LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated cups packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joseph Shakespeare   
Mandrake A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. Cups uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cups
 Advisory ID:            MDKSA-2005:018
 Date:                   January 25th, 2005

 Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1,
			 Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was discovered in the xpdf PDF          
 code, which could allow for arbitrary code execution as the user 
 viewing a PDF file. The vulnerability exists due to insufficient bounds
 checking while processing a PDF file that provides malicious values in
 the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the
 same vulnerability.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 379232c587543df84bed0b06a1b4a544  10.0/RPMS/cups-1.1.20-5.6.100mdk.i586.rpm
 9c603dd7eb08e5a5f80f2a3aff85c9a5  10.0/RPMS/cups-common-1.1.20-5.6.100mdk.i586.rpm
 f998f6e5f406cc6ae2c740886dd1863d  10.0/RPMS/cups-serial-1.1.20-5.6.100mdk.i586.rpm
 6d1d399ec3f3d416569ba9cda9e2382b  10.0/RPMS/libcups2-1.1.20-5.6.100mdk.i586.rpm
 c3c84379002347e69b41b8796f2145f2  10.0/RPMS/libcups2-devel-1.1.20-5.6.100mdk.i586.rpm
 7f6775df4063e8def8ea89e1463f7880  10.0/SRPMS/cups-1.1.20-5.6.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 440f9f99bc8c14e1155247f0ffb4e371  amd64/10.0/RPMS/cups-1.1.20-5.6.100mdk.amd64.rpm
 9600924bc1877079fe9a1a2c1efe1b8d  amd64/10.0/RPMS/cups-common-1.1.20-5.6.100mdk.amd64.rpm
 08da5c993bfa65d0ecffb33f97323fb6  amd64/10.0/RPMS/cups-serial-1.1.20-5.6.100mdk.amd64.rpm
 d128d93e19aad698576ba74357c61249  amd64/10.0/RPMS/lib64cups2-1.1.20-5.6.100mdk.amd64.rpm
 537aacfb916e98b56a01ea690a7f38b7  amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.6.100mdk.amd64.rpm
 7f6775df4063e8def8ea89e1463f7880  amd64/10.0/SRPMS/cups-1.1.20-5.6.100mdk.src.rpm

 Mandrakelinux 10.1:
 c571a912d5ab00c3ab06bca8c36cdf5a  10.1/RPMS/cups-1.1.21-0.rc1.7.4.101mdk.i586.rpm
 6a9d5fa3966f0f443328457eb960477e  10.1/RPMS/cups-common-1.1.21-0.rc1.7.4.101mdk.i586.rpm
 3ceefe3537ad2c211e45d580f2e90795  10.1/RPMS/cups-serial-1.1.21-0.rc1.7.4.101mdk.i586.rpm
 51662e88bd9fdadfc18bfa88d3ca4511  10.1/RPMS/libcups2-1.1.21-0.rc1.7.4.101mdk.i586.rpm
 f5ab7e3002e41b1d54975df2bbdc9592  10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.4.101mdk.i586.rpm
 17445e2b920e8a912be47f3935e5f095  10.1/SRPMS/cups-1.1.21-0.rc1.7.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 12f13a1e2cf6d610de3cb4133a25e7a7  x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
 cf2a20b744f80c1701dfc63659729c04  x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
 e6ec0c5b6cc7eef042c91f697cb82e46  x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
 572e2a932e6c6154d1f2e2dcb908c679  x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
 c24f5dc070481662f9a7005b37f61fd4  x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.4.101mdk.x86_64.rpm
 17445e2b920e8a912be47f3935e5f095  x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.4.101mdk.src.rpm

 Corporate Server 2.1:
 162a5512b876caf7b74f5de35b91ff54  corporate/2.1/RPMS/cups-1.1.18-2.8.C21mdk.i586.rpm
 132911f013b0319957f9b10955af7f63  corporate/2.1/RPMS/cups-common-1.1.18-2.8.C21mdk.i586.rpm
 f31f529cdd22e863426e3ae4eb842bb6  corporate/2.1/RPMS/cups-serial-1.1.18-2.8.C21mdk.i586.rpm
 f433cc5ba9e84d7f079bb31d4fd34e9e  corporate/2.1/RPMS/libcups1-1.1.18-2.8.C21mdk.i586.rpm
 e1e4e4c6a3007ff868e32a1001e9765d  corporate/2.1/RPMS/libcups1-devel-1.1.18-2.8.C21mdk.i586.rpm
 c944a0c30ff89ef18d382e7a3d0a70d1  corporate/2.1/SRPMS/cups-1.1.18-2.8.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 ef0e81ff6ac37918d2f8a354a772bf88  x86_64/corporate/2.1/RPMS/cups-1.1.18-2.8.C21mdk.x86_64.rpm
 1d939abecc9d566ae118d800bae5a123  x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.8.C21mdk.x86_64.rpm
 24c1656d01b527c8e17cc03fc9700b62  x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.8.C21mdk.x86_64.rpm
 a2fa8c5e2efd2a955447bda6a1bce11b  x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.8.C21mdk.x86_64.rpm
 98e04e33a3446ea8a8e5cd0be0aaa6b8  x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.8.C21mdk.x86_64.rpm
 c944a0c30ff89ef18d382e7a3d0a70d1  x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.8.C21mdk.src.rpm

 Corporate Server 3.0:
 74c49860c8ff85cce34862c6e21eb903  corporate/3.0/RPMS/cups-1.1.20-5.6.C30mdk.i586.rpm
 6b350b1e9e52e8bbfec81c36aaf065a1  corporate/3.0/RPMS/cups-common-1.1.20-5.6.C30mdk.i586.rpm
 30f4ac447f36cb119a6756ca2013c951  corporate/3.0/RPMS/cups-serial-1.1.20-5.6.C30mdk.i586.rpm
 718182b8dc9b53839bbc5b1b36293d57  corporate/3.0/RPMS/libcups2-1.1.20-5.6.C30mdk.i586.rpm
 3683688596297bdaa4178307fd8db128  corporate/3.0/RPMS/libcups2-devel-1.1.20-5.6.C30mdk.i586.rpm
 d00bea70d267fe48ea33af6c19942b21  corporate/3.0/SRPMS/cups-1.1.20-5.6.C30mdk.src.rpm

 Mandrakelinux 9.2:
 3c29059ab729243b945dea6f8bbf03ca  9.2/RPMS/cups-1.1.19-10.6.92mdk.i586.rpm
 d8082f721bf90fbdfa5024ca078c8ac1  9.2/RPMS/cups-common-1.1.19-10.6.92mdk.i586.rpm
 4465bc3ec5474678300c47248e51385c  9.2/RPMS/cups-serial-1.1.19-10.6.92mdk.i586.rpm
 4ba9bbe5ca67248bef02befff75951f4  9.2/RPMS/libcups2-1.1.19-10.6.92mdk.i586.rpm
 1abbf2cf8c5cd14dd80b6004bdeb4525  9.2/RPMS/libcups2-devel-1.1.19-10.6.92mdk.i586.rpm
 b7f7a802fb70f4e4c07f904feb3b645a  9.2/SRPMS/cups-1.1.19-10.6.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 1103866f68f4460ab504990315f7979a  amd64/9.2/RPMS/cups-1.1.19-10.6.92mdk.amd64.rpm
 ea567af43ac8d9b3393e9dfe89fc4417  amd64/9.2/RPMS/cups-common-1.1.19-10.6.92mdk.amd64.rpm
 b6233f53c363a5824f28029763b6f2b9  amd64/9.2/RPMS/cups-serial-1.1.19-10.6.92mdk.amd64.rpm
 cfe9d1a90f713e5de59dca46728284a5  amd64/9.2/RPMS/lib64cups2-1.1.19-10.6.92mdk.amd64.rpm
 133935512ad4bc0b59dfa06ea15b22c7  amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.6.92mdk.amd64.rpm
 b7f7a802fb70f4e4c07f904feb3b645a  amd64/9.2/SRPMS/cups-1.1.19-10.6.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.