Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2007:204 ] - Updated cups packages fix vulnerability
From: security () mandriva com
Date: Thu, 01 Nov 2007 14:36:52 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:204
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : November 1, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS
 that can be exploited by malicious individuals to execute arbitrary
 code.  This flaw is due to a boundary error when processing IPP
 (Internet Printing Protocol) tags.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e23b399fd831bdd8c603c9e3b4c48ffc  2007.0/i586/cups-1.2.4-1.4mdv2007.0.i586.rpm
 7c4e0384b1a191627b7f8e9a4ae9d4a6  2007.0/i586/cups-common-1.2.4-1.4mdv2007.0.i586.rpm
 ce4b32b8af4fd0977deaafc74441c014  2007.0/i586/cups-serial-1.2.4-1.4mdv2007.0.i586.rpm
 d06368c9caa68f936a5e6dda6e7fb5c6  2007.0/i586/libcups2-1.2.4-1.4mdv2007.0.i586.rpm
 a244f21ce09342e9c315a344cf596d85  2007.0/i586/libcups2-devel-1.2.4-1.4mdv2007.0.i586.rpm
 dc41bf3eb0d83fd03fcc34f289f8eb6c  2007.0/i586/php-cups-1.2.4-1.4mdv2007.0.i586.rpm 
 3b2e000cc3b936c3a8b7094f31a09397  2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a6628ec9ac0cbe200e088eda57a9c5bc  2007.0/x86_64/cups-1.2.4-1.4mdv2007.0.x86_64.rpm
 2e58f927d087a003e00812d825ee22f5  2007.0/x86_64/cups-common-1.2.4-1.4mdv2007.0.x86_64.rpm
 af7e07631f23b72dd253b1c577fd80ba  2007.0/x86_64/cups-serial-1.2.4-1.4mdv2007.0.x86_64.rpm
 297711478022026dedc25fb7aafaf780  2007.0/x86_64/lib64cups2-1.2.4-1.4mdv2007.0.x86_64.rpm
 c7d7c450464a5b4ce987b873374d7672  2007.0/x86_64/lib64cups2-devel-1.2.4-1.4mdv2007.0.x86_64.rpm
 2f9d2f0042ec013c8f7a1bb6ee400165  2007.0/x86_64/php-cups-1.2.4-1.4mdv2007.0.x86_64.rpm 
 3b2e000cc3b936c3a8b7094f31a09397  2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b62822552fe48abaeced97000b1645a5  2007.1/i586/cups-1.2.10-2.2mdv2007.1.i586.rpm
 4786bd22d5d34e824e06e28a3d1c2c39  2007.1/i586/cups-common-1.2.10-2.2mdv2007.1.i586.rpm
 f97ec418e42340268ffd3f525b0bedbe  2007.1/i586/cups-serial-1.2.10-2.2mdv2007.1.i586.rpm
 c70082109a3447dc47b873062d0d5a7d  2007.1/i586/libcups2-1.2.10-2.2mdv2007.1.i586.rpm
 5ccaf6cc0d42c4d3c6c39fc7a5d1aa47  2007.1/i586/libcups2-devel-1.2.10-2.2mdv2007.1.i586.rpm
 ea9bfd729bfeb62ec3abade783056406  2007.1/i586/php-cups-1.2.10-2.2mdv2007.1.i586.rpm 
 939f5648ef070af9f2280b0dc127e2fd  2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 76efedcbae8bb5d6bba0b53831b0c2a0  2007.1/x86_64/cups-1.2.10-2.2mdv2007.1.x86_64.rpm
 a6391bf0397645a1d7c624b65dc4b5e6  2007.1/x86_64/cups-common-1.2.10-2.2mdv2007.1.x86_64.rpm
 26fbf6292b5c24aa357485d6739a030b  2007.1/x86_64/cups-serial-1.2.10-2.2mdv2007.1.x86_64.rpm
 055ae27cc25345cfe93f672b3f3d3dea  2007.1/x86_64/lib64cups2-1.2.10-2.2mdv2007.1.x86_64.rpm
 8c46ae6621d662416c6fd48eb900c3fa  2007.1/x86_64/lib64cups2-devel-1.2.10-2.2mdv2007.1.x86_64.rpm
 5bf659a25b401d796a8107e61f71d824  2007.1/x86_64/php-cups-1.2.10-2.2mdv2007.1.x86_64.rpm 
 939f5648ef070af9f2280b0dc127e2fd  2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 a2953f5265fb935eb21b2395bd5e48a5  2008.0/i586/cups-1.3.0-3.1mdv2008.0.i586.rpm
 8d2ee10edb681cffab4bf1b63d327857  2008.0/i586/cups-common-1.3.0-3.1mdv2008.0.i586.rpm
 f2487ba24e5f4281892a8295377b9bd7  2008.0/i586/cups-serial-1.3.0-3.1mdv2008.0.i586.rpm
 3de803df9e94fb17280953ab8e3e43cc  2008.0/i586/libcups2-1.3.0-3.1mdv2008.0.i586.rpm
 27ac1ea66b531ebec1b5c8cfc16e782a  2008.0/i586/libcups2-devel-1.3.0-3.1mdv2008.0.i586.rpm
 f1ea38b7d9d6e840fc94b9b6abe1e302  2008.0/i586/php-cups-1.3.0-3.1mdv2008.0.i586.rpm 
