Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 22 Oct 2004 03:03:09 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cups
 Advisory ID:            MDKSA-2004:116
 Date:                   October 21st, 2004

 Affected versions:      10.0, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package, 
 which also effect software using embedded xpdf code:
 
 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like cups which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution.
 (CAN-2004-0888)
 
 Also, when CUPS debugging is enabled, device URIs containing username 
 and password end up in error_log.  This information is also visible via 
 "ps". (CAN-2004-0923) 
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923
  http://www.cups.org/str.php?L920
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 404f47bf2e48e0fe5e6351fb0a51e482  10.0/RPMS/cups-1.1.20-5.3.100mdk.i586.rpm
 7b4b06f845f94a076c7a5e86ac1ebd0f  10.0/RPMS/cups-common-1.1.20-5.3.100mdk.i586.rpm
 86c01887240c7dc25eaa0584f6f286e0  10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.i586.rpm
 0817ea1f56f41c96361723bd010f08dd  10.0/RPMS/libcups2-1.1.20-5.3.100mdk.i586.rpm
 604d96d4fc8d5590310b0dfdaf95c9da  10.0/RPMS/libcups2-devel-1.1.20-5.3.100mdk.i586.rpm
 f56a2a9b631ff34c6a2e1a8eb01f3690  10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e8e41e0ad06ea13c49aa4097778ef251  amd64/10.0/RPMS/cups-1.1.20-5.3.100mdk.amd64.rpm
 2c76ce0c7f6985fd6cedd2b0f6ba0f67  amd64/10.0/RPMS/cups-common-1.1.20-5.3.100mdk.amd64.rpm
 0f993cd224e36539c1c9938877850385  amd64/10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.amd64.rpm
 ff9d25d91c01c44760aac8d1f7f36f79  amd64/10.0/RPMS/lib64cups2-1.1.20-5.3.100mdk.amd64.rpm
 e72d698c6ac954e51aa05f746bbe9365  amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.3.100mdk.amd64.rpm
 f56a2a9b631ff34c6a2e1a8eb01f3690  amd64/10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

 Corporate Server 2.1:
 93ff5afeb1743f9e72ab3307b392b534  corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.i586.rpm
 b29b8d51b7c0dcca6dc45143d7903cb3  corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.i586.rpm
 5e3c5468ea0ab2fae1aec809daa894de  corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.i586.rpm
 8faf77a298ac1421bcf6c95c618303ab  corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.i586.rpm
 c7ac9f8314bccd7bc4b1104af279e0f1  corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.i586.rpm
 39b6eb02f3df6a8ac7b6ec1d9a0642a4  corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 067a8b88cf8c1377c9c6412136fc7d6b  x86_64/corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.x86_64.rpm
 51a15362e5f756aff3211ad343588487  x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.x86_64.rpm
 525f0dc8a7ef4db2ffcbe9b7d2a7d677  x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.x86_64.rpm
 72375896902c44ee2d5d3b3297ff8909  x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.x86_64.rpm
 58dd73863448021e52fbd9bf2536e4c1  x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.x86_64.rpm
 39b6eb02f3df6a8ac7b6ec1d9a0642a4  x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

 Mandrakelinux 9.2:
 73897a45c5474c390adc09c32c52073e  9.2/RPMS/cups-1.1.19-10.3.92mdk.i586.rpm
 35ab026be5795ef537d996dd50b3ec59  9.2/RPMS/cups-common-1.1.19-10.3.92mdk.i586.rpm
 34bd630f0656b7eefa331001ebe46d07  9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.i586.rpm
 dd362e1edc0774593cbb564d2fcedffb  9.2/RPMS/libcups2-1.1.19-10.3.92mdk.i586.rpm
 04119307b9e5e37f36f502f3e299880c  9.2/RPMS/libcups2-devel-1.1.19-10.3.92mdk.i586.rpm
 264f7c4310ff0c0bf1166374d49f5ea3  9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 a5a6317fc35c0c7ec51da2074ea59cdb  amd64/9.2/RPMS/cups-1.1.19-10.3.92mdk.amd64.rpm
 2de8b565958236a4cf299967187aaad1  amd64/9.2/RPMS/cups-common-1.1.19-10.3.92mdk.amd64.rpm
 944995579621ce5a986459a47924370c  amd64/9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.amd64.rpm
 82c5aed6ab6c81a8fab48b0bd2997eb7  amd64/9.2/RPMS/lib64cups2-1.1.19-10.3.92mdk.amd64.rpm
 0b99ed51e2b24aac0747334044a5730e  amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.3.92mdk.amd64.rpm
 264f7c4310ff0c0bf1166374d49f5ea3  amd64/9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 8bfd1913756558cac4e58e7e22f2d67f  mnf8.2/RPMS/libcups1-1.1.18-2.3.M82mdk.i586.rpm
 a47dcb23ef45908945eff6977b4387e2  mnf8.2/SRPMS/cups-1.1.18-2.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBeHhtmqjQ0CJFipgRApe4AJ49l+Mk3uhuHR/dc9bADAIOOpht2gCg5U26
xs17BzSOHPyi+u4v7h5ciq8=
=kGLV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities Mandrake Linux Security Team (Oct 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault