[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:283 ] cups



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:283
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : October 19, 2009
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in the JBIG2 decoder in
 Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
 other products allow remote attackers to cause a denial
 of service (crash) via a crafted PDF file, related to (1)
 JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
 and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
 
 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
 earlier allows remote attackers to cause a denial of service (daemon
 crash) and possibly execute arbitrary code via a crafted TIFF image,
 which is not properly handled by the (1) _cupsImageReadTIFF function
 in the imagetops filter and (2) imagetoraster filter, leading to a
 heap-based buffer overflow. (CVE-2009-0163)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 and other products allows remote attackers to cause a denial of service
 (crash) via a crafted PDF file that triggers a free of uninitialized
 memory. (CVE-2009-0166)
 
 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
 and probably other products, allows remote attackers to execute
 arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
 segments (CVE-2009-0195).
 
 Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted
 PDF file that triggers a heap-based buffer overflow, possibly
 related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
 (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
 the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 an out-of-bounds read. (CVE-2009-0799)
 
 Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-0800)
 
 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
 does not properly initialize memory for IPP request packets, which
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and daemon crash) via a scheduler request with two
 consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)
 
 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
 CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
 allows remote attackers to execute arbitrary code via a crafted PDF
 file. (CVE-2009-1179)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 execute arbitrary code via a crafted PDF file that triggers a free
 of invalid data. (CVE-2009-1180)
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
 Poppler before 0.10.6, and other products allows remote attackers to
 cause a denial of service (crash) via a crafted PDF file that triggers
 a NULL pointer dereference. (CVE-2009-1181)
 
 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
 other products allow remote attackers to execute arbitrary code via
 a crafted PDF file. (CVE-2009-1182)
 
 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
 earlier, Poppler before 0.10.6, and other products allows remote
 attackers to cause a denial of service (infinite loop and hang)
 via a crafted PDF file. (CVE-2009-1183)
 
 The directory-services functionality in the scheduler in CUPS 1.1.17
 and 1.1.22 allows remote attackers to cause a denial of service (cupsd
 daemon outage or crash) via manipulations of the timing of CUPS browse
 packets, related to a pointer use-after-delete flaw. (CVE-2009-1196)
 
 Two integer overflow flaws were found in the CUPS pdftops filter. An
 attacker could create a malicious PDF file that would cause pdftops
 to crash or, potentially, execute arbitrary code as the lp user if
 the file was printed. (CVE-2009-3608, CVE-2009-3609)
 
 This update corrects the problems.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1196
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 86301a5d5c962256a88d4e15faba9bbf  
corporate/3.0/i586/cups-1.1.20-5.21.C30mdk.i586.rpm
 378811817692045b489880711aa46c85  
corporate/3.0/i586/cups-common-1.1.20-5.21.C30mdk.i586.rpm
 b0b493387f5b0a67eb1bfa7b2cda1152  
corporate/3.0/i586/cups-serial-1.1.20-5.21.C30mdk.i586.rpm
 7236d2f3677e5f6e2ea740e291e145d5  
corporate/3.0/i586/libcups2-1.1.20-5.21.C30mdk.i586.rpm
 b6959ae680668c17cb2dc84077bfb1a8  
corporate/3.0/i586/libcups2-devel-1.1.20-5.21.C30mdk.i586.rpm 
 902b2ecfff8325312ad095425ec6b31b  
corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 633954b881b4a13641c71f5d8937d70e  
corporate/3.0/x86_64/cups-1.1.20-5.21.C30mdk.x86_64.rpm
 b1f94eafb660f6df4f1a7bf5a59f48b7  
corporate/3.0/x86_64/cups-common-1.1.20-5.21.C30mdk.x86_64.rpm
 6962c849474e00d4381f68ce0d700baa  
corporate/3.0/x86_64/cups-serial-1.1.20-5.21.C30mdk.x86_64.rpm
 775f8c2232eb751dae3fbd5aa347c31b  
corporate/3.0/x86_64/lib64cups2-1.1.20-5.21.C30mdk.x86_64.rpm
 ec752b939267cf785a76161388d63b89  
corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.21.C30mdk.x86_64.rpm 
 902b2ecfff8325312ad095425ec6b31b  
corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 c998b8245740f55a475014ab84aa72c6  mnf/2.0/i586/cups-1.1.20-5.21.M20mdk.i586.rpm
 caff03b6b69c0dc6dcf5b0e56bc583c3  
mnf/2.0/i586/cups-common-1.1.20-5.21.M20mdk.i586.rpm
 f4f7b5894f97f371dcaa84347170642c  
mnf/2.0/i586/cups-serial-1.1.20-5.21.M20mdk.i586.rpm
 ae0eb99fdc9ce79efff159a5dcd3d64e  
mnf/2.0/i586/libcups2-1.1.20-5.21.M20mdk.i586.rpm
 8e701f7caa03cd8d1bb42566965506e6  
mnf/2.0/i586/libcups2-devel-1.1.20-5.21.M20mdk.i586.rpm 
 10e3ff36714b79b806b62137b3d7d246  mnf/2.0/SRPMS/cups-1.1.20-5.21.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK3OH6mqjQ0CJFipgRAsUOAKDHMqs7e509FxXN+hRs3MuoXG+hbACgxBLI
92SOL+8x2GTGblZj+/qsM7o=
=ZAtW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/