 6fc544ca63eecd0baaae2235d46c31b4  2008.0/SRPMS/cups-1.3.0-3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e50c2e551dddb674dddd69ac6eb92c8a  2008.0/x86_64/cups-1.3.0-3.1mdv2008.0.x86_64.rpm
 45a3a9b26a88c9a218390535bbc07a5c  2008.0/x86_64/cups-common-1.3.0-3.1mdv2008.0.x86_64.rpm
 ef765e8642ed2a2bfb3ff2d48f6ccff6  2008.0/x86_64/cups-serial-1.3.0-3.1mdv2008.0.x86_64.rpm
 de91abd87fba62eccf56f6297afde42b  2008.0/x86_64/lib64cups2-1.3.0-3.1mdv2008.0.x86_64.rpm
 b6668430e0d7de9409a4944183017c77  2008.0/x86_64/lib64cups2-devel-1.3.0-3.1mdv2008.0.x86_64.rpm
 5b2387f00099aa746837651648e1ad86  2008.0/x86_64/php-cups-1.3.0-3.1mdv2008.0.x86_64.rpm 
 6fc544ca63eecd0baaae2235d46c31b4  2008.0/SRPMS/cups-1.3.0-3.1mdv2008.0.src.rpm

 Corporate 3.0:
 15d47f4a424509184dd470da0367e4d7  corporate/3.0/i586/cups-1.1.20-5.13.C30mdk.i586.rpm
 919fcbbbaf3d98be034b99c8557ca077  corporate/3.0/i586/cups-common-1.1.20-5.13.C30mdk.i586.rpm
 4afd975f1d917bdc4295efeff6da7b59  corporate/3.0/i586/cups-serial-1.1.20-5.13.C30mdk.i586.rpm
 73cc314ecb9ad5667521b0c25c4bde6b  corporate/3.0/i586/libcups2-1.1.20-5.13.C30mdk.i586.rpm
 f735244992f18a5edcf6911b7a755072  corporate/3.0/i586/libcups2-devel-1.1.20-5.13.C30mdk.i586.rpm 
 6e7caebc791076f1b7be6e01feb32843  corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8ac0fa6a86ad44b1542ed2a6917058f0  corporate/3.0/x86_64/cups-1.1.20-5.13.C30mdk.x86_64.rpm
 592aa5849264c2e83973b9e0025e6686  corporate/3.0/x86_64/cups-common-1.1.20-5.13.C30mdk.x86_64.rpm
 d57eb8c52fd2caacebacf5374915fa3d  corporate/3.0/x86_64/cups-serial-1.1.20-5.13.C30mdk.x86_64.rpm
 f96e95f4c460456c4e7fc939245e2c92  corporate/3.0/x86_64/lib64cups2-1.1.20-5.13.C30mdk.x86_64.rpm
 a10a7345e5d8854d51cfd3f8b1ace568  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.13.C30mdk.x86_64.rpm 
 6e7caebc791076f1b7be6e01feb32843  corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

 Corporate 4.0:
 a0f3d078a74b2c53e4584bb38cce9a3c  corporate/4.0/i586/cups-1.2.4-0.4.20060mlcs4.i586.rpm
 d6d6ad7ccc2a10e2afef7c4df1ff356f  corporate/4.0/i586/cups-common-1.2.4-0.4.20060mlcs4.i586.rpm
 acdb601c9b45c6c3aac33a8c35511df1  corporate/4.0/i586/cups-serial-1.2.4-0.4.20060mlcs4.i586.rpm
 92dbd07ab275e28ef5e9389b0ba41044  corporate/4.0/i586/libcups2-1.2.4-0.4.20060mlcs4.i586.rpm
 5d785917c935e1be68259d6ddcc39c34  corporate/4.0/i586/libcups2-devel-1.2.4-0.4.20060mlcs4.i586.rpm
 30178e2b49f94797265f8bd5521f4feb  corporate/4.0/i586/php-cups-1.2.4-0.4.20060mlcs4.i586.rpm 
 c69b9cb3c9cc0195754ad0abbba86909  corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 94a66b9c5c857dac0608740b59d3c7d3  corporate/4.0/x86_64/cups-1.2.4-0.4.20060mlcs4.x86_64.rpm
 8b85a0601a5140a2124f6f4a226636ab  corporate/4.0/x86_64/cups-common-1.2.4-0.4.20060mlcs4.x86_64.rpm
 626e94c62eb6a8542218add3acf5643d  corporate/4.0/x86_64/cups-serial-1.2.4-0.4.20060mlcs4.x86_64.rpm
 8981312a07b0073590a0a9fe47d84fa4  corporate/4.0/x86_64/lib64cups2-1.2.4-0.4.20060mlcs4.x86_64.rpm
 52c5bcce946a258be2961cfc0aeac04c  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.4.20060mlcs4.x86_64.rpm
 b93fee3d490982b27af59c547c82ea26  corporate/4.0/x86_64/php-cups-1.2.4-0.4.20060mlcs4.x86_64.rpm 
 c69b9cb3c9cc0195754ad0abbba86909  corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHKg0pmqjQ0CJFipgRAm7rAJ9DbE0ifwt++PgAsGkZubl7/XMpPgCeJmnH
Lbv+H8gJvXS25ZSt2Bi04gk=
=7SuA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2007:204 ] - Updated cups packages fix vulnerability security (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]