-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:096-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : printer-drivers Date : April 24, 2009 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). This update provides fixes for that vulnerabilities. Update: The previous update went with a wrong require version of perl-base in the foomatic-db-engine package. It is fixed on this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 _______________________________________________________________________ Updated Packages: Corporate 3.0: 96dbc60a93ce4a6763d2455faf174a7b corporate/3.0/i586/cups-drivers-1.1-138.7.C30mdk.i586.rpm 22dc1a762f9a3a2fe5d7110b5eba3455 corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.i586.rpm d2c14e583a164b7869cf948e3c9807fa corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.i586.rpm bac7e6a9dc1c0001ce0e52ca46478ef8 corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.i586.rpm d21db35d010cec004a08b81ea931e099 corporate/3.0/i586/ghostscript-7.07-19.7.C30mdk.i586.rpm 4a5ff90f604335520030e009c9bfa88f corporate/3.0/i586/ghostscript-module-X-7.07-19.7.C30mdk.i586.rpm 4f7585ce74121c1d5ac778502514b282 corporate/3.0/i586/gimpprint-4.2.7-2.7.C30mdk.i586.rpm 5d151dd1c5722bc6772f50906f1f8021 corporate/3.0/i586/libgimpprint1-4.2.7-2.7.C30mdk.i586.rpm 6451feff86856479e8a35ebf49f185f4 corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.7.C30mdk.i586.rpm c4d87b25765d2db2efe1e45ad6ef9e16 corporate/3.0/i586/libijs0-0.34-76.7.C30mdk.i586.rpm 76d95e81afaba7c85f2263fb24a98ee8 corporate/3.0/i586/libijs0-devel-0.34-76.7.C30mdk.i586.rpm 2e816acf32ad22a5297565750840fa35 corporate/3.0/i586/printer-filters-1.0-138.7.C30mdk.i586.rpm 480c4991734be95df224865468a45e9a corporate/3.0/i586/printer-testpages-1.0-138.7.C30mdk.i586.rpm 5d0845002a84eb2a8c341039ce64a2fc corporate/3.0/i586/printer-utils-1.0-138.7.C30mdk.i586.rpm 903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm Corporate 3.0/X86_64: a45bd1c244e8c09768e8482ef0db740a corporate/3.0/x86_64/cups-drivers-1.1-138.7.C30mdk.x86_64.rpm 42836893a4f590eede9ffe95309c44f5 corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm 97681dcc24ba1d656f5ccb90a3dc9551 corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm 7988477ee8ec84c17d404300db27de1e corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm dc7d3d21e5311227c9c7326e31b4a5b5 corporate/3.0/x86_64/ghostscript-7.07-19.7.C30mdk.x86_64.rpm caf9a2010f126f6c5e75204ce97ae2a0 corporate/3.0/x86_64/ghostscript-module-X-7.07-19.7.C30mdk.x86_64.rpm 2b3ac0b759e0695a80a12f23f8f5e26a corporate/3.0/x86_64/gimpprint-4.2.7-2.7.C30mdk.x86_64.rpm 3bf97787fedfe9e9f4348c77a8aca100 corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.7.C30mdk.x86_64.rpm 9653764019d8fad3994332efd55a541a corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.7.C30mdk.x86_64.rpm 0d818179492f74a124d6bd28a3e2afe4 corporate/3.0/x86_64/lib64ijs0-0.34-76.7.C30mdk.x86_64.rpm ca55063d9e24ac47784e6f5606bdc981 corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.7.C30mdk.x86_64.rpm 0e8cc9cc04b70fc207ebd843cd82bf5d corporate/3.0/x86_64/printer-filters-1.0-138.7.C30mdk.x86_64.rpm ddf46b5e1937b911e7f8650ddc569798 corporate/3.0/x86_64/printer-testpages-1.0-138.7.C30mdk.x86_64.rpm f90b734db08f01cac31a7f3b8c86528f corporate/3.0/x86_64/printer-utils-1.0-138.7.C30mdk.x86_64.rpm 903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ9caLmqjQ0CJFipgRAq0AAKDMk/At0KOjwv8z1lMVVONLt8oU3ACg18sa /GHaS3O+LLgMH6XSBnHCfiE= =YDBP -----END PGP SIGNATURE-----