Mandriva Linux Security Advisory 2011-146 - The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service via HTTP_UNAUTHORIZED responses. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2895. The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
48a1c0fec4da5f4548c480faaebd5504e2e71bfb04dc4f7b79dc01b7f4e22a7d-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:146
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 11, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in cups:
The cupsDoAuthentication function in auth.c in the client in CUPS
before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a
demand for authorization, which allows remote CUPS servers to cause
a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses
(CVE-2010-2432).
The LZW decompressor in the LWZReadByte function in giftoppm.c in
the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
and earlier, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which
allows remote attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
(CVE-2011-2896).
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896 (CVE-2011-3170).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
451f5c217b5607e6ae8e2c091b7ecc75 2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm
0c7f78718f376f9df426aa4dc1b6f93e 2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm
deefb9a51325690a9f4fe8fe519faf9f 2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm
bdea2daf7c44f8a5250df2d548a9e030 2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm
dd60444ba124fa9c024375b9356848d6 2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm
680ac463439bb2332229a52fb1d8a4c4 2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
557d87c9d241ae39c785c6373dd8b70f 2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm
f68379827c3e1dd18601fff8dd19621f 2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm
5439dfb021e198212a04698d95ddb5f2 2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm
6567d318f829bafaa625262159589806 2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm
17f56ba710371a2297d13880fc7676d7 2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm
8d29304cb6f1bbb89682bf852a2da6ed 2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2010.1:
333f2b8f389a7210be1123ce092bbb8b 2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm
2f753bd61e2726d1099d2dd3d57f2eca 2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm
2d9ae53f0a159618391ef18c94561408 2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm
9fbb242780d33b802667d5babdeff105 2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm
461913f016aa628f81379e1a4e67151b 2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm
3b907ebc975bbf2d700edd64d44e5e79 2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0eb77a9809fcd349c3fa223781f7794e 2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm
e5e69d444efa6344cff81af4278c9755 2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm
6c0a637a71baa5c5a58ce5c4b28d0137 2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm
b34fcde9ed6ef29b76e816f800d11237 2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm
ebc1a568d6dee5bf1d88bdceded2a716 2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm
98f1846e79b75e9e0a3e98b15385d80d 2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
776e12f8d570445f63c0a9437fcddd2e mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad33a9c8115cc83c1008028bcb0e29c7 mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm
21b795c7736553fd6a825598976c866b mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm
c3fd62dd50d3ce0b96ef0b3c2520ff89 mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm
34b4518819bfac3d5ea9d6e925b7945b mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm
5403247140449d963d791c54df419b18 mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7f11915d7803d01df1840d891882e6ba mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
1a364126747bf4f24987c184344c4ec4 mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm
3d728c0528cc1ad0d23b1a511c122f68 mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm
1abee6673d58115557b11c5fded196d2 mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm
dab5b4d9ef8442301b180e21fc003b45 mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm
91955cdd36674dc12ba5bb716c2bee36 mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOktgPmqjQ0CJFipgRAhG2AKCAuUZh2rvZdtbjtd0ycVemOY39TQCgn0jF
Ee6oHfd4+Nq17qNb0y7s7Nc=
=lZgy
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed