lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Koa21-00068a-20@titan.mandriva.com>
Date: Sat, 11 Oct 2008 02:41:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:211 ] cups


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:211
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : October 10, 2008
 Affected: 2007.1, 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A buffer overflow in the SGI image format decoding routines used by the
 CUPS image converting filter imagetops was discovered.  An attacker
 could create malicious SGI image files that could possibly execute
 arbitrary code if the file was printed (CVE-2008-3639).
 
 An integer overflow flaw leading to a heap buffer overflow was found
 in the Text-to-PostScript texttops filter.  An attacker could create
 a malicious text file that could possibly execute arbitrary code if
 the file was printed (CVE-2008-3640).
 
 Finally, an insufficient buffer bounds checking flaw was found in
 the HP-GL/2-to-PostScript hpgltops filter.  An attacker could create
 a malicious HP-GL/2 file that could possibly execute arbitrary code
 if the file was printed (CVE-2008-3641).
 
 The updated packages have been patched to prevent this issue; for
 Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided
 that corrects these issues and also provides other bug fixes.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 d8041b477aac8897e465fd7885c4f046  2007.1/i586/cups-1.2.10-2.8mdv2007.1.i586.rpm
 85169e175683eee33f38c3dc6dca555d  2007.1/i586/cups-common-1.2.10-2.8mdv2007.1.i586.rpm
 3838db5f9b5313587335232f4bdfadb7  2007.1/i586/cups-serial-1.2.10-2.8mdv2007.1.i586.rpm
 4dac70286d0aaa55d0c585c4e485f4d6  2007.1/i586/libcups2-1.2.10-2.8mdv2007.1.i586.rpm
 2647b541d7a80ea194d6cc4983342e14  2007.1/i586/libcups2-devel-1.2.10-2.8mdv2007.1.i586.rpm
 5bf9cba238150a77016869b2b600e0bd  2007.1/i586/php-cups-1.2.10-2.8mdv2007.1.i586.rpm 
 3762b10d3a6b962ec6932856d635a119  2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 27098b09dc01c70600c55572cb928422  2007.1/x86_64/cups-1.2.10-2.8mdv2007.1.x86_64.rpm
 fbd01859759af3a2e32244cfff7aaa33  2007.1/x86_64/cups-common-1.2.10-2.8mdv2007.1.x86_64.rpm
 4197004f7a59cc90d8d51f8ff34e2997  2007.1/x86_64/cups-serial-1.2.10-2.8mdv2007.1.x86_64.rpm
 6cc45d922f07d379db0de2e08eb1589e  2007.1/x86_64/lib64cups2-1.2.10-2.8mdv2007.1.x86_64.rpm
 d7443db8a26f27b41c32c95dee129437  2007.1/x86_64/lib64cups2-devel-1.2.10-2.8mdv2007.1.x86_64.rpm
 eca467e20954fea23fd050ee41d2ca4a  2007.1/x86_64/php-cups-1.2.10-2.8mdv2007.1.x86_64.rpm 
 3762b10d3a6b962ec6932856d635a119  2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 837c0714eef677dfcdb1befc56012db5  2008.0/i586/cups-1.3.6-1.3mdv2008.0.i586.rpm
 cb8d17edacf1dc1dc5915fbb35745d9a  2008.0/i586/cups-common-1.3.6-1.3mdv2008.0.i586.rpm
 635eb3405a6b5a4b93ca6373207093df  2008.0/i586/cups-serial-1.3.6-1.3mdv2008.0.i586.rpm
 59939c1a2a730a0887750bafb4cabee1  2008.0/i586/libcups2-1.3.6-1.3mdv2008.0.i586.rpm
 6183d24df353f4e8082374951636a657  2008.0/i586/libcups2-devel-1.3.6-1.3mdv2008.0.i586.rpm
 0f1df17bf9cc86bb607ef28d4b29c6b2  2008.0/i586/php-cups-1.3.6-1.3mdv2008.0.i586.rpm 
