-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:165 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : August 15, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: bc5c292cb44c5b23b1d2a71d3fa2b0d7 2007.0/i586/cups-1.2.4-1.3mdv2007.0.i586.rpm 51a9181da44c0d47eb4ff162c345b3bc 2007.0/i586/cups-common-1.2.4-1.3mdv2007.0.i586.rpm 12b97a05c0de65da4b431409099ab44d 2007.0/i586/cups-serial-1.2.4-1.3mdv2007.0.i586.rpm b1b9ac484a0aa2d6f0a22b343a3f3053 2007.0/i586/libcups2-1.2.4-1.3mdv2007.0.i586.rpm 22ba1b567aa18e25ea2c463f9d42b38a 2007.0/i586/libcups2-devel-1.2.4-1.3mdv2007.0.i586.rpm a404b43af035362b8cd26d997a01b56d 2007.0/i586/php-cups-1.2.4-1.3mdv2007.0.i586.rpm 49350086e2842ab233b3d92c2a79cb74 2007.0/SRPMS/cups-1.2.4-1.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: d9b9b692146d84ce62202b82cfb0e099 2007.0/x86_64/cups-1.2.4-1.3mdv2007.0.x86_64.rpm 9c0ee78ece4907629c32e49999725ae1 2007.0/x86_64/cups-common-1.2.4-1.3mdv2007.0.x86_64.rpm 65b47df2465d223dbc63b994bc5e6b2c 2007.0/x86_64/cups-serial-1.2.4-1.3mdv2007.0.x86_64.rpm 863599d5fcf8c363904a85e430e6ea7b 2007.0/x86_64/lib64cups2-1.2.4-1.3mdv2007.0.x86_64.rpm ed8893fe12e79b60c5ca237ba8c3c266 2007.0/x86_64/lib64cups2-devel-1.2.4-1.3mdv2007.0.x86_64.rpm dd709f0b91f094beafca3c884b2dc6be 2007.0/x86_64/php-cups-1.2.4-1.3mdv2007.0.x86_64.rpm 49350086e2842ab233b3d92c2a79cb74 2007.0/SRPMS/cups-1.2.4-1.3mdv2007.0.src.rpm Mandriva Linux 2007.1: b0fea359db4550d3a0a470bb63f54802 2007.1/i586/cups-1.2.10-2.1mdv2007.1.i586.rpm 33ca0ca44541e48450fdb0f66930911e 2007.1/i586/cups-common-1.2.10-2.1mdv2007.1.i586.rpm a6e6647a4d775e6b10c15a789b665803 2007.1/i586/cups-serial-1.2.10-2.1mdv2007.1.i586.rpm 68b54b65768eb27f9375cf1d27410667 2007.1/i586/libcups2-1.2.10-2.1mdv2007.1.i586.rpm 2111937c855120bcb39369e01876986f 2007.1/i586/libcups2-devel-1.2.10-2.1mdv2007.1.i586.rpm 50836afba4b9d09eda062a9f8db0cedf 2007.1/i586/php-cups-1.2.10-2.1mdv2007.1.i586.rpm 281d9330375f2f6786bf1cec3b857f16 2007.1/SRPMS/cups-1.2.10-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: cc3d74326d5a7bbc275500cb93aceb21 2007.1/x86_64/cups-1.2.10-2.1mdv2007.1.x86_64.rpm d2cd0fa7109515d54c5cf62c8c7b0c51 2007.1/x86_64/cups-common-1.2.10-2.1mdv2007.1.x86_64.rpm 52ef39d226ad04aafe40f657524f6e5b 2007.1/x86_64/cups-serial-1.2.10-2.1mdv2007.1.x86_64.rpm eb3c01016b5a36c22b147b8568e7dce8 2007.1/x86_64/lib64cups2-1.2.10-2.1mdv2007.1.x86_64.rpm d6aa91b7379aa0781382f86fd3142269 2007.1/x86_64/lib64cups2-devel-1.2.10-2.1mdv2007.1.x86_64.rpm a612257a048d439cfb9c96577a090516 2007.1/x86_64/php-cups-1.2.10-2.1mdv2007.1.x86_64.rpm 281d9330375f2f6786bf1cec3b857f16 2007.1/SRPMS/cups-1.2.10-2.1mdv2007.1.src.rpm