From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: bugtraq@securityfocus.com
Subject: MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability
Message-Id: <E1Ctf31-0007SD-BS@updates.mandrakesoft.com.>
Date: Tue, 25 Jan 2005 21:44:55 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2005:018
Date: January 25th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user
viewing a PDF file. The vulnerability exists due to insufficient bounds
checking while processing a PDF file that provides malicious values in
the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the
same vulnerability.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
379232c587543df84bed0b06a1b4a544 10.0/RPMS/cups-1.1.20-5.6.100mdk.i586.rpm
9c603dd7eb08e5a5f80f2a3aff85c9a5 10.0/RPMS/cups-common-1.1.20-5.6.100mdk.i586.rpm
f998f6e5f406cc6ae2c740886dd1863d 10.0/RPMS/cups-serial-1.1.20-5.6.100mdk.i586.rpm
6d1d399ec3f3d416569ba9cda9e2382b 10.0/RPMS/libcups2-1.1.20-5.6.100mdk.i586.rpm
c3c84379002347e69b41b8796f2145f2 10.0/RPMS/libcups2-devel-1.1.20-5.6.100mdk.i586.rpm
7f6775df4063e8def8ea89e1463f7880 10.0/SRPMS/cups-1.1.20-5.6.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
440f9f99bc8c14e1155247f0ffb4e371 amd64/10.0/RPMS/cups-1.1.20-5.6.100mdk.amd64.rpm
9600924bc1877079fe9a1a2c1efe1b8d amd64/10.0/RPMS/cups-common-1.1.20-5.6.100mdk.amd64.rpm
08da5c993bfa65d0ecffb33f97323fb6 amd64/10.0/RPMS/cups-serial-1.1.20-5.6.100mdk.amd64.rpm
d128d93e19aad698576ba74357c61249 amd64/10.0/RPMS/lib64cups2-1.1.20-5.6.100mdk.amd64.rpm
537aacfb916e98b56a01ea690a7f38b7 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.6.100mdk.amd64.rpm
7f6775df4063e8def8ea89e1463f7880 amd64/10.0/SRPMS/cups-1.1.20-5.6.100mdk.src.rpm
Mandrakelinux 10.1:
c571a912d5ab00c3ab06bca8c36cdf5a 10.1/RPMS/cups-1.1.21-0.rc1.7.4.101mdk.i586.rpm
6a9d5fa3966f0f443328457eb960477e 10.1/RPMS/cups-common-1.1.21-0.rc1.7.4.101mdk.i586.rpm
3ceefe3537ad2c211e45d580f2e90795 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.4.101mdk.i586.rpm
51662e88bd9fdadfc18bfa88d3ca4511 10.1/RPMS/libcups2-1.1.21-0.rc1.7.4.101mdk.i586.rpm
f5ab7e3002e41b1d54975df2bbdc9592 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.4.101mdk.i586.rpm
17445e2b920e8a912be47f3935e5f095 10.1/SRPMS/cups-1.1.21-0.rc1.7.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
12f13a1e2cf6d610de3cb4133a25e7a7 x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
cf2a20b744f80c1701dfc63659729c04 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
e6ec0c5b6cc7eef042c91f697cb82e46 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
572e2a932e6c6154d1f2e2dcb908c679 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
c24f5dc070481662f9a7005b37f61fd4 x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
17445e2b920e8a912be47f3935e5f095 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.4.101mdk.src.rpm
Corporate Server 2.1:
162a5512b876caf7b74f5de35b91ff54 corporate/2.1/RPMS/cups-1.1.18-2.8.C21mdk.i586.rpm