 68ac87937182de901cece9b93ba700fa  2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5b73d5bfebbc66f8a56922c7b943f351  2008.0/x86_64/cups-1.3.6-1.3mdv2008.0.x86_64.rpm
 a41d07d80c38b30ee5357b25f7b828ab  2008.0/x86_64/cups-common-1.3.6-1.3mdv2008.0.x86_64.rpm
 34d6d4eb79b1ee5a9235843398301646  2008.0/x86_64/cups-serial-1.3.6-1.3mdv2008.0.x86_64.rpm
 3157dcaafb55463d8ad149d99e4d0c55  2008.0/x86_64/lib64cups2-1.3.6-1.3mdv2008.0.x86_64.rpm
 78b5f7fcedbbbef9c2318977b5f50264  2008.0/x86_64/lib64cups2-devel-1.3.6-1.3mdv2008.0.x86_64.rpm
 082094f0923f72890f6dbb47eb9072b4  2008.0/x86_64/php-cups-1.3.6-1.3mdv2008.0.x86_64.rpm 
 68ac87937182de901cece9b93ba700fa  2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 c22f4c131005e05768b0c45e931015c7  2008.1/i586/cups-1.3.6-5.2mdv2008.1.i586.rpm
 8f1ad7b01f0d48aa920cb2378f5fce0a  2008.1/i586/cups-common-1.3.6-5.2mdv2008.1.i586.rpm
 763dfee5def4727b34769298beb5c9fe  2008.1/i586/cups-serial-1.3.6-5.2mdv2008.1.i586.rpm
 dadd48446b97869372535fb2ef02a471  2008.1/i586/libcups2-1.3.6-5.2mdv2008.1.i586.rpm
 cf48ae8c17120d7d83b638f432620797  2008.1/i586/libcups2-devel-1.3.6-5.2mdv2008.1.i586.rpm
 33d7dcb6b32e58bc38e847f827447b54  2008.1/i586/php-cups-1.3.6-5.2mdv2008.1.i586.rpm 
 25997a30a1fbc24e4a1a5017d15ac526  2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 3804ff0deea819d375cdee86b1d98bf4  2008.1/x86_64/cups-1.3.6-5.2mdv2008.1.x86_64.rpm
 9f8550ffbb7778636b18c33c6854e163  2008.1/x86_64/cups-common-1.3.6-5.2mdv2008.1.x86_64.rpm
 077652b9f481f72873b6e94a0f54fe17  2008.1/x86_64/cups-serial-1.3.6-5.2mdv2008.1.x86_64.rpm
 569bcdcf971b564d3ad3cec8b6281fec  2008.1/x86_64/lib64cups2-1.3.6-5.2mdv2008.1.x86_64.rpm
 05ce67f5f2bf9f27b69963bbc0ba3f6e  2008.1/x86_64/lib64cups2-devel-1.3.6-5.2mdv2008.1.x86_64.rpm
 8a48fbfa84679702c496744f394ac4f6  2008.1/x86_64/php-cups-1.3.6-5.2mdv2008.1.x86_64.rpm 
 25997a30a1fbc24e4a1a5017d15ac526  2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 3480a3533f163c8559254c7dc7dccca4  2009.0/i586/cups-1.3.9-0.1mdv2009.0.i586.rpm
 2eda3ae527a0d6477bf2f52f57f37297  2009.0/i586/cups-common-1.3.9-0.1mdv2009.0.i586.rpm
 1b0849a0dcd6cc52debfdc23ca347e60  2009.0/i586/cups-serial-1.3.9-0.1mdv2009.0.i586.rpm
 9ef6a24d1e8155bea9e7e148252dc4e7  2009.0/i586/libcups2-1.3.9-0.1mdv2009.0.i586.rpm
 2a8be000df9a71f506a039e58faaf1b4  2009.0/i586/libcups2-devel-1.3.9-0.1mdv2009.0.i586.rpm
 7f04461fd982b387144f73612b3cbd86  2009.0/i586/php-cups-1.3.9-0.1mdv2009.0.i586.rpm 
 1c16860c6f7af958cb6744dd60ffd63e  2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 926221e97b7c4c52562468b26066f049  2009.0/x86_64/cups-1.3.9-0.1mdv2009.0.x86_64.rpm
 96abb10e235084a80cd17c79cc31a360  2009.0/x86_64/cups-common-1.3.9-0.1mdv2009.0.x86_64.rpm
 cb817300fa6d8c9b40a0f8a01572d691  2009.0/x86_64/cups-serial-1.3.9-0.1mdv2009.0.x86_64.rpm
 d56cea0645b26b668f9b8a66f2dc090f  2009.0/x86_64/lib64cups2-1.3.9-0.1mdv2009.0.x86_64.rpm
 f4a04369ad8d202d87ea49a3da4ab67c  2009.0/x86_64/lib64cups2-devel-1.3.9-0.1mdv2009.0.x86_64.rpm
 85124180f179ae504ad2f27ef814683d  2009.0/x86_64/php-cups-1.3.9-0.1mdv2009.0.x86_64.rpm 
 1c16860c6f7af958cb6744dd60ffd63e  2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm

