkLnEJNvQ=
=7iZK
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