132911f013b0319957f9b10955af7f63 corporate/2.1/RPMS/cups-common-1.1.18-2.8.C21mdk.i586.rpm
f31f529cdd22e863426e3ae4eb842bb6 corporate/2.1/RPMS/cups-serial-1.1.18-2.8.C21mdk.i586.rpm
f433cc5ba9e84d7f079bb31d4fd34e9e corporate/2.1/RPMS/libcups1-1.1.18-2.8.C21mdk.i586.rpm
e1e4e4c6a3007ff868e32a1001e9765d corporate/2.1/RPMS/libcups1-devel-1.1.18-2.8.C21mdk.i586.rpm
c944a0c30ff89ef18d382e7a3d0a70d1 corporate/2.1/SRPMS/cups-1.1.18-2.8.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ef0e81ff6ac37918d2f8a354a772bf88 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.8.C21mdk.x86_64.rpm
1d939abecc9d566ae118d800bae5a123 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.8.C21mdk.x86_64.rpm
24c1656d01b527c8e17cc03fc9700b62 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.8.C21mdk.x86_64.rpm
a2fa8c5e2efd2a955447bda6a1bce11b x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.8.C21mdk.x86_64.rpm
98e04e33a3446ea8a8e5cd0be0aaa6b8 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.8.C21mdk.x86_64.rpm
c944a0c30ff89ef18d382e7a3d0a70d1 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.8.C21mdk.src.rpm
Corporate Server 3.0:
74c49860c8ff85cce34862c6e21eb903 corporate/3.0/RPMS/cups-1.1.20-5.6.C30mdk.i586.rpm
6b350b1e9e52e8bbfec81c36aaf065a1 corporate/3.0/RPMS/cups-common-1.1.20-5.6.C30mdk.i586.rpm
30f4ac447f36cb119a6756ca2013c951 corporate/3.0/RPMS/cups-serial-1.1.20-5.6.C30mdk.i586.rpm
718182b8dc9b53839bbc5b1b36293d57 corporate/3.0/RPMS/libcups2-1.1.20-5.6.C30mdk.i586.rpm
3683688596297bdaa4178307fd8db128 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.6.C30mdk.i586.rpm
d00bea70d267fe48ea33af6c19942b21 corporate/3.0/SRPMS/cups-1.1.20-5.6.C30mdk.src.rpm
Mandrakelinux 9.2:
3c29059ab729243b945dea6f8bbf03ca 9.2/RPMS/cups-1.1.19-10.6.92mdk.i586.rpm
d8082f721bf90fbdfa5024ca078c8ac1 9.2/RPMS/cups-common-1.1.19-10.6.92mdk.i586.rpm
4465bc3ec5474678300c47248e51385c 9.2/RPMS/cups-serial-1.1.19-10.6.92mdk.i586.rpm
4ba9bbe5ca67248bef02befff75951f4 9.2/RPMS/libcups2-1.1.19-10.6.92mdk.i586.rpm
1abbf2cf8c5cd14dd80b6004bdeb4525 9.2/RPMS/libcups2-devel-1.1.19-10.6.92mdk.i586.rpm
b7f7a802fb70f4e4c07f904feb3b645a 9.2/SRPMS/cups-1.1.19-10.6.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
1103866f68f4460ab504990315f7979a amd64/9.2/RPMS/cups-1.1.19-10.6.92mdk.amd64.rpm
ea567af43ac8d9b3393e9dfe89fc4417 amd64/9.2/RPMS/cups-common-1.1.19-10.6.92mdk.amd64.rpm
b6233f53c363a5824f28029763b6f2b9 amd64/9.2/RPMS/cups-serial-1.1.19-10.6.92mdk.amd64.rpm
cfe9d1a90f713e5de59dca46728284a5 amd64/9.2/RPMS/lib64cups2-1.1.19-10.6.92mdk.amd64.rpm
133935512ad4bc0b59dfa06ea15b22c7 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.6.92mdk.amd64.rpm
b7f7a802fb70f4e4c07f904feb3b645a amd64/9.2/SRPMS/cups-1.1.19-10.6.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB9yBHmqjQ0CJFipgRAuH7AJ9O+bn8yGMij4ZxM/bUQgpUR6wW/ACeNNx9
1Ft0o9Ce08dIy9D0kVHIgjI=
=3qin
-----END PGP SIGNATURE-----
