Mandriva Linux Security Advisory 2009-282 - Multiple integer overflow, code execution, and denial of service issues have been addressed in cups. This update corrects the problems. Packages for 2008.0 are being provided due to extended support for Corporate products.
2ed7fd3e64b4d52cac44cf24c4a2e78258c45c2068922e4925cc949de7e1b07a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:282-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to g*allocn. (CVE-2009-0165)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of service
(crash) via a crafted PDF file that triggers a free of uninitialized
memory. (CVE-2009-0166)
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
(4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
an out-of-bounds read. (CVE-2009-0799)
Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-0800)
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF
file. (CVE-2009-1179)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
execute arbitrary code via a crafted PDF file that triggers a free
of invalid data. (CVE-2009-1180)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
a NULL pointer dereference. (CVE-2009-1181)
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-1182)
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang)
via a crafted PDF file. (CVE-2009-1183)
Two integer overflow flaws were found in the CUPS pdftops filter. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)
This update corrects the problems.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6b17f59f63c062c017c78d459dd2d89a 2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm
9bc5298d9895c356227fdda3a0ddb2c0 2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm
e3583883df8532fc8c496866dac713f8 2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm
fac1fcb839ad53322a447d4d39f769e3 2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm
3d65afc590fb8520d68b2a3e8e1da696 2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm
9e09ed22a2522ee45e93e0edc146193f 2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm
7427b1f56387e84db5a15aad85b424d2 2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm
67937a584d365d6b00ef688c88e8d7c5 2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm
410dc85c2c7b71ab316be5607c556682 2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm
64d6e14be8d93c7651ce5dc3e2ebc5bf 2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm
cc9af7e314b6eaa6a8f946fa2c27f298 2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm
0c6d3a6b5211e8506a89144b8c3a3cfb 2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm
c985516638ed4d8f792daa13bd506023 2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm
8d05619dcef538092696ce70998abd20 2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm
0bae2a3525b796882d2cc87853945e5a 2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
8249475feb3bdc74ea7060944baed6aa 2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm
83951504acb783cfdb8ec4fe48d31e1e 2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm
fa8a91e8e3bc8f11c19ab460d1f690fe 2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm
e061fdbeded2d97bb3ca6b34d33cb384 2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm
893235ea8cf23295ae961ea2de0b9903 2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm
9844640563afdef4a870e2ed12e58136 2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm
06ea824a6a2cd9360a9e75a14718192a 2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm
bb0eb04fa906a352e6738d08f116f89b 2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm
43d6a85dfdad7e969655ee4e2a377370 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm
eef29dde4b9e80d4c360e953cbe9110b 2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm
c74dc9f245091f451441d8b88f0beed3 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm
60345458274afc6ff480317fc408ec52 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm
0a880b9c0d655c10f5757882e30911f1 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm
eb6fde793ac0d7ea86df42aa22637807 2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm
7f475f07368ed9158008f2891dce2cd6 2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHXsgmqjQ0CJFipgRAu1fAKCINX1H5StX89GjMDWzGrEM1UiHeACeMLSY
a3mQtrfvoibfn29OFAfdSn0=
=lTbL
-----END PGP SIGNATURE-----