Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.
26f792baa8eac68c8351e87ce1a11aa8ddc0a8dc5454c7e57a98ebcc1aa8bbb4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:228
https://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : November 19, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Alin Rad Pop found several flaws in how PDF files are handled in cups.
An attacker could create a malicious PDF file that would cause cups
to crash or potentially execute arbitrary code when opened.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4-1.5mdv2007.0.i586.rpm
29fd652c383d4ea688336bc143f1e5cf 2007.0/i586/cups-common-1.2.4-1.5mdv2007.0.i586.rpm
6a6c275bf900887bc34325ef552f39ab 2007.0/i586/cups-serial-1.2.4-1.5mdv2007.0.i586.rpm
b2f487a129a0ae8cefd66bd89177f5bd 2007.0/i586/libcups2-1.2.4-1.5mdv2007.0.i586.rpm
853850aadbfed2e7a5fe76ddfd293990 2007.0/i586/libcups2-devel-1.2.4-1.5mdv2007.0.i586.rpm
cdeaa28956923402a8986821fb01ec53 2007.0/i586/php-cups-1.2.4-1.5mdv2007.0.i586.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
7df3b74de7c7d06ca7e750912993b85a 2007.0/x86_64/cups-1.2.4-1.5mdv2007.0.x86_64.rpm
7c8463926c7a618df34b5e31ddb3b80f 2007.0/x86_64/cups-common-1.2.4-1.5mdv2007.0.x86_64.rpm
49b51564f1e7ce0df1da99f7f86bff3c 2007.0/x86_64/cups-serial-1.2.4-1.5mdv2007.0.x86_64.rpm
e6c50f4ec69f14569036549ee1402beb 2007.0/x86_64/lib64cups2-1.2.4-1.5mdv2007.0.x86_64.rpm
0d4f42989dc3604a551cf1f9f4bb1c76 2007.0/x86_64/lib64cups2-devel-1.2.4-1.5mdv2007.0.x86_64.rpm
8a9a47b66a117d76b6612ac247ee76fb 2007.0/x86_64/php-cups-1.2.4-1.5mdv2007.0.x86_64.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-1.5mdv2007.0.src.rpm
Mandriva Linux 2007.1:
8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10-2.3mdv2007.1.i586.rpm
8d84223e130eb9039dd5e25dfcf47684 2007.1/i586/cups-common-1.2.10-2.3mdv2007.1.i586.rpm
c73459d19f605e2093fe8e7753510cf8 2007.1/i586/cups-serial-1.2.10-2.3mdv2007.1.i586.rpm
9f4e634eb3e900ffefd59562780a3f28 2007.1/i586/libcups2-1.2.10-2.3mdv2007.1.i586.rpm
fd0883a8e8243ff1ceb862f14b9f032b 2007.1/i586/libcups2-devel-1.2.10-2.3mdv2007.1.i586.rpm
bbb9b69f0e77c2e89f82328fa96a254f 2007.1/i586/php-cups-1.2.10-2.3mdv2007.1.i586.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b1ae2a278de78e5e90cd818af06c8869 2007.1/x86_64/cups-1.2.10-2.3mdv2007.1.x86_64.rpm
feb3659cf805bbb8d7d528ec00007416 2007.1/x86_64/cups-common-1.2.10-2.3mdv2007.1.x86_64.rpm
f10bf7760a46b9bf195d0ee2f0b20ad0 2007.1/x86_64/cups-serial-1.2.10-2.3mdv2007.1.x86_64.rpm
7dccd2d2bd22194c72821a2315be71f0 2007.1/x86_64/lib64cups2-1.2.10-2.3mdv2007.1.x86_64.rpm
1690756e08eed05d08b9b1dad4554a69 2007.1/x86_64/lib64cups2-devel-1.2.10-2.3mdv2007.1.x86_64.rpm
9d0f9f960a4e171d5b69a51650a0e97c 2007.1/x86_64/php-cups-1.2.10-2.3mdv2007.1.x86_64.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-2.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0-3.3mdv2008.0.i586.rpm
0f32262c9fd557a33653d346cf561eb0 2008.0/i586/cups-common-1.3.0-3.3mdv2008.0.i586.rpm
679603be0ff46880b67a8a526fc5e0f6 2008.0/i586/cups-serial-1.3.0-3.3mdv2008.0.i586.rpm
2c475b6dbc51abb97f4978fb38f805aa 2008.0/i586/libcups2-1.3.0-3.3mdv2008.0.i586.rpm
c8bfa0b793dc2f75c15f19e4822bb02d 2008.0/i586/libcups2-devel-1.3.0-3.3mdv2008.0.i586.rpm
002037d0c0296df0f488b6827abd3621 2008.0/i586/php-cups-1.3.0-3.3mdv2008.0.i586.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
908ceb359b83acc57734a535e1b7b7a5 2008.0/x86_64/cups-1.3.0-3.3mdv2008.0.x86_64.rpm
3ef9fbbffa74d7ea35ec501c074f6195 2008.0/x86_64/cups-common-1.3.0-3.3mdv2008.0.x86_64.rpm
b29c75dd2616451c33800772d77f6d22 2008.0/x86_64/cups-serial-1.3.0-3.3mdv2008.0.x86_64.rpm
7bc26d62f62bebfd13f748a3e1c92f40 2008.0/x86_64/lib64cups2-1.3.0-3.3mdv2008.0.x86_64.rpm
bd7fca05e68b64f71532007f0d3336b6 2008.0/x86_64/lib64cups2-devel-1.3.0-3.3mdv2008.0.x86_64.rpm
f8a5c7b8727652c48080c7d42ebbbb98 2008.0/x86_64/php-cups-1.3.0-3.3mdv2008.0.x86_64.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-3.3mdv2008.0.src.rpm
Corporate 3.0:
d8f8b23034ed04134c3adffe8900c3c0 corporate/3.0/i586/cups-1.1.20-5.14.C30mdk.i586.rpm
692d4cc10f27d0b032414bd49047a0d5 corporate/3.0/i586/cups-common-1.1.20-5.14.C30mdk.i586.rpm
f51f15805a46410360a735d266b05513 corporate/3.0/i586/cups-serial-1.1.20-5.14.C30mdk.i586.rpm
ac8c8341c807fe425b95b2d36e540632 corporate/3.0/i586/libcups2-1.1.20-5.14.C30mdk.i586.rpm
9e4381efa99b4259291d83ce12fbbfd1 corporate/3.0/i586/libcups2-devel-1.1.20-5.14.C30mdk.i586.rpm
dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm
Corporate 3.0/X86_64:
af60c4b209e2d7c8b2926152484d7a16 corporate/3.0/x86_64/cups-1.1.20-5.14.C30mdk.x86_64.rpm
04723ab4e6928c7c94509970ee3affe5 corporate/3.0/x86_64/cups-common-1.1.20-5.14.C30mdk.x86_64.rpm
633e04aa6a1a94e4c16ff06b80c5b0a1 corporate/3.0/x86_64/cups-serial-1.1.20-5.14.C30mdk.x86_64.rpm
8455649b95bd3ccbbbd83643355d0d9d corporate/3.0/x86_64/lib64cups2-1.1.20-5.14.C30mdk.x86_64.rpm
b0bb5f82abe5e63f2330a2ce3856d9fd corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.14.C30mdk.x86_64.rpm
dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-5.14.C30mdk.src.rpm
Corporate 4.0:
601bc4824031861920955ad8555aa4d7 corporate/4.0/i586/cups-1.2.4-0.5.20060mlcs4.i586.rpm
47167ce1b770bf583616d86a06e4b434 corporate/4.0/i586/cups-common-1.2.4-0.5.20060mlcs4.i586.rpm
8b12a32bd46ce350143b1722dbf76de2 corporate/4.0/i586/cups-serial-1.2.4-0.5.20060mlcs4.i586.rpm
7bded05fbaf5b485aef109404f0132f9 corporate/4.0/i586/libcups2-1.2.4-0.5.20060mlcs4.i586.rpm
09c2660b9004454c07b15d3e57124acc corporate/4.0/i586/libcups2-devel-1.2.4-0.5.20060mlcs4.i586.rpm
55eddc1759513c131465e61564977618 corporate/4.0/i586/php-cups-1.2.4-0.5.20060mlcs4.i586.rpm
3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1e3565148aa5da08a4b999b42d7763c8 corporate/4.0/x86_64/cups-1.2.4-0.5.20060mlcs4.x86_64.rpm
a1da7ffbc6fb5294967fde1b785dc7fa corporate/4.0/x86_64/cups-common-1.2.4-0.5.20060mlcs4.x86_64.rpm
306ffbfbf7606ffc31c197f77c539eef corporate/4.0/x86_64/cups-serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
f0364ad9115ceb82978847ab6cdc66e1 corporate/4.0/x86_64/lib64cups2-1.2.4-0.5.20060mlcs4.x86_64.rpm
d93d6cb48d60436c9f1b32181f82b6c7 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
802a3f4c3167f06640d2a8c3394cb26c corporate/4.0/x86_64/php-cups-1.2.4-0.5.20060mlcs4.x86_64.rpm
3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-0.5.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W
z5jyh/u/+4QFVsSocymKj/g=
=RkrY
-----END PGP SIGNATURE-----