 Corporate 3.0:
 d235e680a70a94ce2c32a556a1fea6d5  corporate/3.0/i586/cups-1.1.20-5.19.C30mdk.i586.rpm
 eccffd52489f0aca14a11b6b88a5c59f  corporate/3.0/i586/cups-common-1.1.20-5.19.C30mdk.i586.rpm
 743aad40e707a1c6ec8de19e6ba19668  corporate/3.0/i586/cups-serial-1.1.20-5.19.C30mdk.i586.rpm
 931bd82e26396ef7109369893e8fb740  corporate/3.0/i586/libcups2-1.1.20-5.19.C30mdk.i586.rpm
 007b156ceb1f78c107a05bba499f544d  corporate/3.0/i586/libcups2-devel-1.1.20-5.19.C30mdk.i586.rpm 
 685d93ef91df7b10faefae3d9c8a2e20  corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c57219da87ef50832e74efbfd3471f64  corporate/3.0/x86_64/cups-1.1.20-5.19.C30mdk.x86_64.rpm
 6f9772a800e70f1e3766d76de8dcf6e3  corporate/3.0/x86_64/cups-common-1.1.20-5.19.C30mdk.x86_64.rpm
 e1221063527caed05a6e94f9cebed9ab  corporate/3.0/x86_64/cups-serial-1.1.20-5.19.C30mdk.x86_64.rpm
 a0b15b24cfc995a7a769c1e87d53a696  corporate/3.0/x86_64/lib64cups2-1.1.20-5.19.C30mdk.x86_64.rpm
 aaabff95ac9a30ff1d9ce224612bcb50  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.19.C30mdk.x86_64.rpm 
 685d93ef91df7b10faefae3d9c8a2e20  corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm

 Corporate 4.0:
 56f3e394ac8e4b4e7d423c7989d2e6af  corporate/4.0/i586/cups-1.2.4-0.10.20060mlcs4.i586.rpm
 dcb4425723e63a2d094305cde05890f3  corporate/4.0/i586/cups-common-1.2.4-0.10.20060mlcs4.i586.rpm
 348427ebb4f1f1f530c3c129850de957  corporate/4.0/i586/cups-serial-1.2.4-0.10.20060mlcs4.i586.rpm
 d0a8052949416c5ba260b48596cbf415  corporate/4.0/i586/libcups2-1.2.4-0.10.20060mlcs4.i586.rpm
 ab7637abe249e4369cf39d37113ba37f  corporate/4.0/i586/libcups2-devel-1.2.4-0.10.20060mlcs4.i586.rpm
 86af12b21de1212e72286e9b2db23caa  corporate/4.0/i586/php-cups-1.2.4-0.10.20060mlcs4.i586.rpm 
 5a7d0a19238e8b654821bb87355f9f27  corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 59784628a2385248e8d71c1476773071  corporate/4.0/x86_64/cups-1.2.4-0.10.20060mlcs4.x86_64.rpm
 a7933ad29b9a77973fcf7feb02c381b9  corporate/4.0/x86_64/cups-common-1.2.4-0.10.20060mlcs4.x86_64.rpm
 26da08a5da63053f418e47792cf26280  corporate/4.0/x86_64/cups-serial-1.2.4-0.10.20060mlcs4.x86_64.rpm
 0614662f2661171ade097e562a94c635  corporate/4.0/x86_64/lib64cups2-1.2.4-0.10.20060mlcs4.x86_64.rpm
 a899db16ce3db8ec71aaef67a6650616  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.10.20060mlcs4.x86_64.rpm
 9e3dc91c4390d7ba60ca26dcc095b8d8  corporate/4.0/x86_64/php-cups-1.2.4-0.10.20060mlcs4.x86_64.rpm 
 5a7d0a19238e8b654821bb87355f9f27  corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI8DeJmqjQ0CJFipgRAmbxAKCxSRvJTtancZ/puQkgifGbRQnZIQCg6Bum
EnuxPIlaIiQWBIjMSk4WWoo=
=aMXC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