LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:029 ] cups Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Security vulnerabilities have been discovered and corrected in CUPS. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow (CVE-2008-5286). CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032). The updated packages have been patched to prevent this.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:029
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : January 24, 2009
 Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities have been discovered and corrected in CUPS.
 
 CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary
 code via a PNG image with a large height value, which bypasses a
 validation check and triggers a buffer overflow (CVE-2008-5286).
 
 CUPS shipped with Mandriva Linux allows local users to overwrite
 arbitrary files via a symlink attack on the /tmp/pdf.log temporary file
 (CVE-2009-0032).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 994b3a1b01b56666bb4a8031ee31b34f  corporate/3.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm
 de905741d61bae32536529fbf90dfab3  corporate/3.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm
 7b17aea4fc95127caf9d10ee6890bce9  corporate/3.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm
 b292bef90820e0a6670be098898fed4c  corporate/3.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm
 0c4ccae9726627a7862b99d502bd01d7  corporate/3.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm 
 c352f4b5a13cd526986a57df257179f4  corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bd5351126e270e17cc2566bf2235fa1f  corporate/3.0/x86_64/cups-1.1.20-5.20.C30mdk.x86_64.rpm
 118ef59563972c058f5554f32a3e2c47  corporate/3.0/x86_64/cups-common-1.1.20-5.20.C30mdk.x86_64.rpm
 ab8d127202d1e96c8aa426049b1892e6  corporate/3.0/x86_64/cups-serial-1.1.20-5.20.C30mdk.x86_64.rpm
 bae6f13234cf3b78ddfd4907ba1fb77b  corporate/3.0/x86_64/lib64cups2-1.1.20-5.20.C30mdk.x86_64.rpm
 3d3c8828d13aad5c640735bade817324  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.20.C30mdk.x86_64.rpm 
 c352f4b5a13cd526986a57df257179f4  corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm

 Corporate 4.0:
 4ed3f682ad778dae2030b5421c9021d1  corporate/4.0/i586/cups-1.2.4-0.11.20060mlcs4.i586.rpm
 fcb481b9d2a7e03eb6282da1a948c934  corporate/4.0/i586/cups-common-1.2.4-0.11.20060mlcs4.i586.rpm
 2c8fe1c48e81d5d5fec7dcb169b4c592  corporate/4.0/i586/cups-serial-1.2.4-0.11.20060mlcs4.i586.rpm
 6bfc9e49eea846be83d8e2ce6a33937c  corporate/4.0/i586/libcups2-1.2.4-0.11.20060mlcs4.i586.rpm
 6e10802e302fcb3949e9f2d5d7033140  corporate/4.0/i586/libcups2-devel-1.2.4-0.11.20060mlcs4.i586.rpm
 5027be07f343ef0ee30098facd23bf2e  corporate/4.0/i586/php-cups-1.2.4-0.11.20060mlcs4.i586.rpm 
 ec9108eae742d663e2ee8a4beecaf9cf  corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6d244796552fdbcf5558dafb656a6725  corporate/4.0/x86_64/cups-1.2.4-0.11.20060mlcs4.x86_64.rpm
 52d6bce0dff47c71e0a92414a85310d1  corporate/4.0/x86_64/cups-common-1.2.4-0.11.20060mlcs4.x86_64.rpm
 9974614fa1d89fdb299f4234d0033c4e  corporate/4.0/x86_64/cups-serial-1.2.4-0.11.20060mlcs4.x86_64.rpm
 f49b67cca18ae350ff1012b27690ef21  corporate/4.0/x86_64/lib64cups2-1.2.4-0.11.20060mlcs4.x86_64.rpm
 40c5855531ced0dd7d236bd2db35d4a3  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.11.20060mlcs4.x86_64.rpm
 4d1d6b25b4d9be6cb9ea8bcc4612ed9a  corporate/4.0/x86_64/php-cups-1.2.4-0.11.20060mlcs4.x86_64.rpm 
 ec9108eae742d663e2ee8a4beecaf9cf  corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 7a9040b14a227bc68034606f877a998c  mnf/2.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm
 03409addc231891f162edab1d53308fd  mnf/2.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm
 fe24ae2f4ef9727e1edeb1ffaa40a6a4  mnf/2.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm
 d1fbff8f743b4b2598fdeaad56d7e3b1  mnf/2.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm
 4abb0a31c7473c6bca3ff3152ce6f961  mnf/2.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm 
 d61057ea6fbf926570d6ebb93e97d822  mnf/2.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.