Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 30 Dec 2004 04:09:59 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cups
 Advisory ID:            MDKSA-2004:164
 Date:                   December 29th, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 iDefense reported a buffer overflow vulnerability, which affects 
 versions of xpdf <= xpdf-3.0 and several programs, like cups, 
 which use embedded xpdf code. An attacker could construct a malicious 
 payload file which could enable arbitrary code execution on the target 
 system.
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 b67d5934f8bd177099ebf8e1b6540ae3  10.0/RPMS/cups-1.1.20-5.4.100mdk.i586.rpm
 f4b17f9ba9cf26a25cdaafa9726daa0f  10.0/RPMS/cups-common-1.1.20-5.4.100mdk.i586.rpm
 99ad562f47750a34e1a0f0cc99eae4e5  10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.i586.rpm
 cef2d19f980919ef1e9a2b8af3b4cead  10.0/RPMS/libcups2-1.1.20-5.4.100mdk.i586.rpm
 29fdd34d49359c8b389aba91dde1b422  10.0/RPMS/libcups2-devel-1.1.20-5.4.100mdk.i586.rpm
 c4e5d026db917225f268762c8c9369a7  10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f2cb9fa8e8920286146f1ff050cf15bb  amd64/10.0/RPMS/cups-1.1.20-5.4.100mdk.amd64.rpm
 20e5ab702ab16b5b08eec1dbce974140  amd64/10.0/RPMS/cups-common-1.1.20-5.4.100mdk.amd64.rpm
 d93ee753b292aa9b3805d3ff4593abd5  amd64/10.0/RPMS/cups-serial-1.1.20-5.4.100mdk.amd64.rpm
 d27eed817250622d43685e17a56b4d9c  amd64/10.0/RPMS/lib64cups2-1.1.20-5.4.100mdk.amd64.rpm
 c2d560945ec3da09a626ff00721f0d08  amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.4.100mdk.amd64.rpm
 c4e5d026db917225f268762c8c9369a7  amd64/10.0/SRPMS/cups-1.1.20-5.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 1fbddd234794b114962d24f83f6b26c0  10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.i586.rpm
 4dd08ed3f27234979966236d33d76477  10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.i586.rpm
 94b97f6c8c00fd012af6bd879985e9a6  10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.i586.rpm
 08e6da39f555e62348139051f18b2af3  10.1/RPMS/libcups2-1.1.21-0.rc1.7.2.101mdk.i586.rpm
 c57382ac31a060d385b66794f4ff8050  10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.2.101mdk.i586.rpm
 fbaac3fb9814e4f267ee540234c10b87  10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 02ccc7c75c3ccf94b6e3ad8a8f0dc728  x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
 00eab10124a6828418d610797de1e5e6  x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
 7d435407629f3e9498aaec4fcbf3a8ed  x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
 65d3ef99d93326b35767ac5db613158c  x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
 740e302fd7e121aa94ee35453859dead  x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.2.101mdk.x86_64.rpm
 fbaac3fb9814e4f267ee540234c10b87  x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.2.101mdk.src.rpm

 Corporate Server 2.1:
 d076c80f75d8ffcc9482cedf9d7bba09  corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.i586.rpm
 0a6a8091417391e595ef9959bca25b3c  corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.i586.rpm
 9685d21a06acaf51f4d02978bdf5d01b  corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.i586.rpm
 536209e55abf0107247b8fe8bcbda66c  corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.i586.rpm
 345a920fe9f393a30ac77c40e61dea38  corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.i586.rpm
 4046c29307f4afade503d5d6aff22fde  corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 cf56b0736fe0f35469bad4856379b5ec  x86_64/corporate/2.1/RPMS/cups-1.1.18-2.6.C21mdk.x86_64.rpm
 0b1661b006baf8d20e106f63e420adde  x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.6.C21mdk.x86_64.rpm
 d5ce269bc10cd9135bbfabffd4ea02f5  x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.6.C21mdk.x86_64.rpm
 60b2c68c31e04397eaca15b5ea728c6f  x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.6.C21mdk.x86_64.rpm
 36dcd647bcc3ba5f33cf2dd9b3575b48  x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.6.C21mdk.x86_64.rpm
 4046c29307f4afade503d5d6aff22fde  x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.6.C21mdk.src.rpm

 Mandrakelinux 9.2:
 69985b160e53ed0347dd82f2972203d6  9.2/RPMS/cups-1.1.19-10.4.92mdk.i586.rpm
 babb7de6513995617a4f8001e18c2242  9.2/RPMS/cups-common-1.1.19-10.4.92mdk.i586.rpm
 394d55ca555dafc97f06a7c7ff9d2db3  9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.i586.rpm
 a52b336ab465412cae594191e90ab5e5  9.2/RPMS/libcups2-1.1.19-10.4.92mdk.i586.rpm
 6bc6c365596ec6e091cadf64101ffbe2  9.2/RPMS/libcups2-devel-1.1.19-10.4.92mdk.i586.rpm
 2ae6f83a4d7816662d426ccde81dfdbe  9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 af7c42d1eaafd736d7eb568ab8bc0e56  amd64/9.2/RPMS/cups-1.1.19-10.4.92mdk.amd64.rpm
 8baf2bba293b959a061d02563dc51d2d  amd64/9.2/RPMS/cups-common-1.1.19-10.4.92mdk.amd64.rpm
 09117deea33a1d5c89e0d9302eb1b6d2  amd64/9.2/RPMS/cups-serial-1.1.19-10.4.92mdk.amd64.rpm
 7c3ad6a81022d25ad42e95d7dd373e15  amd64/9.2/RPMS/lib64cups2-1.1.19-10.4.92mdk.amd64.rpm
 39eceead4c480afa4f71e791313dbcb7  amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.4.92mdk.amd64.rpm
 2ae6f83a4d7816662d426ccde81dfdbe  amd64/9.2/SRPMS/cups-1.1.19-10.4.92mdk.src.rpm

 Multi Network Firewall 8.2:
 f9795b9106fc6f6193195a20b517f14e  mnf8.2/RPMS/libcups1-1.1.18-2.4.M82mdk.i586.rpm
 49a95e429e7df165a8911191ab085354  mnf8.2/SRPMS/cups-1.1.18-2.4.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB03+XmqjQ0CJFipgRAqT+AJ0XSRrCHhoPmDwofiZ9Vs8fkjf70ACgjVQ/
/BLgR1EzSDwyBim6CRgQH8U=
=S1lD
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability Mandrake Linux Security Team (Dec 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]