[ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:228
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : November 19, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Alin Rad Pop found several flaws in how PDF files are handled in cups.
An attacker could create a malicious PDF file that would cause cups
to crash or potentially execute arbitrary code when opened.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4-1.5mdv2007.0.i586.rpm
29fd652c383d4ea688336bc143f1e5cf
2007.0/i586/cups-common-1.2.4-1.5mdv2007.0.i586.rpm
6a6c275bf900887bc34325ef552f39ab
2007.0/i586/cups-serial-1.2.4-1.5mdv2007.0.i586.rpm
b2f487a129a0ae8cefd66bd89177f5bd
2007.0/i586/libcups2-1.2.4-1.5mdv2007.0.i586.rpm
853850aadbfed2e7a5fe76ddfd293990
2007.0/i586/libcups2-devel-1.2.4-1.5mdv2007.0.i586.rpm
cdeaa28956923402a8986821fb01ec53
2007.0/i586/php-cups-1.2.4-1.5mdv2007.0.i586.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
7df3b74de7c7d06ca7e750912993b85a
2007.0/x86_64/cups-1.2.4-1.5mdv2007.0.x86_64.rpm
7c8463926c7a618df34b5e31ddb3b80f
2007.0/x86_64/cups-common-1.2.4-1.5mdv2007.0.x86_64.rpm
49b51564f1e7ce0df1da99f7f86bff3c
2007.0/x86_64/cups-serial-1.2.4-1.5mdv2007.0.x86_64.rpm
e6c50f4ec69f14569036549ee1402beb
2007.0/x86_64/lib64cups2-1.2.4-1.5mdv2007.0.x86_64.rpm
0d4f42989dc3604a551cf1f9f4bb1c76
2007.0/x86_64/lib64cups2-devel-1.2.4-1.5mdv2007.0.x86_64.rpm
8a9a47b66a117d76b6612ac247ee76fb
2007.0/x86_64/php-cups-1.2.4-1.5mdv2007.0.x86_64.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm
Mandriva Linux 2007.1:
8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10-2.3mdv2007.1.i586.rpm
8d84223e130eb9039dd5e25dfcf47684
2007.1/i586/cups-common-1.2.10-2.3mdv2007.1.i586.rpm
c73459d19f605e2093fe8e7753510cf8
2007.1/i586/cups-serial-1.2.10-2.3mdv2007.1.i586.rpm
9f4e634eb3e900ffefd59562780a3f28
2007.1/i586/libcups2-1.2.10-2.3mdv2007.1.i586.rpm
fd0883a8e8243ff1ceb862f14b9f032b
2007.1/i586/libcups2-devel-1.2.10-2.3mdv2007.1.i586.rpm
bbb9b69f0e77c2e89f82328fa96a254f
2007.1/i586/php-cups-1.2.10-2.3mdv2007.1.i586.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b1ae2a278de78e5e90cd818af06c8869
2007.1/x86_64/cups-1.2.10-2.3mdv2007.1.x86_64.rpm
feb3659cf805bbb8d7d528ec00007416
2007.1/x86_64/cups-common-1.2.10-2.3mdv2007.1.x86_64.rpm
f10bf7760a46b9bf195d0ee2f0b20ad0
2007.1/x86_64/cups-serial-1.2.10-2.3mdv2007.1.x86_64.rpm
7dccd2d2bd22194c72821a2315be71f0
2007.1/x86_64/lib64cups2-1.2.10-2.3mdv2007.1.x86_64.rpm
1690756e08eed05d08b9b1dad4554a69
2007.1/x86_64/lib64cups2-devel-1.2.10-2.3mdv2007.1.x86_64.rpm
9d0f9f960a4e171d5b69a51650a0e97c
2007.1/x86_64/php-cups-1.2.10-2.3mdv2007.1.x86_64.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0-3.3mdv2008.0.i586.rpm
0f32262c9fd557a33653d346cf561eb0
2008.0/i586/cups-common-1.3.0-3.3mdv2008.0.i586.rpm
679603be0ff46880b67a8a526fc5e0f6
2008.0/i586/cups-serial-1.3.0-3.3mdv2008.0.i586.rpm
2c475b6dbc51abb97f4978fb38f805aa
2008.0/i586/libcups2-1.3.0-3.3mdv2008.0.i586.rpm
c8bfa0b793dc2f75c15f19e4822bb02d
2008.0/i586/libcups2-devel-1.3.0-3.3mdv2008.0.i586.rpm
002037d0c0296df0f488b6827abd3621
2008.0/i586/php-cups-1.3.0-3.3mdv2008.0.i586.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
