Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file.
615d492ff4a583c9964f4b3e57e745c7d62cad09d70886783f898e2b61f73d55
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:165
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : August 15, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause cups to crash and possibly
execute arbitrary code open a user opening the file.
This update provides packages which are patched to prevent these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
bc5c292cb44c5b23b1d2a71d3fa2b0d7 2007.0/i586/cups-1.2.4-1.3mdv2007.0.i586.rpm
51a9181da44c0d47eb4ff162c345b3bc 2007.0/i586/cups-common-1.2.4-1.3mdv2007.0.i586.rpm
12b97a05c0de65da4b431409099ab44d 2007.0/i586/cups-serial-1.2.4-1.3mdv2007.0.i586.rpm
b1b9ac484a0aa2d6f0a22b343a3f3053 2007.0/i586/libcups2-1.2.4-1.3mdv2007.0.i586.rpm
22ba1b567aa18e25ea2c463f9d42b38a 2007.0/i586/libcups2-devel-1.2.4-1.3mdv2007.0.i586.rpm
a404b43af035362b8cd26d997a01b56d 2007.0/i586/php-cups-1.2.4-1.3mdv2007.0.i586.rpm
49350086e2842ab233b3d92c2a79cb74 2007.0/SRPMS/cups-1.2.4-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
d9b9b692146d84ce62202b82cfb0e099 2007.0/x86_64/cups-1.2.4-1.3mdv2007.0.x86_64.rpm
9c0ee78ece4907629c32e49999725ae1 2007.0/x86_64/cups-common-1.2.4-1.3mdv2007.0.x86_64.rpm
65b47df2465d223dbc63b994bc5e6b2c 2007.0/x86_64/cups-serial-1.2.4-1.3mdv2007.0.x86_64.rpm
863599d5fcf8c363904a85e430e6ea7b 2007.0/x86_64/lib64cups2-1.2.4-1.3mdv2007.0.x86_64.rpm
ed8893fe12e79b60c5ca237ba8c3c266 2007.0/x86_64/lib64cups2-devel-1.2.4-1.3mdv2007.0.x86_64.rpm
dd709f0b91f094beafca3c884b2dc6be 2007.0/x86_64/php-cups-1.2.4-1.3mdv2007.0.x86_64.rpm
49350086e2842ab233b3d92c2a79cb74 2007.0/SRPMS/cups-1.2.4-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
b0fea359db4550d3a0a470bb63f54802 2007.1/i586/cups-1.2.10-2.1mdv2007.1.i586.rpm
33ca0ca44541e48450fdb0f66930911e 2007.1/i586/cups-common-1.2.10-2.1mdv2007.1.i586.rpm
a6e6647a4d775e6b10c15a789b665803 2007.1/i586/cups-serial-1.2.10-2.1mdv2007.1.i586.rpm
68b54b65768eb27f9375cf1d27410667 2007.1/i586/libcups2-1.2.10-2.1mdv2007.1.i586.rpm
2111937c855120bcb39369e01876986f 2007.1/i586/libcups2-devel-1.2.10-2.1mdv2007.1.i586.rpm
50836afba4b9d09eda062a9f8db0cedf 2007.1/i586/php-cups-1.2.10-2.1mdv2007.1.i586.rpm
281d9330375f2f6786bf1cec3b857f16 2007.1/SRPMS/cups-1.2.10-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
cc3d74326d5a7bbc275500cb93aceb21 2007.1/x86_64/cups-1.2.10-2.1mdv2007.1.x86_64.rpm
d2cd0fa7109515d54c5cf62c8c7b0c51 2007.1/x86_64/cups-common-1.2.10-2.1mdv2007.1.x86_64.rpm
52ef39d226ad04aafe40f657524f6e5b 2007.1/x86_64/cups-serial-1.2.10-2.1mdv2007.1.x86_64.rpm
eb3c01016b5a36c22b147b8568e7dce8 2007.1/x86_64/lib64cups2-1.2.10-2.1mdv2007.1.x86_64.rpm
d6aa91b7379aa0781382f86fd3142269 2007.1/x86_64/lib64cups2-devel-1.2.10-2.1mdv2007.1.x86_64.rpm
a612257a048d439cfb9c96577a090516 2007.1/x86_64/php-cups-1.2.10-2.1mdv2007.1.x86_64.rpm
281d9330375f2f6786bf1cec3b857f16 2007.1/SRPMS/cups-1.2.10-2.1mdv2007.1.src.rpm
Corporate 3.0:
69dd24d3b4eda222dd8536750e520db9 corporate/3.0/i586/cups-1.1.20-5.12.C30mdk.i586.rpm
e11cef8e543f2f7318dda54f21ed2e50 corporate/3.0/i586/cups-common-1.1.20-5.12.C30mdk.i586.rpm
0c031620f862e1baf7d1f4e874af6d5b corporate/3.0/i586/cups-serial-1.1.20-5.12.C30mdk.i586.rpm
c6f4b0fd2455eb058c04afa75a7507a0 corporate/3.0/i586/libcups2-1.1.20-5.12.C30mdk.i586.rpm
d61b22abb21eef055f6cc692faef3a2b corporate/3.0/i586/libcups2-devel-1.1.20-5.12.C30mdk.i586.rpm
a3bb3c90aed9f2cb337e1edeb2147d33 corporate/3.0/SRPMS/cups-1.1.20-5.12.C30mdk.src.rpm
Corporate 3.0/X86_64:
80e6638c7748278e9e463da6b91b972c corporate/3.0/x86_64/cups-1.1.20-5.12.C30mdk.x86_64.rpm
26f68b2419949766430ecd9cb8eb5f9c corporate/3.0/x86_64/cups-common-1.1.20-5.12.C30mdk.x86_64.rpm
b1ae56a1bf0f239096cba8879aa32232 corporate/3.0/x86_64/cups-serial-1.1.20-5.12.C30mdk.x86_64.rpm
28d68209a485a554bfb09e58d34b5c5d corporate/3.0/x86_64/lib64cups2-1.1.20-5.12.C30mdk.x86_64.rpm
9cb83abf75a5a31f74964679e647ab76 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.12.C30mdk.x86_64.rpm
a3bb3c90aed9f2cb337e1edeb2147d33 corporate/3.0/SRPMS/cups-1.1.20-5.12.C30mdk.src.rpm
Corporate 4.0:
06550a8de7de77d09c0dd1b091a8e361 corporate/4.0/i586/cups-1.2.4-0.3.20060mlcs4.i586.rpm
4c4204f856c13107ddd3c2d1a7b68f3a corporate/4.0/i586/cups-common-1.2.4-0.3.20060mlcs4.i586.rpm
57f9710a036bb3a9ee5bcc934fcfa4da corporate/4.0/i586/cups-serial-1.2.4-0.3.20060mlcs4.i586.rpm
67f0dd5f82523296827b6522a599c88a corporate/4.0/i586/libcups2-1.2.4-0.3.20060mlcs4.i586.rpm
e7c9f43b15951c4089660b1d604b12c7 corporate/4.0/i586/libcups2-devel-1.2.4-0.3.20060mlcs4.i586.rpm
81613d8a526b6c005e24b291779d80e0 corporate/4.0/i586/php-cups-1.2.4-0.3.20060mlcs4.i586.rpm
9e10e3a5bab8431fd5b90f7d3d73bc35 corporate/4.0/SRPMS/cups-1.2.4-0.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
762970c5f9a7be75423be981e28568db corporate/4.0/x86_64/cups-1.2.4-0.3.20060mlcs4.x86_64.rpm
432d0593eb6165186a527d65d59ef774 corporate/4.0/x86_64/cups-common-1.2.4-0.3.20060mlcs4.x86_64.rpm
d171f3d1be0d10f68a1875b2007b4559 corporate/4.0/x86_64/cups-serial-1.2.4-0.3.20060mlcs4.x86_64.rpm
2dd3e283bb805f06ba00cdb17c12fd0a corporate/4.0/x86_64/lib64cups2-1.2.4-0.3.20060mlcs4.x86_64.rpm
0d0040e62a7bcb83c957e0ee70885764 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.3.20060mlcs4.x86_64.rpm
0abd4c82d63895d928f90332d02eb962 corporate/4.0/x86_64/php-cups-1.2.4-0.3.20060mlcs4.x86_64.rpm
9e10e3a5bab8431fd5b90f7d3d73bc35 corporate/4.0/SRPMS/cups-1.2.4-0.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGwy5VmqjQ0CJFipgRAr4oAJ9A6hA9CZIk5GR3Ud779v61CO74eQCfTBUZ
54eeSvI8Cpsr45fO17Y3gmU=
=aWcj
-----END PGP SIGNATURE-----