MDVSA-2009:029
- Package name
- cups
- Date
- 2009-01-24
- Advisory ID
- MDVSA-2009:029
- Affected versions
- CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586
Problem description
Security vulnerabilities have been discovered and corrected in CUPS.
CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary
code via a PNG image with a large height value, which bypasses a
validation check and triggers a buffer overflow (CVE-2008-5286).
CUPS shipped with Mandriva Linux allows local users to overwrite
arbitrary files via a symlink attack on the /tmp/pdf.log temporary file
(CVE-2009-0032).
The updated packages have been patched to prevent this.
Updated packages
CS3.0 i586
994b3a1b01b56666bb4a8031ee31b34f corporate/3.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm de905741d61bae32536529fbf90dfab3 corporate/3.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm 7b17aea4fc95127caf9d10ee6890bce9 corporate/3.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm b292bef90820e0a6670be098898fed4c corporate/3.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm 0c4ccae9726627a7862b99d502bd01d7 corporate/3.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm c352f4b5a13cd526986a57df257179f4 corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm
CS4.0 x86_64
6d244796552fdbcf5558dafb656a6725 corporate/4.0/x86_64/cups-1.2.4-0.11.20060mlcs4.x86_64.rpm 52d6bce0dff47c71e0a92414a85310d1 corporate/4.0/x86_64/cups-common-1.2.4-0.11.20060mlcs4.x86_64.rpm 9974614fa1d89fdb299f4234d0033c4e corporate/4.0/x86_64/cups-serial-1.2.4-0.11.20060mlcs4.x86_64.rpm f49b67cca18ae350ff1012b27690ef21 corporate/4.0/x86_64/lib64cups2-1.2.4-0.11.20060mlcs4.x86_64.rpm 40c5855531ced0dd7d236bd2db35d4a3 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.11.20060mlcs4.x86_64.rpm 4d1d6b25b4d9be6cb9ea8bcc4612ed9a corporate/4.0/x86_64/php-cups-1.2.4-0.11.20060mlcs4.x86_64.rpm ec9108eae742d663e2ee8a4beecaf9cf corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm
MNF2.0 i586
7a9040b14a227bc68034606f877a998c mnf/2.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm 03409addc231891f162edab1d53308fd mnf/2.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm fe24ae2f4ef9727e1edeb1ffaa40a6a4 mnf/2.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm d1fbff8f743b4b2598fdeaad56d7e3b1 mnf/2.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm 4abb0a31c7473c6bca3ff3152ce6f961 mnf/2.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm d61057ea6fbf926570d6ebb93e97d822 mnf/2.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm
CS3.0 x86_64
bd5351126e270e17cc2566bf2235fa1f corporate/3.0/x86_64/cups-1.1.20-5.20.C30mdk.x86_64.rpm 118ef59563972c058f5554f32a3e2c47 corporate/3.0/x86_64/cups-common-1.1.20-5.20.C30mdk.x86_64.rpm ab8d127202d1e96c8aa426049b1892e6 corporate/3.0/x86_64/cups-serial-1.1.20-5.20.C30mdk.x86_64.rpm bae6f13234cf3b78ddfd4907ba1fb77b corporate/3.0/x86_64/lib64cups2-1.1.20-5.20.C30mdk.x86_64.rpm 3d3c8828d13aad5c640735bade817324 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.20.C30mdk.x86_64.rpm c352f4b5a13cd526986a57df257179f4 corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm
CS4.0 i586
4ed3f682ad778dae2030b5421c9021d1 corporate/4.0/i586/cups-1.2.4-0.11.20060mlcs4.i586.rpm fcb481b9d2a7e03eb6282da1a948c934 corporate/4.0/i586/cups-common-1.2.4-0.11.20060mlcs4.i586.rpm 2c8fe1c48e81d5d5fec7dcb169b4c592 corporate/4.0/i586/cups-serial-1.2.4-0.11.20060mlcs4.i586.rpm 6bfc9e49eea846be83d8e2ce6a33937c corporate/4.0/i586/libcups2-1.2.4-0.11.20060mlcs4.i586.rpm 6e10802e302fcb3949e9f2d5d7033140 corporate/4.0/i586/libcups2-devel-1.2.4-0.11.20060mlcs4.i586.rpm 5027be07f343ef0ee30098facd23bf2e corporate/4.0/i586/php-cups-1.2.4-0.11.20060mlcs4.i586.rpm ec9108eae742d663e2ee8a4beecaf9cf corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm