[Security Announce] [ MDKSA-2007:204 ] - Updated cups packages fix vulnerability
Posted on: 11/01/2007 11:45 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:204
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : November 1, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS
that can be exploited by malicious individuals to execute arbitrary
code. This flaw is due to a boundary error when processing IPP
(Internet Printing Protocol) tags.

Updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
e23b399fd831bdd8c603c9e3b4c48ffc 2007.0/i586/cups-1.2.4-1.4mdv2007.0.i586.rpm
7c4e0384b1a191627b7f8e9a4ae9d4a6 2007.0/i586/cups-common-1.2.4-1.4mdv2007.0.i586.rpm
ce4b32b8af4fd0977deaafc74441c014 2007.0/i586/cups-serial-1.2.4-1.4mdv2007.0.i586.rpm
d06368c9caa68f936a5e6dda6e7fb5c6 2007.0/i586/libcups2-1.2.4-1.4mdv2007.0.i586.rpm
a244f21ce09342e9c315a344cf596d85 2007.0/i586/libcups2-devel-1.2.4-1.4mdv2007.0.i586.rpm
dc41bf3eb0d83fd03fcc34f289f8eb6c 2007.0/i586/php-cups-1.2.4-1.4mdv2007.0.i586.rpm
3b2e000cc3b936c3a8b7094f31a09397 2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a6628ec9ac0cbe200e088eda57a9c5bc 2007.0/x86_64/cups-1.2.4-1.4mdv2007.0.x86_64.rpm
2e58f927d087a003e00812d825ee22f5 2007.0/x86_64/cups-common-1.2.4-1.4mdv2007.0.x86_64.rpm
af7e07631f23b72dd253b1c577fd80ba 2007.0/x86_64/cups-serial-1.2.4-1.4mdv2007.0.x86_64.rpm
297711478022026dedc25fb7aafaf780 2007.0/x86_64/lib64cups2-1.2.4-1.4mdv2007.0.x86_64.rpm
c7d7c450464a5b4ce987b873374d7672 2007.0/x86_64/lib64cups2-devel-1.2.4-1.4mdv2007.0.x86_64.rpm
2f9d2f0042ec013c8f7a1bb6ee400165 2007.0/x86_64/php-cups-1.2.4-1.4mdv2007.0.x86_64.rpm
3b2e000cc3b936c3a8b7094f31a09397 2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

Mandriva Linux 2007.1:
b62822552fe48abaeced97000b1645a5 2007.1/i586/cups-1.2.10-2.2mdv2007.1.i586.rpm
4786bd22d5d34e824e06e28a3d1c2c39 2007.1/i586/cups-common-1.2.10-2.2mdv2007.1.i586.rpm
f97ec418e42340268ffd3f525b0bedbe 2007.1/i586/cups-serial-1.2.10-2.2mdv2007.1.i586.rpm
c70082109a3447dc47b873062d0d5a7d 2007.1/i586/libcups2-1.2.10-2.2mdv2007.1.i586.rpm
5ccaf6cc0d42c4d3c6c39fc7a5d1aa47 2007.1/i586/libcups2-devel-1.2.10-2.2mdv2007.1.i586.rpm
ea9bfd729bfeb62ec3abade783056406 2007.1/i586/php-cups-1.2.10-2.2mdv2007.1.i586.rpm
939f5648ef070af9f2280b0dc127e2fd 2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
76efedcbae8bb5d6bba0b53831b0c2a0 2007.1/x86_64/cups-1.2.10-2.2mdv2007.1.x86_64.rpm
a6391bf0397645a1d7c624b65dc4b5e6 2007.1/x86_64/cups-common-1.2.10-2.2mdv2007.1.x86_64.rpm
26fbf6292b5c24aa357485d6739a030b 2007.1/x86_64/cups-serial-1.2.10-2.2mdv2007.1.x86_64.rpm
055ae27cc25345cfe93f672b3f3d3dea 2007.1/x86_64/lib64cups2-1.2.10-2.2mdv2007.1.x86_64.rpm
8c46ae6621d662416c6fd48eb900c3fa 2007.1/x86_64/lib64cups2-devel-1.2.10-2.2mdv2007.1.x86_64.rpm
5bf659a25b401d796a8107e61f71d824 2007.1/x86_64/php-cups-1.2.10-2.2mdv2007.1.x86_64.rpm
939f5648ef070af9f2280b0dc127e2fd 2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
a2953f5265fb935eb21b2395bd5e48a5 2008.0/i586/cups-1.3.0-3.1mdv2008.0.i586.rpm
8d2ee10edb681cffab4bf1b63d327857 2008.0/i586/cups-common-1.3.0-3.1mdv2008.0.i586.rpm
f2487ba24e5f4281892a8295377b9bd7 2008.0/i586/cups-serial-1.3.0-3.1mdv2008.0.i586.rpm
3de803df9e94fb17280953ab8e3e43cc 2008.0/i586/libcups2-1.3.0-3.1mdv2008.0.i586.rpm
27ac1ea66b531ebec1b5c8cfc16e782a 2008.0/i586/libcups2-devel-1.3.0-3.1mdv2008.0.i586.rpm
f1ea38b7d9d6e840fc94b9b6abe1e302 2008.0/i586/php-cups-1.3.0-3.1mdv2008.0.i586.rpm
6fc544ca63eecd0baaae2235d46c31b4 2008.0/SRPMS/cups-1.3.0-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e50c2e551dddb674dddd69ac6eb92c8a 2008.0/x86_64/cups-1.3.0-3.1mdv2008.0.x86_64.rpm
45a3a9b26a88c9a218390535bbc07a5c 2008.0/x86_64/cups-common-1.3.0-3.1mdv2008.0.x86_64.rpm
ef765e8642ed2a2bfb3ff2d48f6ccff6 2008.0/x86_64/cups-serial-1.3.0-3.1mdv2008.0.x86_64.rpm
de91abd87fba62eccf56f6297afde42b 2008.0/x86_64/lib64cups2-1.3.0-3.1mdv2008.0.x86_64.rpm
b6668430e0d7de9409a4944183017c77 2008.0/x86_64/lib64cups2-devel-1.3.0-3.1mdv2008.0.x86_64.rpm
5b2387f00099aa746837651648e1ad86 2008.0/x86_64/php-cups-1.3.0-3.1mdv2008.0.x86_64.rpm
6fc544ca63eecd0baaae2235d46c31b4 2008.0/SRPMS/cups-1.3.0-3.1mdv2008.0.src.rpm

