[ MDVSA-2009:281 ] cups

Mandrivan turvallisuustiedotteiden tuoreimmat

[ MDVSA-2009:281 ] cups

Uusi viestiKirjoittaja dude67 » 25 Loka 2009, 09:39

_______________________________________________________________________

Package : cups
Date : October 19, 2009
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap
(CVE-2009-0146, CVE-2009-0147).

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow (CVE-2009-0163).

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to g*allocn (CVE-2009-0165).

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of service
(crash) via a crafted PDF file that triggers a free of uninitialized
memory (CVE-2009-0166).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c,
(4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179 (CVE-2009-0791).

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags (CVE-2009-0949).

Two integer overflow flaws were found in the CUPS pdftops filter. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)

This update corrects the problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0146
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0147
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0163
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0165
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0166
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0791
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0949
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3608
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3609
_______________________________________________________________________
Kuva
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien :)
Avatar
dude67
Site Admin
 
Viestit: 2256
Liittynyt: 27 Syys 2007, 16:58
Paikkakunta: Espoo

Paluu Mandrivan turvallisuustiedotteet

Paikallaolijat

Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 26 vierailijaa

cron