Corporate 3.0: 69dd24d3b4eda222dd8536750e520db9 corporate/3.0/i586/cups-1.1.20-5.12.C30mdk.i586.rpm e11cef8e543f2f7318dda54f21ed2e50 corporate/3.0/i586/cups-common-1.1.20-5.12.C30mdk.i586.rpm 0c031620f862e1baf7d1f4e874af6d5b corporate/3.0/i586/cups-serial-1.1.20-5.12.C30mdk.i586.rpm c6f4b0fd2455eb058c04afa75a7507a0 corporate/3.0/i586/libcups2-1.1.20-5.12.C30mdk.i586.rpm d61b22abb21eef055f6cc692faef3a2b corporate/3.0/i586/libcups2-devel-1.1.20-5.12.C30mdk.i586.rpm a3bb3c90aed9f2cb337e1edeb2147d33 corporate/3.0/SRPMS/cups-1.1.20-5.12.C30mdk.src.rpm Corporate 3.0/X86_64: 80e6638c7748278e9e463da6b91b972c corporate/3.0/x86_64/cups-1.1.20-5.12.C30mdk.x86_64.rpm 26f68b2419949766430ecd9cb8eb5f9c corporate/3.0/x86_64/cups-common-1.1.20-5.12.C30mdk.x86_64.rpm b1ae56a1bf0f239096cba8879aa32232 corporate/3.0/x86_64/cups-serial-1.1.20-5.12.C30mdk.x86_64.rpm 28d68209a485a554bfb09e58d34b5c5d corporate/3.0/x86_64/lib64cups2-1.1.20-5.12.C30mdk.x86_64.rpm 9cb83abf75a5a31f74964679e647ab76 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.12.C30mdk.x86_64.rpm a3bb3c90aed9f2cb337e1edeb2147d33 corporate/3.0/SRPMS/cups-1.1.20-5.12.C30mdk.src.rpm Corporate 4.0: 06550a8de7de77d09c0dd1b091a8e361 corporate/4.0/i586/cups-1.2.4-0.3.20060mlcs4.i586.rpm 4c4204f856c13107ddd3c2d1a7b68f3a corporate/4.0/i586/cups-common-1.2.4-0.3.20060mlcs4.i586.rpm 57f9710a036bb3a9ee5bcc934fcfa4da corporate/4.0/i586/cups-serial-1.2.4-0.3.20060mlcs4.i586.rpm 67f0dd5f82523296827b6522a599c88a corporate/4.0/i586/libcups2-1.2.4-0.3.20060mlcs4.i586.rpm e7c9f43b15951c4089660b1d604b12c7 corporate/4.0/i586/libcups2-devel-1.2.4-0.3.20060mlcs4.i586.rpm 81613d8a526b6c005e24b291779d80e0 corporate/4.0/i586/php-cups-1.2.4-0.3.20060mlcs4.i586.rpm 9e10e3a5bab8431fd5b90f7d3d73bc35 corporate/4.0/SRPMS/cups-1.2.4-0.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 762970c5f9a7be75423be981e28568db corporate/4.0/x86_64/cups-1.2.4-0.3.20060mlcs4.x86_64.rpm 432d0593eb6165186a527d65d59ef774 corporate/4.0/x86_64/cups-common-1.2.4-0.3.20060mlcs4.x86_64.rpm d171f3d1be0d10f68a1875b2007b4559 corporate/4.0/x86_64/cups-serial-1.2.4-0.3.20060mlcs4.x86_64.rpm 2dd3e283bb805f06ba00cdb17c12fd0a corporate/4.0/x86_64/lib64cups2-1.2.4-0.3.20060mlcs4.x86_64.rpm 0d0040e62a7bcb83c957e0ee70885764 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.3.20060mlcs4.x86_64.rpm 0abd4c82d63895d928f90332d02eb962 corporate/4.0/x86_64/php-cups-1.2.4-0.3.20060mlcs4.x86_64.rpm 9e10e3a5bab8431fd5b90f7d3d73bc35 corporate/4.0/SRPMS/cups-1.2.4-0.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwy5VmqjQ0CJFipgRAr4oAJ9A6hA9CZIk5GR3Ud779v61CO74eQCfTBUZ 54eeSvI8Cpsr45fO17Y3gmU= =aWcj -----END PGP SIGNATURE-----