Mandriva: Updated cups packages fix vulnerabilities
Posted by Benjamin D. Thomas   
Mandrake Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:228
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : November 19, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Alin Rad Pop found several flaws in how PDF files are handled in cups.
 An attacker could create a malicious PDF file that would cause cups
 to crash or potentially execute arbitrary code when opened.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 4fd4b6a2d384e2cc599b415131a58edd  2007.0/i586/cups-1.2.4-1.5mdv2007.0.i586.rpm
 29fd652c383d4ea688336bc143f1e5cf  2007.0/i586/cups-common-1.2.4-1.5mdv2007.0.i586.rpm
 6a6c275bf900887bc34325ef552f39ab  2007.0/i586/cups-serial-1.2.4-1.5mdv2007.0.i586.rpm
 b2f487a129a0ae8cefd66bd89177f5bd  2007.0/i586/libcups2-1.2.4-1.5mdv2007.0.i586.rpm
 853850aadbfed2e7a5fe76ddfd293990  2007.0/i586/libcups2-devel-1.2.4-1.5mdv2007.0.i586.rpm
 cdeaa28956923402a8986821fb01ec53  2007.0/i586/php-cups-1.2.4-1.5mdv2007.0.i586.rpm 
 5152934e9233e36bd1308d36144bbc1c  2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7df3b74de7c7d06ca7e750912993b85a  2007.0/x86_64/cups-1.2.4-1.5mdv2007.0.x86_64.rpm
 7c8463926c7a618df34b5e31ddb3b80f  2007.0/x86_64/cups-common-1.2.4-1.5mdv2007.0.x86_64.rpm
 49b51564f1e7ce0df1da99f7f86bff3c  2007.0/x86_64/cups-serial-1.2.4-1.5mdv2007.0.x86_64.rpm
 e6c50f4ec69f14569036549ee1402beb  2007.0/x86_64/lib64cups2-1.2.4-1.5mdv2007.0.x86_64.rpm
 0d4f42989dc3604a551cf1f9f4bb1c76  2007.0/x86_64/lib64cups2-devel-1.2.4-1.5mdv2007.0.x86_64.rpm
 8a9a47b66a117d76b6612ac247ee76fb  2007.0/x86_64/php-cups-1.2.4-1.5mdv2007.0.x86_64.rpm 
 5152934e9233e36bd1308d36144bbc1c  2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 8bca1f69b483c9907b164d090bf71161  2007.1/i586/cups-1.2.10-2.3mdv2007.1.i586.rpm
 8d84223e130eb9039dd5e25dfcf47684  2007.1/i586/cups-common-1.2.10-2.3mdv2007.1.i586.rpm
 c73459d19f605e2093fe8e7753510cf8  2007.1/i586/cups-serial-1.2.10-2.3mdv2007.1.i586.rpm
 9f4e634eb3e900ffefd59562780a3f28  2007.1/i586/libcups2-1.2.10-2.3mdv2007.1.i586.rpm
 fd0883a8e8243ff1ceb862f14b9f032b  2007.1/i586/libcups2-devel-1.2.10-2.3mdv2007.1.i586.rpm
 bbb9b69f0e77c2e89f82328fa96a254f  2007.1/i586/php-cups-1.2.10-2.3mdv2007.1.i586.rpm 
 a9694fcccc09b5fc3e0ab17acff8c857  2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 b1ae2a278de78e5e90cd818af06c8869  2007.1/x86_64/cups-1.2.10-2.3mdv2007.1.x86_64.rpm
 feb3659cf805bbb8d7d528ec00007416  2007.1/x86_64/cups-common-1.2.10-2.3mdv2007.1.x86_64.rpm
 f10bf7760a46b9bf195d0ee2f0b20ad0  2007.1/x86_64/cups-serial-1.2.10-2.3mdv2007.1.x86_64.rpm
 7dccd2d2bd22194c72821a2315be71f0  2007.1/x86_64/lib64cups2-1.2.10-2.3mdv2007.1.x86_64.rpm
 1690756e08eed05d08b9b1dad4554a69  2007.1/x86_64/lib64cups2-devel-1.2.10-2.3mdv2007.1.x86_64.rpm
 9d0f9f960a4e171d5b69a51650a0e97c  2007.1/x86_64/php-cups-1.2.10-2.3mdv2007.1.x86_64.rpm 
 a9694fcccc09b5fc3e0ab17acff8c857  2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 fb82aaf844538f1192dc5a5bba48ebb2  2008.0/i586/cups-1.3.0-3.3mdv2008.0.i586.rpm
 0f32262c9fd557a33653d346cf561eb0  2008.0/i586/cups-common-1.3.0-3.3mdv2008.0.i586.rpm
 679603be0ff46880b67a8a526fc5e0f6  2008.0/i586/cups-serial-1.3.0-3.3mdv2008.0.i586.rpm
 2c475b6dbc51abb97f4978fb38f805aa  2008.0/i586/libcups2-1.3.0-3.3mdv2008.0.i586.rpm
