Paketname
cups
Datum
2008-04-02
Advisory ID
MDVSA-2008:081
Betroffene Versionen
CS4.0 i586 , CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problembeschreibung

A heap-based buffer overflow in CUPS 1.2.x and later was discovered by
regenrecht of VeriSign iDenfense that could allow a remote attacker
to execute arbitrary code via a crafted CGI search expression
(CVE-2008-0047).

A validation error in the Hp-GL/2 filter was also discovered
(CVE-2008-0053).

Finally, a vulnerability in how CUPS handled GIF files was found by
Tomas Hoger of Red Hat, similar to previous issues corrected in PHP,
gd, tk, netpbm, and SDL_image (CVE-2008-1373).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

CS4.0 i586

 a091b07a3a414304cf24e76ab99d3afe  corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm
 4cabdbd655b65028ee5bdfb3452f4506  corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm
 534437dd5a286f0484df0e2cdfd9e636  corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm
 0dd449c47be977964034d699749738f7  corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm
 6aad89786cfec35bc5e81eb3a1dc8cd4  corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm
 fc46181aa746a4f637d66681fb975560  corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm 
 83a55c89caf98419e9f76b58c6bee2e5  corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm

CS4.0 x86_64

 7c7624e35383c614691e4063215f8d65  corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm
 17f29e8614a988900a09305adfd1c85b  corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm
 773484820406d7285608081cb7e262d2  corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm
 a53e7a817a42ccc1ac5a5daa7602c4d8  corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm
 ad933e76d237bbb83bf568071566ba37  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm
 4c6d20646db4de2ab03907c9b6705067  corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 
 83a55c89caf98419e9f76b58c6bee2e5  corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm

2007.0 x86_64

 d9423a942f4f779959cfe489866b52f5  2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm
 8b13ba591a7dc53c658876dae447ce17  2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm
 9e434edde16c05fded1b706adaae859d  2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm
 9733f3116c8488148471af3d5bdafd16  2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm
 fbb5010088c23aa2cf635875179adc3c  2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm
 00e05d49f33ef5d0067287ef1a27246c  2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm 
 cb50a10a1096424175c1a49e8e22a8a1  2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

2007.1 i586

 dc81f96bd48732eed770b0090b333695  2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm
 3545d312400a8f5aad55e323d2ff3543  2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm
 f4656b26df51f63813a49006415a783b  2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm
 ab1869c8ddeda927fdfbc49c386756f1  2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm
 5de192ed26380212896fcd376a1b3e23  2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm
 a347c58fc3e76e064cabf8425d0245ab  2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm 
 15c9274e61f9dbe98150fa1ae58ef7bc  2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

2007.0 i586

 4ecbfe664ba6820bf06dc406133e265c  2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm
 6d51733a95884e36cca9570738537ff6  2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm
 abe0591d8b2b390a82dffcd2fed43b14  2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm
 91ffe19d342810de71e056e213056552  2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm
 71fd9246da1e48b2dc6a60ceeae41e48  2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm
 bd0f3b69fe5dc7bddd6c121200db014d  2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm 
 cb50a10a1096424175c1a49e8e22a8a1  2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

CS3.0 x86_64

 f977134efb9f309911bfc1b4850e82f0  corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm
 36fff0b8424e4f651e6f055c70008521  corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm
 696c4e4cc405b9ca56f22819fa2f818b  corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm
 942d626665fe5a05f879411e7ca80030  corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm
 e191a6945b87e3b33617a3de06561d3e  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm 
 2d3ba4ca7a10c5842f6eeb6a7f847e86  corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

2008.0 x86_64

 b18f356dc9fc5cda784e576e3f20a801  2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm
 bccc98b2ad3205d2c301036ba9d28f61  2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm
 1c1837c8a8eb04609daa405553ab7fe8  2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm
 5748bf84c1239e2b4255446cbf6c8285  2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm
 bd593d10e724d5fcb41a474ceb985996  2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm
 f2db5dfbb8dc8327965a45a5d88e0b6d  2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm 
 e034c775d5b04fffb14cb441b8174a55  2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

CS3.0 i586

 21bb1e12de3ad442d1abcf6b748e4612  corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm
 0b98a618d204f1cb5d93cfc8bc17ce04  corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm
 b4d7d4823f4a052f1b88de95c15fdd35  corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm
 15ff4fca1070bde09536ef5c152f93fa  corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm
 29a49e9cd1dab4afc7d4b45f756db2ec  corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm 
 2d3ba4ca7a10c5842f6eeb6a7f847e86  corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

2008.0 i586

 27ee99856a1c4448cdee618f2db8ae52  2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm
 09a6026a683b1ea029b63b0480aa2d4b  2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm
 7974c9c3a572a389fea83250cd57c8e1  2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm
 a6432e417d401b7900113763255bf8c3  2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm
 cfb0fd68a1d60f1dfa985da0bb79190f  2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm
 aba1862f9db0e18f09d581ef0a95fde8  2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm 
 e034c775d5b04fffb14cb441b8174a55  2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

2007.1 x86_64

 1faa57f00d0577f6d25cddf7fccd7edb  2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm
 26a14fabfef38f2fd4ab88c6184d4e2f  2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm
 b5a49bfbeb004af58e1e5f9c1660dece  2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm
 6b81f4e888dec6e94231b01fd5d162bf  2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm
 256313a9ac10203a7d59deb6ff0a3da0  2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm
 41e268b0e9e8a5e256c9af6192dfcae0  2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm 
 15c9274e61f9dbe98150fa1ae58ef7bc  2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

Referenzen