Nom du paquet
cups
Date
2009-12-07
Advisory ID
MDVSA-2009:282-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to g*allocn. (CVE-2009-0165)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of service
(crash) via a crafted PDF file that triggers a free of uninitialized
memory. (CVE-2009-0166)

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
(4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
an out-of-bounds read. (CVE-2009-0799)

Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-0800)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF
file. (CVE-2009-1179)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
execute arbitrary code via a crafted PDF file that triggers a free
of invalid data. (CVE-2009-1180)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
a NULL pointer dereference. (CVE-2009-1181)

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via
a crafted PDF file. (CVE-2009-1182)

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang)
via a crafted PDF file. (CVE-2009-1183)

Two integer overflow flaws were found in the CUPS pdftops filter. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)

This update corrects the problems.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 6b17f59f63c062c017c78d459dd2d89a  2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm
 9bc5298d9895c356227fdda3a0ddb2c0  2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm
 e3583883df8532fc8c496866dac713f8  2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm
 fac1fcb839ad53322a447d4d39f769e3  2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm
 3d65afc590fb8520d68b2a3e8e1da696  2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm
 9e09ed22a2522ee45e93e0edc146193f  2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm
 7427b1f56387e84db5a15aad85b424d2  2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm
 67937a584d365d6b00ef688c88e8d7c5  2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm
 410dc85c2c7b71ab316be5607c556682  2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm
 64d6e14be8d93c7651ce5dc3e2ebc5bf  2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm
 cc9af7e314b6eaa6a8f946fa2c27f298  2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm
 0c6d3a6b5211e8506a89144b8c3a3cfb  2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm
 c985516638ed4d8f792daa13bd506023  2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm
 8d05619dcef538092696ce70998abd20  2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm
 0bae2a3525b796882d2cc87853945e5a  2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm 
 f3b53f5fafa8af4d754a5985e5f93830  2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
 11b021f4e5d21d199728b9a0a37a8230  2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm

2008.0 x86_64

 8249475feb3bdc74ea7060944baed6aa  2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm
 83951504acb783cfdb8ec4fe48d31e1e  2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm
 fa8a91e8e3bc8f11c19ab460d1f690fe  2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm
 e061fdbeded2d97bb3ca6b34d33cb384  2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm
 893235ea8cf23295ae961ea2de0b9903  2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm
 9844640563afdef4a870e2ed12e58136  2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm
 06ea824a6a2cd9360a9e75a14718192a  2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm
 bb0eb04fa906a352e6738d08f116f89b  2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm
 43d6a85dfdad7e969655ee4e2a377370  2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm
 eef29dde4b9e80d4c360e953cbe9110b  2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm
 c74dc9f245091f451441d8b88f0beed3  2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm
 60345458274afc6ff480317fc408ec52  2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm
 0a880b9c0d655c10f5757882e30911f1  2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm
 eb6fde793ac0d7ea86df42aa22637807  2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm
 7f475f07368ed9158008f2891dce2cd6  2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm 
 f3b53f5fafa8af4d754a5985e5f93830  2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
 11b021f4e5d21d199728b9a0a37a8230  2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm

References