MDKSA-2005:138 - Updated cups packages fix vulnerability
Posted on: 08/11/2005 07:31 PM

The Mandriva Security Team has published a new security update: MDKSA-2005:138 - Updated cups packages fix vulnerability for Mandriva Linux.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: cups
Advisory ID: MDKSA-2005:138
Date: August 11th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability was discovered in the CUPS printing package where
when processing a PDF file, bounds checking was not correctly
performed on some fields. As a result, this could cause the pdtops
filter to crash.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
5d48bca988287653dd56975cc47a9011 10.0/RPMS/cups-1.1.20-5.8.100mdk.i586.rpm
4766df09a7d3dab61dff26d18210607e 10.0/RPMS/cups-common-1.1.20-5.8.100mdk.i586.rpm
01d3f0e9fbca7245d29e0008f511379e 10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.i586.rpm
f654610a508b60e19a9fdd909a36ca50 10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm
2a8b8d18b2f3aafec1b3f5a6e27c8f76 10.0/RPMS/libcups2-devel-1.1.20-5.8.100mdk.i586.rpm
e8fbda4a5bc004645231929662b461f0 10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e6c500410c6737912b341994c1079a02 amd64/10.0/RPMS/cups-1.1.20-5.8.100mdk.amd64.rpm
290cbd28249758d012ce0f6405fe8bb7 amd64/10.0/RPMS/cups-common-1.1.20-5.8.100mdk.amd64.rpm
a23b7e1868ff06db1c3358ddad003e08 amd64/10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.amd64.rpm
501e5559e13ab873eb84ee7449258c2c amd64/10.0/RPMS/lib64cups2-1.1.20-5.8.100mdk.amd64.rpm
39270cd3e6719b3a531c748a85d005e9 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.8.100mdk.amd64.rpm
f654610a508b60e19a9fdd909a36ca50 amd64/10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm
e8fbda4a5bc004645231929662b461f0 amd64/10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm

Mandrakelinux 10.1:
175bc89b8c2aa3f49f3b264eb3d11c08 10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.i586.rpm
a0f2a26a2c03c4eeb4b2d8c0edead1d7 10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.i586.rpm
f266721618d085b9039f5dca9674ecb2 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.i586.rpm
631dbfd315035444776fd6cf95cf6acd 10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm
d35a97d673a4ac95ace0a42537f88025 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.6.101mdk.i586.rpm
63feebc89515a0df9119c425c4a35884 10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
d36a3f804109352ab330793e97e1a0de x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
b50419737107d955258878707d575935 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
0d9a6b76fc5eae9190f73ad14f5cfbc2 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
7782f4c85b11d9eaf980488b84d06e93 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
ed0fe1a09d4564c4495bacb221df847d x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
631dbfd315035444776fd6cf95cf6acd x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm
63feebc89515a0df9119c425c4a35884 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm

Mandrakelinux 10.2:
c1ef8da952cd9e56e2746be2b0bb5bd9 10.2/RPMS/cups-1.1.23-11.1.102mdk.i586.rpm
736fd01eacca34d04607795d1ef6547f 10.2/RPMS/cups-common-1.1.23-11.1.102mdk.i586.rpm
7d9dabe327857b8295bca0c689725732 10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.i586.rpm
829d2177b1f7317e5a8cde837aca55b4 10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm
16a599e6757a5bd5ed6820833d968b33 10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm
27c0d389d9a85467c9a70944b4362ec4 10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
3a1ccbf7ae89e47c1778f3c5997b178f x86_64/10.2/RPMS/cups-1.1.23-11.1.102mdk.x86_64.rpm
d3275ccee68d7429fda7ba20f89c518c x86_64/10.2/RPMS/cups-common-1.1.23-11.1.102mdk.x86_64.rpm
e665f3d80d4e13de539d9fa39a16d22e x86_64/10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.x86_64.rpm
9b5863c09729384a019f725d6861839e x86_64/10.2/RPMS/lib64cups2-1.1.23-11.1.102mdk.x86_64.rpm
63770318c658c4186d7d57a2208ed46a x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.1.102mdk.x86_64.rpm
829d2177b1f7317e5a8cde837aca55b4 x86_64/10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm
16a599e6757a5bd5ed6820833d968b33 x86_64/10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm
27c0d389d9a85467c9a70944b4362ec4 x86_64/10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm

Corporate Server 2.1:
cf770f5bf37c8318ba77c5fcde438172 corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.i586.rpm
524af59e822beba950b117106a1f96ed corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.i586.rpm
5be445e71199134e69dabe35c1e3be7d corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.i586.rpm
a54a56a116a971a49bf2f0bdbb68e94f corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.i586.rpm
77365811d8997c9ffe4495b27005dfa6 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.i586.rpm
20c930c0306bfd6294ac99f4e479b61b corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
65685f8e7a1d812a02e9cb589b2bce69 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.x86_64.rpm
aadb1a546919cc920ebec02d2bc49cfd x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.x86_64.rpm
5cfc03537c65469e4d639ef0b70cae89 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.x86_64.rpm
5dcab751c4e4882492824dbcc7cb68d3 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.x86_64.rpm
0277512cc9357f1644abb49f3a514b9d x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.x86_64.rpm
20c930c0306bfd6294ac99f4e479b61b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm

Corporate 3.0:
ada77f1b64381034566313eb87f809c9 corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.i586.rpm
55be908096a2354e98f661ce596b2361 corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.i586.rpm
9d2b28df649b1a96e3937839adac1933 corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.i586.rpm
3dde8924c65df2232a1e908605a25c67 corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm
8aa74d6b8b151d6ca0520c8d8b23cab1 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.8.C30mdk.i586.rpm
e0606323bf662289f25298c29d64faed corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
88a009de39c8d2f7fa137c0f113ccac2 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.x86_64.rpm
7512d729ba5767b120390dd65b2d32d5 x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.x86_64.rpm
15c7f2318320357a8a54d3aa10206a99 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.x86_64.rpm
a685089585d71ba77578a25187d4970c x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.8.C30mdk.x86_64.rpm
89507149b4b041b3d954e7c2e97c0feb x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.8.C30mdk.x86_64.rpm
3dde8924c65df2232a1e908605a25c67 x86_64/corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm
e0606323bf662289f25298c29d64faed x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7Q2mqjQ0CJFipgRArJqAJ9Ct27CrTdqO+IWgn7o/t8y3QxvkACgxyg1
Kl+kyirBMLuNwZYU7mPLmpk=
=HdMX
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005138__updated_cups_packages_fix__vulnerability.html)