Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in cups
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in cups
ID: MDKSA-2006:010
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2, Mandriva 2006.0, Mandriva Corporate 2.1
Datum: Mi, 11. Januar 2006, 04:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
Applikationen: Common UNIX Printing System

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1136948925-11613-1900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:010
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : January 10, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple heap-based buffer overflows in the
 DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions
 in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,
 allow user-complicit attackers to cause a denial of service (heap
 corruption) and possibly execute arbitrary code via a crafted  PDF file
 with an out-of-range number of components (numComps), which is used as
 an array index. (CVE-2005-3191)
  
 Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01
 allows remote attackers to execute arbitrary code via a PDF file with
 an out-of-range numComps (number of components) field. (CVE-2005-3192)
 
 Heap-based buffer overflow in the JPXStream::readCodestream function
 in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier
 allows user-complicit attackers to cause a denial of service (heap
 corruption) and possibly execute arbitrary code via a crafted PDF file
 with large size values that cause insufficient memory to be allocated.
 (CVE-2005-3193)
 
 An additional patch re-addresses memory allocation routines in
 goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). 
 
 In addition, Chris Evans discovered several other vulnerbilities in
 the xpdf code base:
 
  Out-of-bounds heap accesses with large or negative parameters to 
   "FlateDecode" stream. (CVE-2005-3192)
 
  Out-of-bounds heap accesses with large or negative parameters to
   "CCITTFaxDecode" stream. (CVE-2005-3624)
 
  Infinite CPU spins in various places when stream ends unexpectedly.
   (CVE-2005-3625) 
 
  NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)
 
  Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)
 
  Possible to use index past end of array in "DCTDecode" stream.
   (CVE-2005-3627)
 
  Possible out-of-bounds indexing trouble in "DCTDecode" stream.
   (CVE-2005-3627)
 
 CUPS uses an embedded copy of the xpdf code, with the same
 vulnerabilities.
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 b5c52be00b23507bcd130c9e7d1ddd50 
 10.1/RPMS/cups-1.1.21-0.rc1.7.8.101mdk.i586.rpm
 3c98e0ba4a584ca32a2a25eb20b33a39 
 10.1/RPMS/cups-common-1.1.21-0.rc1.7.8.101mdk.i586.rpm
 1fe768077621d37fa855f51baeecd414 
 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.8.101mdk.i586.rpm
 4d8cc497b444ef413726f305af275a6a 
 10.1/RPMS/libcups2-1.1.21-0.rc1.7.8.101mdk.i586.rpm
 a4d621ee0eccb8f95791b991fac95768 
 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.8.101mdk.i586.rpm
 7e0e073cfdd7c43d255aa80ed37c28d1 
 10.1/SRPMS/cups-1.1.21-0.rc1.7.8.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 c782703a80182ba0f194a3fe59e29671 
 x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
 77ddacf0c0a0e327190ff86c797a7eb3 
 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
 88f6f078e7bdf537359b12df1b116875 
 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
 bba6774180d2f868f962f8ea8b6e0e51 
 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
 9cc3515dc6a6655e89a492a3664cea67 
 x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
 7e0e073cfdd7c43d255aa80ed37c28d1 
 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.8.101mdk.src.rpm