Corporate 3.0:
15d47f4a424509184dd470da0367e4d7 corporate/3.0/i586/cups-1.1.20-5.13.C30mdk.i586.rpm
919fcbbbaf3d98be034b99c8557ca077 corporate/3.0/i586/cups-common-1.1.20-5.13.C30mdk.i586.rpm
4afd975f1d917bdc4295efeff6da7b59 corporate/3.0/i586/cups-serial-1.1.20-5.13.C30mdk.i586.rpm
73cc314ecb9ad5667521b0c25c4bde6b corporate/3.0/i586/libcups2-1.1.20-5.13.C30mdk.i586.rpm
f735244992f18a5edcf6911b7a755072 corporate/3.0/i586/libcups2-devel-1.1.20-5.13.C30mdk.i586.rpm
6e7caebc791076f1b7be6e01feb32843 corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
8ac0fa6a86ad44b1542ed2a6917058f0 corporate/3.0/x86_64/cups-1.1.20-5.13.C30mdk.x86_64.rpm
592aa5849264c2e83973b9e0025e6686 corporate/3.0/x86_64/cups-common-1.1.20-5.13.C30mdk.x86_64.rpm
d57eb8c52fd2caacebacf5374915fa3d corporate/3.0/x86_64/cups-serial-1.1.20-5.13.C30mdk.x86_64.rpm
f96e95f4c460456c4e7fc939245e2c92 corporate/3.0/x86_64/lib64cups2-1.1.20-5.13.C30mdk.x86_64.rpm
a10a7345e5d8854d51cfd3f8b1ace568 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.13.C30mdk.x86_64.rpm
6e7caebc791076f1b7be6e01feb32843 corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

Corporate 4.0:
a0f3d078a74b2c53e4584bb38cce9a3c corporate/4.0/i586/cups-1.2.4-0.4.20060mlcs4.i586.rpm
d6d6ad7ccc2a10e2afef7c4df1ff356f corporate/4.0/i586/cups-common-1.2.4-0.4.20060mlcs4.i586.rpm
acdb601c9b45c6c3aac33a8c35511df1 corporate/4.0/i586/cups-serial-1.2.4-0.4.20060mlcs4.i586.rpm
92dbd07ab275e28ef5e9389b0ba41044 corporate/4.0/i586/libcups2-1.2.4-0.4.20060mlcs4.i586.rpm
5d785917c935e1be68259d6ddcc39c34 corporate/4.0/i586/libcups2-devel-1.2.4-0.4.20060mlcs4.i586.rpm
30178e2b49f94797265f8bd5521f4feb corporate/4.0/i586/php-cups-1.2.4-0.4.20060mlcs4.i586.rpm
c69b9cb3c9cc0195754ad0abbba86909 corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
94a66b9c5c857dac0608740b59d3c7d3 corporate/4.0/x86_64/cups-1.2.4-0.4.20060mlcs4.x86_64.rpm
8b85a0601a5140a2124f6f4a226636ab corporate/4.0/x86_64/cups-common-1.2.4-0.4.20060mlcs4.x86_64.rpm
626e94c62eb6a8542218add3acf5643d corporate/4.0/x86_64/cups-serial-1.2.4-0.4.20060mlcs4.x86_64.rpm
8981312a07b0073590a0a9fe47d84fa4 corporate/4.0/x86_64/lib64cups2-1.2.4-0.4.20060mlcs4.x86_64.rpm
52c5bcce946a258be2961cfc0aeac04c corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.4.20060mlcs4.x86_64.rpm
b93fee3d490982b27af59c547c82ea26 corporate/4.0/x86_64/php-cups-1.2.4-0.4.20060mlcs4.x86_64.rpm
c69b9cb3c9cc0195754ad0abbba86909 corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHKg0pmqjQ0CJFipgRAm7rAJ9DbE0ifwt++PgAsGkZubl7/XMpPgCeJmnH
Lbv+H8gJvXS25ZSt2Bi04gk=
=7SuA
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007204__updated_cups_packages_fix_vulnerability.html)