Paketname
cups
Datum
2009-10-19
Advisory ID
MDVSA-2009:283
Betroffene Versionen
CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problembeschreibung

Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of service
(crash) via a crafted PDF file that triggers a free of uninitialized
memory. (CVE-2009-0166)

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
(4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
an out-of-bounds read. (CVE-2009-0799)

Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-0800)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF
file. (CVE-2009-1179)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
execute arbitrary code via a crafted PDF file that triggers a free
of invalid data. (CVE-2009-1180)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
a NULL pointer dereference. (CVE-2009-1181)

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-1182)

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang)
via a crafted PDF file. (CVE-2009-1183)

The directory-services functionality in the scheduler in CUPS 1.1.17
and 1.1.22 allows remote attackers to cause a denial of service (cupsd
daemon outage or crash) via manipulations of the timing of CUPS browse
packets, related to a pointer use-after-delete flaw. (CVE-2009-1196)

Two integer overflow flaws were found in the CUPS pdftops filter. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)

This update corrects the problems.

Aktualisierte Pakete

CS3.0 i586

 86301a5d5c962256a88d4e15faba9bbf  corporate/3.0/i586/cups-1.1.20-5.21.C30mdk.i586.rpm
 378811817692045b489880711aa46c85  corporate/3.0/i586/cups-common-1.1.20-5.21.C30mdk.i586.rpm
 b0b493387f5b0a67eb1bfa7b2cda1152  corporate/3.0/i586/cups-serial-1.1.20-5.21.C30mdk.i586.rpm
 7236d2f3677e5f6e2ea740e291e145d5  corporate/3.0/i586/libcups2-1.1.20-5.21.C30mdk.i586.rpm
 b6959ae680668c17cb2dc84077bfb1a8  corporate/3.0/i586/libcups2-devel-1.1.20-5.21.C30mdk.i586.rpm 
 902b2ecfff8325312ad095425ec6b31b  corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm

MNF2.0 i586

 c998b8245740f55a475014ab84aa72c6  mnf/2.0/i586/cups-1.1.20-5.21.M20mdk.i586.rpm
 caff03b6b69c0dc6dcf5b0e56bc583c3  mnf/2.0/i586/cups-common-1.1.20-5.21.M20mdk.i586.rpm
 f4f7b5894f97f371dcaa84347170642c  mnf/2.0/i586/cups-serial-1.1.20-5.21.M20mdk.i586.rpm
 ae0eb99fdc9ce79efff159a5dcd3d64e  mnf/2.0/i586/libcups2-1.1.20-5.21.M20mdk.i586.rpm
 8e701f7caa03cd8d1bb42566965506e6  mnf/2.0/i586/libcups2-devel-1.1.20-5.21.M20mdk.i586.rpm 
 10e3ff36714b79b806b62137b3d7d246  mnf/2.0/SRPMS/cups-1.1.20-5.21.M20mdk.src.rpm

CS3.0 x86_64

 633954b881b4a13641c71f5d8937d70e  corporate/3.0/x86_64/cups-1.1.20-5.21.C30mdk.x86_64.rpm
 b1f94eafb660f6df4f1a7bf5a59f48b7  corporate/3.0/x86_64/cups-common-1.1.20-5.21.C30mdk.x86_64.rpm
 6962c849474e00d4381f68ce0d700baa  corporate/3.0/x86_64/cups-serial-1.1.20-5.21.C30mdk.x86_64.rpm
 775f8c2232eb751dae3fbd5aa347c31b  corporate/3.0/x86_64/lib64cups2-1.1.20-5.21.C30mdk.x86_64.rpm
 ec752b939267cf785a76161388d63b89  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.21.C30mdk.x86_64.rpm 
 902b2ecfff8325312ad095425ec6b31b  corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm

Referenzen