 Mandriva Linux 10.2:
 5765c4454d6295a4a7cfc6eeeca70c77  10.2/RPMS/cups-1.1.23-11.2.102mdk.i586.rpm
 d18d807072f5cc3d1c4ef98a2cf911ab 
 10.2/RPMS/cups-common-1.1.23-11.2.102mdk.i586.rpm
 ef4f68b6a7b2201abd2bb3c70fe296be 
 10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.i586.rpm
 29ae7290946944562087a0191142e9cc 
 10.2/RPMS/libcups2-1.1.23-11.2.102mdk.i586.rpm
 a853346dc6688da93a3231d12c1728f6 
 10.2/RPMS/libcups2-devel-1.1.23-11.2.102mdk.i586.rpm
 5862692ff8114c7f78a808e946c371e6  10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 9d2e1052c4aeb7f6aad3e0d3c60f85d8 
 x86_64/10.2/RPMS/cups-1.1.23-11.2.102mdk.x86_64.rpm
 8dfe2e759e0749cf7b7acdf077fab2e8 
 x86_64/10.2/RPMS/cups-common-1.1.23-11.2.102mdk.x86_64.rpm
 0ae798ff3cad9bf639db492d3717ff99 
 x86_64/10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.x86_64.rpm
 b85e0f3831dae734217d76930813909b 
 x86_64/10.2/RPMS/lib64cups2-1.1.23-11.2.102mdk.x86_64.rpm
 38f5140a72acf7689b599bef9f923000 
 x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.2.102mdk.x86_64.rpm
 5862692ff8114c7f78a808e946c371e6 
 x86_64/10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 7fa2fe8c6e545eb18fd69f037688d701 
 2006.0/RPMS/cups-1.1.23-17.1.20060mdk.i586.rpm
 045c02e7fe8e5c5a7c19710170892847 
 2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.i586.rpm
 d0246199b3ca4cb26e91490fd85994f4 
 2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.i586.rpm
 f8b9623d2d7a925196c3496c6f8c491d 
 2006.0/RPMS/libcups2-1.1.23-17.1.20060mdk.i586.rpm
 dca5e3b78ef5941f8f6880197e7c02c0 
 2006.0/RPMS/libcups2-devel-1.1.23-17.1.20060mdk.i586.rpm
 f54c5483e511e5f94706d25d04b9bed7 
 2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 2f3de58ff175a564fe4949538632af96 
 x86_64/2006.0/RPMS/cups-1.1.23-17.1.20060mdk.x86_64.rpm
 f411ec48c957768194cde193e5693a9e 
 x86_64/2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.x86_64.rpm
 4ca9fcdc1d9c90c0d00cb5ba4c80ad06 
 x86_64/2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.x86_64.rpm
 c869457a90e4113d284730074dfa8b4e 
 x86_64/2006.0/RPMS/lib64cups2-1.1.23-17.1.20060mdk.x86_64.rpm
 98f854ccb1cff62ac98c70213d9da0f8 
 x86_64/2006.0/RPMS/lib64cups2-devel-1.1.23-17.1.20060mdk.x86_64.rpm
 f54c5483e511e5f94706d25d04b9bed7 
 x86_64/2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm

 Corporate Server 2.1:
 3a4a7fadc8472a8b9df603d06173a12b 
 corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.i586.rpm
 8142c0e40cac5993bf87b20867403225 
 corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.i586.rpm
 a4246d3a163aad65368ad436ee271d3d 
 corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.i586.rpm
 61e710d2dbd5c3b24980a3aee8027609 
 corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.i586.rpm
 26b64c12e3b8b48e214fd7070f547879 
 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.i586.rpm
 06625c0147c5e2aaebd3575ed0133e6b 
 corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 fd0907a5db87cc55f999f05183866f4e 
 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.x86_64.rpm
 7fb05a22ddee7df584552964b3c29d77 
 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.x86_64.rpm
 bf0863a6b7616e34678b6866e2c4d6df 
 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.x86_64.rpm
 d3925af3dc401c15a7d5a5da02b7469b 
 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.x86_64.rpm
 fdc4cdf8756b835b28b6e6d6945914e4 
 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.x86_64.rpm
 06625c0147c5e2aaebd3575ed0133e6b 
 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm

 Corporate 3.0:
 18480c0d569725ed5f5542a6e118e01a 
 corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.i586.rpm
 41eed97b13410174f82c85e43b2b9c9f 
 corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.i586.rpm
 c371b67e6315faae8afcd686a5f1affb 
 corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.i586.rpm
 43f1a46effe9a488642fbe7ba7932477 
 corporate/3.0/RPMS/libcups2-1.1.20-5.10.C30mdk.i586.rpm
 da7a75b3e56a8ad8812bd88e078c4567 
 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.10.C30mdk.i586.rpm
 9540dbf56f41e2f77d573ca2798cf306 
 corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 fe95777cc7bdfd4b41daf4f9a19186c9 
 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.x86_64.rpm
 5e56191f8f14638ab5304ac94df6bb7a 
 x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.x86_64.rpm
 20f1396cf173d3b58d2a1dc4068770d4 
 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.x86_64.rpm
 6da98153e198cd3b2456280feae5bdba 
 x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.10.C30mdk.x86_64.rpm
 83d2c68c0180d8ba395bc9c0cb8b1338 
 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.10.C30mdk.x86_64.rpm
 9540dbf56f41e2f77d573ca2798cf306 
 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDxCNYmqjQ0CJFipgRAl+eAKDi8lnQXk0D+rUq4UvAl5Le1Ze5oQCfUw+7
D4xxg7GHFovst9LlQsfydIs=
=0UJn
-----END PGP SIGNATURE-----

------------=_1136948925-11613-1900
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1136948925-11613-1900--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung