Updated cups package are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2005:008
Date: January 17th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the "lp" user (CAN-2004-1267).
Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CAN-2004-1270).
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1e0251c77c7b2c9316bc521b0f82a53d 10.0/RPMS/cups-1.1.20-5.5.100mdk.i586.rpm
e77c1d4bff04dc3a1d609ecd1c8c9e0f 10.0/RPMS/cups-common-1.1.20-5.5.100mdk.i586.rpm
62aba65ac5bcdccfe758159b984b3994 10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.i586.rpm
7afb5aea66db7227a6914267be740833 10.0/RPMS/libcups2-1.1.20-5.5.100mdk.i586.rpm
14f7b61865ee7a15f2e1564cc60f9672 10.0/RPMS/libcups2-devel-1.1.20-5.5.100mdk.i586.rpm
16e7119ecb214022e6ff1297eaad3d2d 10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
5ebeedb2d182f35cf22c31afff3c0972 amd64/10.0/RPMS/cups-1.1.20-5.5.100mdk.amd64.rpm
d84c55b9076c74373fa4dbb4e86432ef amd64/10.0/RPMS/cups-common-1.1.20-5.5.100mdk.amd64.rpm
ec5098bd9300257fe5011fca0bd8ae68 amd64/10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.amd64.rpm
d0d1aac0eacef95e804e16d0ef5b2c6b amd64/10.0/RPMS/lib64cups2-1.1.20-5.5.100mdk.amd64.rpm
3c1ff21d12d84af2be6da34d4362f43c amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.5.100mdk.amd64.rpm
16e7119ecb214022e6ff1297eaad3d2d amd64/10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm
Mandrakelinux 10.1:
ece1d0df72d1dc15a09ed755172770ba 10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.i586.rpm
288a2795e3e329ff708f3f47373187a1 10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.i586.rpm
89901c1c9a8169c5d80f818599bd44b5 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.i586.rpm
6f8350dd4fb4937c17e362ef797dad96 10.1/RPMS/libcups2-1.1.21-0.rc1.7.3.101mdk.i586.rpm
5bc6dfa8bc58989678a962cfa1722688 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.3.101mdk.i586.rpm
55d5adea7a47fc48a582dced0cba3bab 10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ac22a09fe5c0d67121fb4584c1bd41dc x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
a329cc52b9f6b6059a186f2b4758a430 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
7b7bcd648c962069a534d3c7b3f416d2 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
fe88bf3a903767f50fe884c1006c72f1 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
8f71509bfd63c3deb83d1f7e67104088 x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
55d5adea7a47fc48a582dced0cba3bab x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm
Corporate Server 2.1:
c7acb7c1e2ad053308af52c9729bc903 corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.i586.rpm
2a86e725464396da1a7d0d114ce97141 corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.i586.rpm
812683730d90ceb10dfbd3bd96f4b23b corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.i586.rpm
0112be232e1f7e075c8402431600b450 corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.i586.rpm
1d51cc74a64648aaaaf94d8d0720d95f corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.i586.rpm
45d74173e029fb4357b6fc150b5b0f96 corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
83b787f50242cbf5576e1b5849e415a9 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.x86_64.rpm
7aa9052837d945a572525f4280ba3163 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.x86_64.rpm
96ff5d11e78b862a5d707cbc29d0022f x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.x86_64.rpm
59db51c58eb2dac956ec9a20e72cf968 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.x86_64.rpm
dcfe2dba0c165618ec2c43c4a53550d9 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.x86_64.rpm
45d74173e029fb4357b6fc150b5b0f96 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm
Corporate Server 3.0:
980ef8bdf2fb0edf8f43744c58ab9d02 corporate/3.0/RPMS/cups-1.1.20-5.5.C30mdk.i586.rpm
88e3806fed54ee27bb3454d39d41dbdf corporate/3.0/RPMS/cups-common-1.1.20-5.5.C30mdk.i586.rpm
9e03b10d467e249a4784f22a57a48138 corporate/3.0/RPMS/cups-serial-1.1.20-5.5.C30mdk.i586.rpm
35c6c14219de93adfd5bd8b3c224d8bd corporate/3.0/RPMS/libcups2-1.1.20-5.5.C30mdk.i586.rpm
98368e82f1b812c5fdbebd985df65198 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.5.C30mdk.i586.rpm
9b3fdc543ef0aa6d1c593d2b810eee57 corporate/3.0/SRPMS/cups-1.1.20-5.5.C30mdk.src.rpm
Mandrakelinux 9.2:
d3883cb621525731fc167ff32b9f60b8 9.2/RPMS/cups-1.1.19-10.5.92mdk.i586.rpm
7774fbbce517ef94092452b0f6bf6348 9.2/RPMS/cups-common-1.1.19-10.5.92mdk.i586.rpm
b60260260061314180b239b47326b96b 9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.i586.rpm
6a3cc8c852f46f3b3de385993d3c53bf 9.2/RPMS/libcups2-1.1.19-10.5.92mdk.i586.rpm
e53c2e66c366fac0ad470e5972170ac9 9.2/RPMS/libcups2-devel-1.1.19-10.5.92mdk.i586.rpm
811375f41b9f2c85e2bfa6f64a88a7e2 9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
d0d6cdc697cc7b200e5b2abd60121f10 amd64/9.2/RPMS/cups-1.1.19-10.5.92mdk.amd64.rpm
c528308bfd48852daecb0e7373c5f2bb amd64/9.2/RPMS/cups-common-1.1.19-10.5.92mdk.amd64.rpm
99b41ab64d07eba6b75b294a2137c4a8 amd64/9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.amd64.rpm
931920e3bf5e3aea34199e52f8bed860 amd64/9.2/RPMS/lib64cups2-1.1.19-10.5.92mdk.amd64.rpm
05acfa1a72f100c4607c8229784bb81d amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.5.92mdk.amd64.rpm
811375f41b9f2c85e2bfa6f64a88a7e2 amd64/9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2005:008
Date: January 17th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the "lp" user (CAN-2004-1267).
Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CAN-2004-1270).
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1e0251c77c7b2c9316bc521b0f82a53d 10.0/RPMS/cups-1.1.20-5.5.100mdk.i586.rpm
e77c1d4bff04dc3a1d609ecd1c8c9e0f 10.0/RPMS/cups-common-1.1.20-5.5.100mdk.i586.rpm
62aba65ac5bcdccfe758159b984b3994 10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.i586.rpm
7afb5aea66db7227a6914267be740833 10.0/RPMS/libcups2-1.1.20-5.5.100mdk.i586.rpm
14f7b61865ee7a15f2e1564cc60f9672 10.0/RPMS/libcups2-devel-1.1.20-5.5.100mdk.i586.rpm
16e7119ecb214022e6ff1297eaad3d2d 10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
5ebeedb2d182f35cf22c31afff3c0972 amd64/10.0/RPMS/cups-1.1.20-5.5.100mdk.amd64.rpm
d84c55b9076c74373fa4dbb4e86432ef amd64/10.0/RPMS/cups-common-1.1.20-5.5.100mdk.amd64.rpm
ec5098bd9300257fe5011fca0bd8ae68 amd64/10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.amd64.rpm
d0d1aac0eacef95e804e16d0ef5b2c6b amd64/10.0/RPMS/lib64cups2-1.1.20-5.5.100mdk.amd64.rpm
3c1ff21d12d84af2be6da34d4362f43c amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.5.100mdk.amd64.rpm
16e7119ecb214022e6ff1297eaad3d2d amd64/10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm
Mandrakelinux 10.1:
ece1d0df72d1dc15a09ed755172770ba 10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.i586.rpm
288a2795e3e329ff708f3f47373187a1 10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.i586.rpm
89901c1c9a8169c5d80f818599bd44b5 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.i586.rpm
6f8350dd4fb4937c17e362ef797dad96 10.1/RPMS/libcups2-1.1.21-0.rc1.7.3.101mdk.i586.rpm
5bc6dfa8bc58989678a962cfa1722688 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.3.101mdk.i586.rpm
55d5adea7a47fc48a582dced0cba3bab 10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ac22a09fe5c0d67121fb4584c1bd41dc x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
a329cc52b9f6b6059a186f2b4758a430 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
7b7bcd648c962069a534d3c7b3f416d2 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
fe88bf3a903767f50fe884c1006c72f1 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
8f71509bfd63c3deb83d1f7e67104088 x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
55d5adea7a47fc48a582dced0cba3bab x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm
Corporate Server 2.1:
c7acb7c1e2ad053308af52c9729bc903 corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.i586.rpm
2a86e725464396da1a7d0d114ce97141 corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.i586.rpm
812683730d90ceb10dfbd3bd96f4b23b corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.i586.rpm
0112be232e1f7e075c8402431600b450 corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.i586.rpm
1d51cc74a64648aaaaf94d8d0720d95f corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.i586.rpm
45d74173e029fb4357b6fc150b5b0f96 corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
83b787f50242cbf5576e1b5849e415a9 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.x86_64.rpm
7aa9052837d945a572525f4280ba3163 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.x86_64.rpm
96ff5d11e78b862a5d707cbc29d0022f x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.x86_64.rpm
59db51c58eb2dac956ec9a20e72cf968 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.x86_64.rpm
dcfe2dba0c165618ec2c43c4a53550d9 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.x86_64.rpm
45d74173e029fb4357b6fc150b5b0f96 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm
Corporate Server 3.0:
980ef8bdf2fb0edf8f43744c58ab9d02 corporate/3.0/RPMS/cups-1.1.20-5.5.C30mdk.i586.rpm
88e3806fed54ee27bb3454d39d41dbdf corporate/3.0/RPMS/cups-common-1.1.20-5.5.C30mdk.i586.rpm
9e03b10d467e249a4784f22a57a48138 corporate/3.0/RPMS/cups-serial-1.1.20-5.5.C30mdk.i586.rpm
35c6c14219de93adfd5bd8b3c224d8bd corporate/3.0/RPMS/libcups2-1.1.20-5.5.C30mdk.i586.rpm
98368e82f1b812c5fdbebd985df65198 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.5.C30mdk.i586.rpm
9b3fdc543ef0aa6d1c593d2b810eee57 corporate/3.0/SRPMS/cups-1.1.20-5.5.C30mdk.src.rpm
Mandrakelinux 9.2:
d3883cb621525731fc167ff32b9f60b8 9.2/RPMS/cups-1.1.19-10.5.92mdk.i586.rpm
7774fbbce517ef94092452b0f6bf6348 9.2/RPMS/cups-common-1.1.19-10.5.92mdk.i586.rpm
b60260260061314180b239b47326b96b 9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.i586.rpm
6a3cc8c852f46f3b3de385993d3c53bf 9.2/RPMS/libcups2-1.1.19-10.5.92mdk.i586.rpm
e53c2e66c366fac0ad470e5972170ac9 9.2/RPMS/libcups2-devel-1.1.19-10.5.92mdk.i586.rpm
811375f41b9f2c85e2bfa6f64a88a7e2 9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
d0d6cdc697cc7b200e5b2abd60121f10 amd64/9.2/RPMS/cups-1.1.19-10.5.92mdk.amd64.rpm
c528308bfd48852daecb0e7373c5f2bb amd64/9.2/RPMS/cups-common-1.1.19-10.5.92mdk.amd64.rpm
99b41ab64d07eba6b75b294a2137c4a8 amd64/9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.amd64.rpm
931920e3bf5e3aea34199e52f8bed860 amd64/9.2/RPMS/lib64cups2-1.1.19-10.5.92mdk.amd64.rpm
05acfa1a72f100c4607c8229784bb81d amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.5.92mdk.amd64.rpm
811375f41b9f2c85e2bfa6f64a88a7e2 amd64/9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com