[Full-disclosure] [ MDVSA-2009:096-1 ] printer-drivers




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:096-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : printer-drivers
Date : April 24, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).

This update provides fixes for that vulnerabilities.

Update:

The previous update went with a wrong require version of perl-base
in the foomatic-db-engine package. It is fixed on this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
96dbc60a93ce4a6763d2455faf174a7b corporate/3.0/i586/cups-drivers-1.1-138.7.C30mdk.i586.rpm
22dc1a762f9a3a2fe5d7110b5eba3455 corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
d2c14e583a164b7869cf948e3c9807fa corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
bac7e6a9dc1c0001ce0e52ca46478ef8 corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
d21db35d010cec004a08b81ea931e099 corporate/3.0/i586/ghostscript-7.07-19.7.C30mdk.i586.rpm
4a5ff90f604335520030e009c9bfa88f corporate/3.0/i586/ghostscript-module-X-7.07-19.7.C30mdk.i586.rpm
4f7585ce74121c1d5ac778502514b282 corporate/3.0/i586/gimpprint-4.2.7-2.7.C30mdk.i586.rpm
5d151dd1c5722bc6772f50906f1f8021 corporate/3.0/i586/libgimpprint1-4.2.7-2.7.C30mdk.i586.rpm
6451feff86856479e8a35ebf49f185f4 corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.7.C30mdk.i586.rpm
c4d87b25765d2db2efe1e45ad6ef9e16 corporate/3.0/i586/libijs0-0.34-76.7.C30mdk.i586.rpm
76d95e81afaba7c85f2263fb24a98ee8 corporate/3.0/i586/libijs0-devel-0.34-76.7.C30mdk.i586.rpm
2e816acf32ad22a5297565750840fa35 corporate/3.0/i586/printer-filters-1.0-138.7.C30mdk.i586.rpm
480c4991734be95df224865468a45e9a corporate/3.0/i586/printer-testpages-1.0-138.7.C30mdk.i586.rpm
5d0845002a84eb2a8c341039ce64a2fc corporate/3.0/i586/printer-utils-1.0-138.7.C30mdk.i586.rpm
903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
a45bd1c244e8c09768e8482ef0db740a corporate/3.0/x86_64/cups-drivers-1.1-138.7.C30mdk.x86_64.rpm
42836893a4f590eede9ffe95309c44f5 corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
97681dcc24ba1d656f5ccb90a3dc9551 corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
7988477ee8ec84c17d404300db27de1e corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
dc7d3d21e5311227c9c7326e31b4a5b5 corporate/3.0/x86_64/ghostscript-7.07-19.7.C30mdk.x86_64.rpm
caf9a2010f126f6c5e75204ce97ae2a0 corporate/3.0/x86_64/ghostscript-module-X-7.07-19.7.C30mdk.x86_64.rpm
2b3ac0b759e0695a80a12f23f8f5e26a corporate/3.0/x86_64/gimpprint-4.2.7-2.7.C30mdk.x86_64.rpm
3bf97787fedfe9e9f4348c77a8aca100 corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.7.C30mdk.x86_64.rpm
9653764019d8fad3994332efd55a541a corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.7.C30mdk.x86_64.rpm
0d818179492f74a124d6bd28a3e2afe4 corporate/3.0/x86_64/lib64ijs0-0.34-76.7.C30mdk.x86_64.rpm
ca55063d9e24ac47784e6f5606bdc981 corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.7.C30mdk.x86_64.rpm
0e8cc9cc04b70fc207ebd843cd82bf5d corporate/3.0/x86_64/printer-filters-1.0-138.7.C30mdk.x86_64.rpm
ddf46b5e1937b911e7f8650ddc569798 corporate/3.0/x86_64/printer-testpages-1.0-138.7.C30mdk.x86_64.rpm
f90b734db08f01cac31a7f3b8c86528f corporate/3.0/x86_64/printer-utils-1.0-138.7.C30mdk.x86_64.rpm
903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9caLmqjQ0CJFipgRAq0AAKDMk/At0KOjwv8z1lMVVONLt8oU3ACg18sa
/GHaS3O+LLgMH6XSBnHCfiE=
=YDBP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2009:096 ] printer-drivers
    ... Consortium Format Library allows attackers to cause denial ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [ MDVSA-2009:096 ] printer-drivers
    ... Consortium Format Library allows attackers to cause denial ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
    (Bugtraq)
  • [ MDVSA-2009:096-1 ] printer-drivers
    ... Consortium Format Library allows attackers to cause denial ... in the foomatic-db-engine package. ... GPG public key of the Mandriva Security Team by executing: ...
    (Bugtraq)
  • SuSE Security Announcement: nfs-utils (SuSE-SA:2003:031)
    ... certain RPC services such as the rpc.mountd. ... It is possible for remote attackers ... Pending vulnerabilities in SuSE Distributions and Workarounds: ... sure about the origin of the package and its content before installing ...
    (Bugtraq)
  • [Full-Disclosure] SuSE Security Announcement: nfs-utils (SuSE-SA:2003:031)
    ... certain RPC services such as the rpc.mountd. ... It is possible for remote attackers ... Pending vulnerabilities in SuSE Distributions and Workarounds: ... sure about the origin of the package and its content before installing ...
    (Full-Disclosure)