MDVSA-2009:027

Package name

cups

Date

2009-01-24

Advisory ID

MDVSA-2009:027

Affected versions

2009.0 x86_64 , 2009.0 i586

Problem description

A vulnerability has been discovered in CUPS shipped with Mandriva
Linux which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 bca632f80da6585f96961249a85814b3  2009.0/x86_64/cups-1.3.9-0.2mdv2009.0.x86_64.rpm
 284e9fa1ec2e0e600d5b84a5d442cf83  2009.0/x86_64/cups-common-1.3.9-0.2mdv2009.0.x86_64.rpm
 25b4748dc3e4f89c41144860afc07c5c  2009.0/x86_64/cups-serial-1.3.9-0.2mdv2009.0.x86_64.rpm
 2f80db085873ba84d0e03cc93e0414f1  2009.0/x86_64/lib64cups2-1.3.9-0.2mdv2009.0.x86_64.rpm
 9f2d6af604776711a6069675fc691735  2009.0/x86_64/lib64cups2-devel-1.3.9-0.2mdv2009.0.x86_64.rpm
 6b406299606abfac95de8010dd42017e  2009.0/x86_64/php-cups-1.3.9-0.2mdv2009.0.x86_64.rpm 
 3560fcb8fd60eb74decd107e5d93a72f  2009.0/SRPMS/cups-1.3.9-0.2mdv2009.0.src.rpm

2009.0 i586

 caaa187da8956be8f641515ea9290e08  2009.0/i586/cups-1.3.9-0.2mdv2009.0.i586.rpm
 9e704aff739f01e73678adc310b804f0  2009.0/i586/cups-common-1.3.9-0.2mdv2009.0.i586.rpm
 43c2279f88b8cab5f9ebf3041d7ae684  2009.0/i586/cups-serial-1.3.9-0.2mdv2009.0.i586.rpm
 3f8caca75583e8c1757504a2f6b42bc0  2009.0/i586/libcups2-1.3.9-0.2mdv2009.0.i586.rpm
 04e2bca2ed50f7dfde7d5f5575e9f0db  2009.0/i586/libcups2-devel-1.3.9-0.2mdv2009.0.i586.rpm
 4e92aef011534069bf638e6d67e8aacc  2009.0/i586/php-cups-1.3.9-0.2mdv2009.0.i586.rpm 
 3560fcb8fd60eb74decd107e5d93a72f  2009.0/SRPMS/cups-1.3.9-0.2mdv2009.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032