908ceb359b83acc57734a535e1b7b7a5
2008.0/x86_64/cups-1.3.0-3.3mdv2008.0.x86_64.rpm
3ef9fbbffa74d7ea35ec501c074f6195
2008.0/x86_64/cups-common-1.3.0-3.3mdv2008.0.x86_64.rpm
b29c75dd2616451c33800772d77f6d22
2008.0/x86_64/cups-serial-1.3.0-3.3mdv2008.0.x86_64.rpm
7bc26d62f62bebfd13f748a3e1c92f40
2008.0/x86_64/lib64cups2-1.3.0-3.3mdv2008.0.x86_64.rpm
bd7fca05e68b64f71532007f0d3336b6
2008.0/x86_64/lib64cups2-devel-1.3.0-3.3mdv2008.0.x86_64.rpm
f8a5c7b8727652c48080c7d42ebbbb98
2008.0/x86_64/php-cups-1.3.0-3.3mdv2008.0.x86_64.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm
Corporate 3.0:
d8f8b23034ed04134c3adffe8900c3c0
corporate/3.0/i586/cups-1.1.20-5.14.C30mdk.i586.rpm
692d4cc10f27d0b032414bd49047a0d5
corporate/3.0/i586/cups-common-1.1.20-5.14.C30mdk.i586.rpm
f51f15805a46410360a735d266b05513
corporate/3.0/i586/cups-serial-1.1.20-5.14.C30mdk.i586.rpm
ac8c8341c807fe425b95b2d36e540632
corporate/3.0/i586/libcups2-1.1.20-5.14.C30mdk.i586.rpm
9e4381efa99b4259291d83ce12fbbfd1
corporate/3.0/i586/libcups2-devel-1.1.20-5.14.C30mdk.i586.rpm
dbb2486013936d7ac79996b437871851
corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm
Corporate 3.0/X86_64:
af60c4b209e2d7c8b2926152484d7a16
corporate/3.0/x86_64/cups-1.1.20-5.14.C30mdk.x86_64.rpm
04723ab4e6928c7c94509970ee3affe5
corporate/3.0/x86_64/cups-common-1.1.20-5.14.C30mdk.x86_64.rpm
633e04aa6a1a94e4c16ff06b80c5b0a1
corporate/3.0/x86_64/cups-serial-1.1.20-5.14.C30mdk.x86_64.rpm
8455649b95bd3ccbbbd83643355d0d9d
corporate/3.0/x86_64/lib64cups2-1.1.20-5.14.C30mdk.x86_64.rpm
b0bb5f82abe5e63f2330a2ce3856d9fd
corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.14.C30mdk.x86_64.rpm
dbb2486013936d7ac79996b437871851
corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm
Corporate 4.0:
601bc4824031861920955ad8555aa4d7
corporate/4.0/i586/cups-1.2.4-0.5.20060mlcs4.i586.rpm
47167ce1b770bf583616d86a06e4b434
corporate/4.0/i586/cups-common-1.2.4-0.5.20060mlcs4.i586.rpm
8b12a32bd46ce350143b1722dbf76de2
corporate/4.0/i586/cups-serial-1.2.4-0.5.20060mlcs4.i586.rpm
7bded05fbaf5b485aef109404f0132f9
corporate/4.0/i586/libcups2-1.2.4-0.5.20060mlcs4.i586.rpm
09c2660b9004454c07b15d3e57124acc
corporate/4.0/i586/libcups2-devel-1.2.4-0.5.20060mlcs4.i586.rpm
55eddc1759513c131465e61564977618
corporate/4.0/i586/php-cups-1.2.4-0.5.20060mlcs4.i586.rpm
3a2b57f8a67c419bc74f09db58b6e789
corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1e3565148aa5da08a4b999b42d7763c8
corporate/4.0/x86_64/cups-1.2.4-0.5.20060mlcs4.x86_64.rpm
a1da7ffbc6fb5294967fde1b785dc7fa
corporate/4.0/x86_64/cups-common-1.2.4-0.5.20060mlcs4.x86_64.rpm
306ffbfbf7606ffc31c197f77c539eef
corporate/4.0/x86_64/cups-serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
f0364ad9115ceb82978847ab6cdc66e1
corporate/4.0/x86_64/lib64cups2-1.2.4-0.5.20060mlcs4.x86_64.rpm
d93d6cb48d60436c9f1b32181f82b6c7
corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
802a3f4c3167f06640d2a8c3394cb26c
corporate/4.0/x86_64/php-cups-1.2.4-0.5.20060mlcs4.x86_64.rpm
3a2b57f8a67c419bc74f09db58b6e789
corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W
z5jyh/u/+4QFVsSocymKj/g=
=RkrY
-----END PGP SIGNATURE-----