Nom du paquet
cups
Date
2009-01-24
Advisory ID
MDVSA-2009:029
Affected versions
CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586

Problem description

Security vulnerabilities have been discovered and corrected in CUPS.

CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary
code via a PNG image with a large height value, which bypasses a
validation check and triggers a buffer overflow (CVE-2008-5286).

CUPS shipped with Mandriva Linux allows local users to overwrite
arbitrary files via a symlink attack on the /tmp/pdf.log temporary file
(CVE-2009-0032).

The updated packages have been patched to prevent this.

Updated packages

CS3.0 i586

 994b3a1b01b56666bb4a8031ee31b34f  corporate/3.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm
 de905741d61bae32536529fbf90dfab3  corporate/3.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm
 7b17aea4fc95127caf9d10ee6890bce9  corporate/3.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm
 b292bef90820e0a6670be098898fed4c  corporate/3.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm
 0c4ccae9726627a7862b99d502bd01d7  corporate/3.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm 
 c352f4b5a13cd526986a57df257179f4  corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm

CS4.0 x86_64

 6d244796552fdbcf5558dafb656a6725  corporate/4.0/x86_64/cups-1.2.4-0.11.20060mlcs4.x86_64.rpm
 52d6bce0dff47c71e0a92414a85310d1  corporate/4.0/x86_64/cups-common-1.2.4-0.11.20060mlcs4.x86_64.rpm
 9974614fa1d89fdb299f4234d0033c4e  corporate/4.0/x86_64/cups-serial-1.2.4-0.11.20060mlcs4.x86_64.rpm
 f49b67cca18ae350ff1012b27690ef21  corporate/4.0/x86_64/lib64cups2-1.2.4-0.11.20060mlcs4.x86_64.rpm
 40c5855531ced0dd7d236bd2db35d4a3  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.11.20060mlcs4.x86_64.rpm
 4d1d6b25b4d9be6cb9ea8bcc4612ed9a  corporate/4.0/x86_64/php-cups-1.2.4-0.11.20060mlcs4.x86_64.rpm 
 ec9108eae742d663e2ee8a4beecaf9cf  corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm

MNF2.0 i586

 7a9040b14a227bc68034606f877a998c  mnf/2.0/i586/cups-1.1.20-5.20.C30mdk.i586.rpm
 03409addc231891f162edab1d53308fd  mnf/2.0/i586/cups-common-1.1.20-5.20.C30mdk.i586.rpm
 fe24ae2f4ef9727e1edeb1ffaa40a6a4  mnf/2.0/i586/cups-serial-1.1.20-5.20.C30mdk.i586.rpm
 d1fbff8f743b4b2598fdeaad56d7e3b1  mnf/2.0/i586/libcups2-1.1.20-5.20.C30mdk.i586.rpm
 4abb0a31c7473c6bca3ff3152ce6f961  mnf/2.0/i586/libcups2-devel-1.1.20-5.20.C30mdk.i586.rpm 
 d61057ea6fbf926570d6ebb93e97d822  mnf/2.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm

CS3.0 x86_64

 bd5351126e270e17cc2566bf2235fa1f  corporate/3.0/x86_64/cups-1.1.20-5.20.C30mdk.x86_64.rpm
 118ef59563972c058f5554f32a3e2c47  corporate/3.0/x86_64/cups-common-1.1.20-5.20.C30mdk.x86_64.rpm
 ab8d127202d1e96c8aa426049b1892e6  corporate/3.0/x86_64/cups-serial-1.1.20-5.20.C30mdk.x86_64.rpm
 bae6f13234cf3b78ddfd4907ba1fb77b  corporate/3.0/x86_64/lib64cups2-1.1.20-5.20.C30mdk.x86_64.rpm
 3d3c8828d13aad5c640735bade817324  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.20.C30mdk.x86_64.rpm 
 c352f4b5a13cd526986a57df257179f4  corporate/3.0/SRPMS/cups-1.1.20-5.20.C30mdk.src.rpm

CS4.0 i586

 4ed3f682ad778dae2030b5421c9021d1  corporate/4.0/i586/cups-1.2.4-0.11.20060mlcs4.i586.rpm
 fcb481b9d2a7e03eb6282da1a948c934  corporate/4.0/i586/cups-common-1.2.4-0.11.20060mlcs4.i586.rpm
 2c8fe1c48e81d5d5fec7dcb169b4c592  corporate/4.0/i586/cups-serial-1.2.4-0.11.20060mlcs4.i586.rpm
 6bfc9e49eea846be83d8e2ce6a33937c  corporate/4.0/i586/libcups2-1.2.4-0.11.20060mlcs4.i586.rpm
 6e10802e302fcb3949e9f2d5d7033140  corporate/4.0/i586/libcups2-devel-1.2.4-0.11.20060mlcs4.i586.rpm
 5027be07f343ef0ee30098facd23bf2e  corporate/4.0/i586/php-cups-1.2.4-0.11.20060mlcs4.i586.rpm 
 ec9108eae742d663e2ee8a4beecaf9cf  corporate/4.0/SRPMS/cups-1.2.4-0.11.20060mlcs4.src.rpm

References