[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:282 ] cups



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:282
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : October 19, 2009
 Affected: 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in the JBIG2 decoder in
 Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
 other products allow remote attackers to cause a denial
 of service (crash) via a crafted PDF file, related to (1)
 JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
 and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
 
 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
 earlier allows remote attackers to cause a denial of service (daemon
 crash) and possibly execute arbitrary code via a crafted TIFF image,
 which is not properly handled by the (1) _cupsImageReadTIFF function
 in the imagetops filter and (2) imagetoraster filter, leading to a
 heap-based buffer overflow. (CVE-2009-0163)
 
 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
 as used in Poppler and other products, when running on Mac OS X,
 has unspecified impact, related to g*allocn. (CVE-2009-0165)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 and other products allows remote attackers to cause a denial of service
 (crash) via a crafted PDF file that triggers a free of uninitialized
 memory. (CVE-2009-0166)
 
 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
 and probably other products, allows remote attackers to execute
 arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
 segments (CVE-2009-0195).
 
 Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted
 PDF file that triggers a heap-based buffer overflow, possibly
 related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
 (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
 the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 an out-of-bounds read. (CVE-2009-0799)
 
 Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-0800)
 
 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
 does not properly initialize memory for IPP request packets, which
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and daemon crash) via a scheduler request with two
 consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)
 
 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
 CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
 allows remote attackers to execute arbitrary code via a crafted PDF
 file. (CVE-2009-1179)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 execute arbitrary code via a crafted PDF file that triggers a free
 of invalid data. (CVE-2009-1180)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 a NULL pointer dereference. (CVE-2009-1181)
 
 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-1182)
 
 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
 earlier, Poppler before 0.10.6, and other products allows remote
 attackers to cause a denial of service (infinite loop and hang)
 via a crafted PDF file. (CVE-2009-1183)
 
 Two integer overflow flaws were found in the CUPS pdftops filter. An
 attacker could create a malicious PDF file that would cause pdftops
 to crash or, potentially, execute arbitrary code as the lp user if
 the file was printed. (CVE-2009-3608, CVE-2009-3609)
 
 This update corrects the problems.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 5afef470fbd90b1ba91bb3c4ba83d3d9  2009.0/i586/acl-2.2.47-4.1mdv2009.0.i586.rpm
 f6c458ac101765b7be2b03983f5053e9  2009.0/i586/cups-1.3.10-0.2mdv2009.0.i586.rpm
 57e96e7061b8f648555171a54f4de57d  
2009.0/i586/cups-common-1.3.10-0.2mdv2009.0.i586.rpm
 9ceeca29ea654b5941ce9dc119d77915  
2009.0/i586/cups-serial-1.3.10-0.2mdv2009.0.i586.rpm
 3de9be03b7c47725cecce48a981623ec  
2009.0/i586/libacl1-2.2.47-4.1mdv2009.0.i586.rpm
 ad812a8c58c3d07c98262df1f3e3f45b  
2009.0/i586/libacl-devel-2.2.47-4.1mdv2009.0.i586.rpm
 6fddee7c9701335f4b6505ba1a125417  
2009.0/i586/libcups2-1.3.10-0.2mdv2009.0.i586.rpm
 668ee622e663fef6d458cfc08ac345a3  
2009.0/i586/libcups2-devel-1.3.10-0.2mdv2009.0.i586.rpm
 f02791fa357fd1b11d627184fe6023f9  
2009.0/i586/libpoppler3-0.8.7-2.3mdv2009.0.i586.rpm
 237284c6152a84eb858256a347250e31  
2009.0/i586/libpoppler-devel-0.8.7-2.3mdv2009.0.i586.rpm
 e6008cb60171a0f2ddbc76a394b87c4b  
2009.0/i586/libpoppler-glib3-0.8.7-2.3mdv2009.0.i586.rpm
 24755af7d9d2f4dee1c90fc592e9f576  
2009.0/i586/libpoppler-glib-devel-0.8.7-2.3mdv2009.0.i586.rpm
 d7e9ced5a0d7056a27ef2ca3df50188a  
2009.0/i586/libpoppler-qt2-0.8.7-2.3mdv2009.0.i586.rpm
 ddafea6d6ff4be8996d681b50e71360d  
2009.0/i586/libpoppler-qt4-3-0.8.7-2.3mdv2009.0.i586.rpm
 6debb46b2e51bb9abae8ae224f8db0f1  
2009.0/i586/libpoppler-qt4-devel-0.8.7-2.3mdv2009.0.i586.rpm
 f0fbc61c0e1d631e97f22f6a4d278c70  
2009.0/i586/libpoppler-qt-devel-0.8.7-2.3mdv2009.0.i586.rpm
 ca32c3f529c9a1e676ea8dacc3c6f888  
2009.0/i586/php-cups-1.3.10-0.2mdv2009.0.i586.rpm
 ab5e168e0e4d8e473f45b7a44fb1c8f0  
2009.0/i586/poppler-0.8.7-2.3mdv2009.0.i586.rpm 
 65c09a60591a58ae496b323e0e8fe86a  2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm
 089453e069614cf9f4a9b0b81e93706e  2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm
 be5c0733d2cdd537ac1eea6c995a940f  
2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a76ac52d03f6f4dc3fe1506801e1e21b  
2009.0/x86_64/acl-2.2.47-4.1mdv2009.0.x86_64.rpm
 525c24a89bab12d3e15b51b4c97d1358  
2009.0/x86_64/cups-1.3.10-0.2mdv2009.0.x86_64.rpm
 3571d5eb4f123e668b5adf69e986372b  
2009.0/x86_64/cups-common-1.3.10-0.2mdv2009.0.x86_64.rpm
 b39c9243e550ffc65de2237195bc26a4  
2009.0/x86_64/cups-serial-1.3.10-0.2mdv2009.0.x86_64.rpm
 2837588f649089d0821304b0805d340c  
2009.0/x86_64/lib64acl1-2.2.47-4.1mdv2009.0.x86_64.rpm
 cdfca8cfad651d282f96d40fd75a4596  
2009.0/x86_64/lib64acl-devel-2.2.47-4.1mdv2009.0.x86_64.rpm
 f6af0d4a008cfef6ee33d57e0d968833  
2009.0/x86_64/lib64cups2-1.3.10-0.2mdv2009.0.x86_64.rpm
 5b60fff9db65f33fef1e8b279d27297f  
2009.0/x86_64/lib64cups2-devel-1.3.10-0.2mdv2009.0.x86_64.rpm
 aae343ba528a86feb7f4f4ea958e6830  
2009.0/x86_64/lib64poppler3-0.8.7-2.3mdv2009.0.x86_64.rpm
 de8da0007d86c8331ab187f03f07f57b  
2009.0/x86_64/lib64poppler-devel-0.8.7-2.3mdv2009.0.x86_64.rpm
 3dde1055871d4ac1dad4a66017fd0b0a  
2009.0/x86_64/lib64poppler-glib3-0.8.7-2.3mdv2009.0.x86_64.rpm
 8ccbbd75f41f86c803eb9ccdca254d4c  
2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdv2009.0.x86_64.rpm
 a1daabbf13cded9a785d62f088c76661  
2009.0/x86_64/lib64poppler-qt2-0.8.7-2.3mdv2009.0.x86_64.rpm
 a2d283827fd14321ab42c8eda701b7f2  
2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdv2009.0.x86_64.rpm
 9e2f0f9b23c1365a0b1d49254aab3199  
2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdv2009.0.x86_64.rpm
 bb32350e6a9ee7a7be1b3562ed1282fc  
2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdv2009.0.x86_64.rpm
 cb750cc3313fdb7f045c85aa186735d5  
2009.0/x86_64/php-cups-1.3.10-0.2mdv2009.0.x86_64.rpm
 8882c7aef8572a7342db51dca0d0f444  
2009.0/x86_64/poppler-0.8.7-2.3mdv2009.0.x86_64.rpm 
 65c09a60591a58ae496b323e0e8fe86a  2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm
 089453e069614cf9f4a9b0b81e93706e  2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm
 be5c0733d2cdd537ac1eea6c995a940f  
2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 3d022011977e4a10551f4a56251ce5fa  mes5/i586/acl-2.2.47-4.1mdvmes5.i586.rpm
 c29a689a2db186046756a9e5e2c0a8f3  mes5/i586/cups-1.3.10-0.2mdvmes5.i586.rpm
 36e0bdd3bbf5e634b55d4694380c84dc  
mes5/i586/cups-common-1.3.10-0.2mdvmes5.i586.rpm
 00c15febde2ad95d12d7635661d47945  
mes5/i586/cups-serial-1.3.10-0.2mdvmes5.i586.rpm
 f4df21360fd911b246a12c1848e53581  mes5/i586/libacl1-2.2.47-4.1mdvmes5.i586.rpm
 8aea7eac71eac4b9149d80b4218af3c2  
mes5/i586/libacl-devel-2.2.47-4.1mdvmes5.i586.rpm
 2e9611bb9cefdb97750fe45670996543  mes5/i586/libcups2-1.3.10-0.2mdvmes5.i586.rpm
 1303d2339e5f85a9051385c6c1477e3b  
mes5/i586/libcups2-devel-1.3.10-0.2mdvmes5.i586.rpm
 5ffb04e2aeb3d81c715d321ca7f6493d  
mes5/i586/libopenslp1-1.2.1-8.1mdvmes5.i586.rpm
 5de6f8ac79499f879c2595c91233bbf3  
mes5/i586/libopenslp1-devel-1.2.1-8.1mdvmes5.i586.rpm
 8bb39d8ce2ad2d4709918445815208fc  
mes5/i586/libpoppler3-0.8.7-2.3mdvmes5.i586.rpm
 0e8f25804f2159b90fdd8e7095131588  
mes5/i586/libpoppler-devel-0.8.7-2.3mdvmes5.i586.rpm
 9ebc1e0b9b3c82859d739493a858cae9  
mes5/i586/libpoppler-glib3-0.8.7-2.3mdvmes5.i586.rpm
 51e64a439af77b2312767f7d644a6a4f  
mes5/i586/libpoppler-glib-devel-0.8.7-2.3mdvmes5.i586.rpm
 7c704efde4af7a2a210b5bccd2fedea2  
mes5/i586/libpoppler-qt2-0.8.7-2.3mdvmes5.i586.rpm
 ebfbf333cc37cb01a069228b6f4239b9  
mes5/i586/libpoppler-qt4-3-0.8.7-2.3mdvmes5.i586.rpm
 308efdd8971843a2d2d62e5259deb313  
mes5/i586/libpoppler-qt4-devel-0.8.7-2.3mdvmes5.i586.rpm
 b8ef53aed48f4495abbda78f967c6b03  
mes5/i586/libpoppler-qt-devel-0.8.7-2.3mdvmes5.i586.rpm
 41dbe03f2d9348e06e3ba8e3d1f26cc9  mes5/i586/openslp-1.2.1-8.1mdvmes5.i586.rpm
 4a30887d3b5cfbe996f6216dfd2af9de  mes5/i586/php-cups-1.3.10-0.2mdvmes5.i586.rpm
 e99f800df740a1104f2e55e454dba0e2  mes5/i586/poppler-0.8.7-2.3mdvmes5.i586.rpm 
 635e5f08f9bd9bcf938c7e6acc2bcd40  mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm
 45443396fd1b86d7d305d203f058d4f6  mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm
 3f7d68de39f4e1eed0c6095db6c69837  mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm
 6b77ace4f59963baf78a0ba041070cfe  mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3d95d16026af177290e0cea353da380c  mes5/x86_64/acl-2.2.47-4.1mdvmes5.x86_64.rpm
 cb71f3f8b76b599d72fa15930ead4194  mes5/x86_64/cups-1.3.10-0.2mdvmes5.x86_64.rpm
 c3580a98d4248e4746d1021800916675  
mes5/x86_64/cups-common-1.3.10-0.2mdvmes5.x86_64.rpm
 39c78f07835385585189c4c984eeb86c  
mes5/x86_64/cups-serial-1.3.10-0.2mdvmes5.x86_64.rpm
 b78b05598b1ddd50a0d5ffc1e63a9d5f  
mes5/x86_64/lib64acl1-2.2.47-4.1mdvmes5.x86_64.rpm
 10eb04184447f9a76052a4c57d99f7ab  
mes5/x86_64/lib64acl-devel-2.2.47-4.1mdvmes5.x86_64.rpm
 0696874c98c99972866e26d90ee38d6f  
mes5/x86_64/lib64cups2-1.3.10-0.2mdvmes5.x86_64.rpm
 4bd0ea0f775617400ce40b1c4f957603  
mes5/x86_64/lib64cups2-devel-1.3.10-0.2mdvmes5.x86_64.rpm
 7e545a67886d3a94f173b84531694cca  
mes5/x86_64/lib64openslp1-1.2.1-8.1mdvmes5.x86_64.rpm
 a084b392e3db81f7f7ba9886dc745a67  
mes5/x86_64/lib64openslp1-devel-1.2.1-8.1mdvmes5.x86_64.rpm
 a91173c222b22c42775e545bcd728a74  
mes5/x86_64/lib64poppler3-0.8.7-2.3mdvmes5.x86_64.rpm
 8b3196f11e5acded6268e8a3e5e2a855  
mes5/x86_64/lib64poppler-devel-0.8.7-2.3mdvmes5.x86_64.rpm
 d805bec2817b0479c45aa54fe36a4c06  
mes5/x86_64/lib64poppler-glib3-0.8.7-2.3mdvmes5.x86_64.rpm
 a5385b959453bfe0cd9f86083866dc18  
mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdvmes5.x86_64.rpm
 36bd4a56b2e0e681433f37bd06a10a81  
mes5/x86_64/lib64poppler-qt2-0.8.7-2.3mdvmes5.x86_64.rpm
 237b15170b5066ac55f8a8b4327b80bb  
mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdvmes5.x86_64.rpm
 06c3a86abdac6e1eeda86f916fe06026  
mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdvmes5.x86_64.rpm
 b5b086ecfbe4629ef2ab3d2d5472d655  
mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdvmes5.x86_64.rpm
 790c7f128775137459a5d406ddc05c8b  
mes5/x86_64/openslp-1.2.1-8.1mdvmes5.x86_64.rpm
 f21671c76a063dfd784ef9afa363777e  
mes5/x86_64/php-cups-1.3.10-0.2mdvmes5.x86_64.rpm
 39d5d335a1564962ac7868c53a2cb2a5  
mes5/x86_64/poppler-0.8.7-2.3mdvmes5.x86_64.rpm 
 635e5f08f9bd9bcf938c7e6acc2bcd40  mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm
 45443396fd1b86d7d305d203f058d4f6  mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm
 3f7d68de39f4e1eed0c6095db6c69837  mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm
 6b77ace4f59963baf78a0ba041070cfe  mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK3N0BmqjQ0CJFipgRAvcCAJ4hYpfRAN3/ki8VBji+B/PMrRZlUwCgqkiE
kgmoMK5ov330kU4qfIGFxlM=
=aISl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/