lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NHoWf-0000h2-0r@titan.mandriva.com>
Date: Tue, 08 Dec 2009 02:06:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:282-1 ] cups


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:282-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : December 7, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in the JBIG2 decoder in
 Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
 other products allow remote attackers to cause a denial
 of service (crash) via a crafted PDF file, related to (1)
 JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
 and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
 
 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
 earlier allows remote attackers to cause a denial of service (daemon
 crash) and possibly execute arbitrary code via a crafted TIFF image,
 which is not properly handled by the (1) _cupsImageReadTIFF function
 in the imagetops filter and (2) imagetoraster filter, leading to a
 heap-based buffer overflow. (CVE-2009-0163)
 
 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
 as used in Poppler and other products, when running on Mac OS X,
 has unspecified impact, related to g*allocn. (CVE-2009-0165)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 and other products allows remote attackers to cause a denial of service
 (crash) via a crafted PDF file that triggers a free of uninitialized
 memory. (CVE-2009-0166)
 
 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
 and probably other products, allows remote attackers to execute
 arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
 segments (CVE-2009-0195).
 
 Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted
 PDF file that triggers a heap-based buffer overflow, possibly
 related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
 (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
 the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 an out-of-bounds read. (CVE-2009-0799)
 
 Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-0800)
 
 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
 does not properly initialize memory for IPP request packets, which
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and daemon crash) via a scheduler request with two
 consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)
 
 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
 CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
 allows remote attackers to execute arbitrary code via a crafted PDF
 file. (CVE-2009-1179)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 execute arbitrary code via a crafted PDF file that triggers a free
 of invalid data. (CVE-2009-1180)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 a NULL pointer dereference. (CVE-2009-1181)
 
 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-1182)
 
 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
 earlier, Poppler before 0.10.6, and other products allows remote
 attackers to cause a denial of service (infinite loop and hang)
 via a crafted PDF file. (CVE-2009-1183)
 
 Two integer overflow flaws were found in the CUPS pdftops filter. An
 attacker could create a malicious PDF file that would cause pdftops
 to crash or, potentially, execute arbitrary code as the lp user if
 the file was printed. (CVE-2009-3608, CVE-2009-3609)
 
 This update corrects the problems.

 Update:

 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6b17f59f63c062c017c78d459dd2d89a  2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm
 9bc5298d9895c356227fdda3a0ddb2c0  2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm
 e3583883df8532fc8c496866dac713f8  2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm
 fac1fcb839ad53322a447d4d39f769e3  2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm
 3d65afc590fb8520d68b2a3e8e1da696  2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm
 9e09ed22a2522ee45e93e0edc146193f  2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm
 7427b1f56387e84db5a15aad85b424d2  2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm
 67937a584d365d6b00ef688c88e8d7c5  2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm
 410dc85c2c7b71ab316be5607c556682  2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm
 64d6e14be8d93c7651ce5dc3e2ebc5bf  2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm
 cc9af7e314b6eaa6a8f946fa2c27f298  2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm
 0c6d3a6b5211e8506a89144b8c3a3cfb  2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm
 c985516638ed4d8f792daa13bd506023  2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm
 8d05619dcef538092696ce70998abd20  2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm
 0bae2a3525b796882d2cc87853945e5a  2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm 
 f3b53f5fafa8af4d754a5985e5f93830  2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
 11b021f4e5d21d199728b9a0a37a8230  2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 8249475feb3bdc74ea7060944baed6aa  2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm
 83951504acb783cfdb8ec4fe48d31e1e  2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm
 fa8a91e8e3bc8f11c19ab460d1f690fe  2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm
 e061fdbeded2d97bb3ca6b34d33cb384  2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm
 893235ea8cf23295ae961ea2de0b9903  2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm
 9844640563afdef4a870e2ed12e58136  2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm
 06ea824a6a2cd9360a9e75a14718192a  2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm
 bb0eb04fa906a352e6738d08f116f89b  2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm
 43d6a85dfdad7e969655ee4e2a377370  2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm
 eef29dde4b9e80d4c360e953cbe9110b  2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm
 c74dc9f245091f451441d8b88f0beed3  2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm
 60345458274afc6ff480317fc408ec52  2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm
 0a880b9c0d655c10f5757882e30911f1  2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm
 eb6fde793ac0d7ea86df42aa22637807  2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm
 7f475f07368ed9158008f2891dce2cd6  2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm 
 f3b53f5fafa8af4d754a5985e5f93830  2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
 11b021f4e5d21d199728b9a0a37a8230  2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHXsgmqjQ0CJFipgRAu1fAKCINX1H5StX89GjMDWzGrEM1UiHeACeMLSY
a3mQtrfvoibfn29OFAfdSn0=
=lTbL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