 c8bfa0b793dc2f75c15f19e4822bb02d  2008.0/i586/libcups2-devel-1.3.0-3.3mdv2008.0.i586.rpm
 002037d0c0296df0f488b6827abd3621  2008.0/i586/php-cups-1.3.0-3.3mdv2008.0.i586.rpm 
 81a92819ff1b95379e68d0b92022ef31  2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 908ceb359b83acc57734a535e1b7b7a5  2008.0/x86_64/cups-1.3.0-3.3mdv2008.0.x86_64.rpm
 3ef9fbbffa74d7ea35ec501c074f6195  2008.0/x86_64/cups-common-1.3.0-3.3mdv2008.0.x86_64.rpm
 b29c75dd2616451c33800772d77f6d22  2008.0/x86_64/cups-serial-1.3.0-3.3mdv2008.0.x86_64.rpm
 7bc26d62f62bebfd13f748a3e1c92f40  2008.0/x86_64/lib64cups2-1.3.0-3.3mdv2008.0.x86_64.rpm
 bd7fca05e68b64f71532007f0d3336b6  2008.0/x86_64/lib64cups2-devel-1.3.0-3.3mdv2008.0.x86_64.rpm
 f8a5c7b8727652c48080c7d42ebbbb98  2008.0/x86_64/php-cups-1.3.0-3.3mdv2008.0.x86_64.rpm 
 81a92819ff1b95379e68d0b92022ef31  2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm

 Corporate 3.0:
 d8f8b23034ed04134c3adffe8900c3c0  corporate/3.0/i586/cups-1.1.20-5.14.C30mdk.i586.rpm
 692d4cc10f27d0b032414bd49047a0d5  corporate/3.0/i586/cups-common-1.1.20-5.14.C30mdk.i586.rpm
 f51f15805a46410360a735d266b05513  corporate/3.0/i586/cups-serial-1.1.20-5.14.C30mdk.i586.rpm
 ac8c8341c807fe425b95b2d36e540632  corporate/3.0/i586/libcups2-1.1.20-5.14.C30mdk.i586.rpm
 9e4381efa99b4259291d83ce12fbbfd1  corporate/3.0/i586/libcups2-devel-1.1.20-5.14.C30mdk.i586.rpm 
 dbb2486013936d7ac79996b437871851  corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 af60c4b209e2d7c8b2926152484d7a16  corporate/3.0/x86_64/cups-1.1.20-5.14.C30mdk.x86_64.rpm
 04723ab4e6928c7c94509970ee3affe5  corporate/3.0/x86_64/cups-common-1.1.20-5.14.C30mdk.x86_64.rpm
 633e04aa6a1a94e4c16ff06b80c5b0a1  corporate/3.0/x86_64/cups-serial-1.1.20-5.14.C30mdk.x86_64.rpm
 8455649b95bd3ccbbbd83643355d0d9d  corporate/3.0/x86_64/lib64cups2-1.1.20-5.14.C30mdk.x86_64.rpm
 b0bb5f82abe5e63f2330a2ce3856d9fd  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.14.C30mdk.x86_64.rpm 
 dbb2486013936d7ac79996b437871851  corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm

 Corporate 4.0:
 601bc4824031861920955ad8555aa4d7  corporate/4.0/i586/cups-1.2.4-0.5.20060mlcs4.i586.rpm
 47167ce1b770bf583616d86a06e4b434  corporate/4.0/i586/cups-common-1.2.4-0.5.20060mlcs4.i586.rpm
 8b12a32bd46ce350143b1722dbf76de2  corporate/4.0/i586/cups-serial-1.2.4-0.5.20060mlcs4.i586.rpm
 7bded05fbaf5b485aef109404f0132f9  corporate/4.0/i586/libcups2-1.2.4-0.5.20060mlcs4.i586.rpm
 09c2660b9004454c07b15d3e57124acc  corporate/4.0/i586/libcups2-devel-1.2.4-0.5.20060mlcs4.i586.rpm
 55eddc1759513c131465e61564977618  corporate/4.0/i586/php-cups-1.2.4-0.5.20060mlcs4.i586.rpm 
 3a2b57f8a67c419bc74f09db58b6e789  corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1e3565148aa5da08a4b999b42d7763c8  corporate/4.0/x86_64/cups-1.2.4-0.5.20060mlcs4.x86_64.rpm
 a1da7ffbc6fb5294967fde1b785dc7fa  corporate/4.0/x86_64/cups-common-1.2.4-0.5.20060mlcs4.x86_64.rpm
 306ffbfbf7606ffc31c197f77c539eef  corporate/4.0/x86_64/cups-serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
 f0364ad9115ceb82978847ab6cdc66e1  corporate/4.0/x86_64/lib64cups2-1.2.4-0.5.20060mlcs4.x86_64.rpm
 d93d6cb48d60436c9f1b32181f82b6c7  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
 802a3f4c3167f06640d2a8c3394cb26c  corporate/4.0/x86_64/php-cups-1.2.4-0.5.20060mlcs4.x86_64.rpm 
 3a2b57f8a67c419bc74f09db58b6e789  corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team