Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in printer-drivers
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in printer-drivers
ID: MDVSA-2009:096-1
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0
Datum: Mo, 27. April 2009, 19:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
Applikationen: printer-drivers

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1240854869-27111-1903


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:096-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : printer-drivers
 Date    : April 24, 2009
 Affected: Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 A buffer underflow in Ghostscript's CCITTFax decoding filter allows
 remote attackers to cause denial of service and possibly to execute
 arbitrary by using a crafted PDF file (CVE-2007-6725).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images. Note: this issue exists because of
 an incomplete fix for CVE-2009-0583 (CVE-2009-0792).
 
 This update provides fixes for that vulnerabilities.

 Update:

 The previous update went with a wrong require version of perl-base
 in the foomatic-db-engine package. It is fixed on this update.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 96dbc60a93ce4a6763d2455faf174a7b 
 corporate/3.0/i586/cups-drivers-1.1-138.7.C30mdk.i586.rpm
 22dc1a762f9a3a2fe5d7110b5eba3455 
 corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 d2c14e583a164b7869cf948e3c9807fa 
 corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 bac7e6a9dc1c0001ce0e52ca46478ef8 
 corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
 d21db35d010cec004a08b81ea931e099 
 corporate/3.0/i586/ghostscript-7.07-19.7.C30mdk.i586.rpm
 4a5ff90f604335520030e009c9bfa88f 
 corporate/3.0/i586/ghostscript-module-X-7.07-19.7.C30mdk.i586.rpm
 4f7585ce74121c1d5ac778502514b282 
 corporate/3.0/i586/gimpprint-4.2.7-2.7.C30mdk.i586.rpm
 5d151dd1c5722bc6772f50906f1f8021 
 corporate/3.0/i586/libgimpprint1-4.2.7-2.7.C30mdk.i586.rpm
 6451feff86856479e8a35ebf49f185f4 
 corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.7.C30mdk.i586.rpm
 c4d87b25765d2db2efe1e45ad6ef9e16 
 corporate/3.0/i586/libijs0-0.34-76.7.C30mdk.i586.rpm
 76d95e81afaba7c85f2263fb24a98ee8 
 corporate/3.0/i586/libijs0-devel-0.34-76.7.C30mdk.i586.rpm
 2e816acf32ad22a5297565750840fa35 
 corporate/3.0/i586/printer-filters-1.0-138.7.C30mdk.i586.rpm
 480c4991734be95df224865468a45e9a 
 corporate/3.0/i586/printer-testpages-1.0-138.7.C30mdk.i586.rpm
 5d0845002a84eb2a8c341039ce64a2fc 
 corporate/3.0/i586/printer-utils-1.0-138.7.C30mdk.i586.rpm 
 903215b475cf0031bdd3f79983734c87 
 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a45bd1c244e8c09768e8482ef0db740a 
 corporate/3.0/x86_64/cups-drivers-1.1-138.7.C30mdk.x86_64.rpm
 42836893a4f590eede9ffe95309c44f5 
 corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 97681dcc24ba1d656f5ccb90a3dc9551 
 corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 7988477ee8ec84c17d404300db27de1e 
 corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
 dc7d3d21e5311227c9c7326e31b4a5b5 
 corporate/3.0/x86_64/ghostscript-7.07-19.7.C30mdk.x86_64.rpm
 caf9a2010f126f6c5e75204ce97ae2a0 
 corporate/3.0/x86_64/ghostscript-module-X-7.07-19.7.C30mdk.x86_64.rpm
 2b3ac0b759e0695a80a12f23f8f5e26a 
 corporate/3.0/x86_64/gimpprint-4.2.7-2.7.C30mdk.x86_64.rpm
 3bf97787fedfe9e9f4348c77a8aca100 
 corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.7.C30mdk.x86_64.rpm
 9653764019d8fad3994332efd55a541a 
 corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.7.C30mdk.x86_64.rpm
 0d818179492f74a124d6bd28a3e2afe4 
 corporate/3.0/x86_64/lib64ijs0-0.34-76.7.C30mdk.x86_64.rpm
 ca55063d9e24ac47784e6f5606bdc981 
 corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.7.C30mdk.x86_64.rpm
 0e8cc9cc04b70fc207ebd843cd82bf5d 
 corporate/3.0/x86_64/printer-filters-1.0-138.7.C30mdk.x86_64.rpm
 ddf46b5e1937b911e7f8650ddc569798 
 corporate/3.0/x86_64/printer-testpages-1.0-138.7.C30mdk.x86_64.rpm
 f90b734db08f01cac31a7f3b8c86528f 
 corporate/3.0/x86_64/printer-utils-1.0-138.7.C30mdk.x86_64.rpm 
 903215b475cf0031bdd3f79983734c87 
 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9caLmqjQ0CJFipgRAq0AAKDMk/At0KOjwv8z1lMVVONLt8oU3ACg18sa
/GHaS3O+LLgMH6XSBnHCfiE=
=YDBP
-----END PGP SIGNATURE-----


------------=_1240854869-27111-1903
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1240854869-27111-1903--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung