what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-170

Mandriva Linux Security Advisory 2008-170
Posted Aug 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-1722
SHA-256 | 6027428b40ba6f81523065dcc68298cdbbc56ec431a12d32a36b06ad82559a49

Mandriva Linux Security Advisory 2008-170

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:170
https://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : August 13, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Thomas Pollet discovered an integer overflow vulnerability in the PNG
image handling filter in CUPS. This could allow a malicious user to
execute arbitrary code with the privileges of the user running CUPS,
or cause a denial of service by sending a specially crafted PNG image
to the print server (CVE-2008-1722).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
e6e836d1d60b2fa4e89626ca342718da 2007.1/i586/cups-1.2.10-2.7mdv2007.1.i586.rpm
23bbf517fb49c494c964f2fd0c7e486f 2007.1/i586/cups-common-1.2.10-2.7mdv2007.1.i586.rpm
0dcf242590878f1bcc19a9a67f2bf6f8 2007.1/i586/cups-serial-1.2.10-2.7mdv2007.1.i586.rpm
b13c0e72bbbc55e9fc5d1d2fa233c815 2007.1/i586/libcups2-1.2.10-2.7mdv2007.1.i586.rpm
43ae6ae77fe663392eab35dd6e86dcf9 2007.1/i586/libcups2-devel-1.2.10-2.7mdv2007.1.i586.rpm
c485c64d51554dcae1636bae567d52bb 2007.1/i586/php-cups-1.2.10-2.7mdv2007.1.i586.rpm
02cf79142cb3188f74ac7b23826531ec 2007.1/SRPMS/cups-1.2.10-2.7mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
8704d20431f56cdfbfa2a81ff0c9716b 2007.1/x86_64/cups-1.2.10-2.7mdv2007.1.x86_64.rpm
e347090c027bfceb5d36077750bbde52 2007.1/x86_64/cups-common-1.2.10-2.7mdv2007.1.x86_64.rpm
03a84b9825640e559c2f22c0d498324d 2007.1/x86_64/cups-serial-1.2.10-2.7mdv2007.1.x86_64.rpm
8992cab63c56d088ac5e7f6e47c1380f 2007.1/x86_64/lib64cups2-1.2.10-2.7mdv2007.1.x86_64.rpm
3dfee471c6ab99379610af928d074063 2007.1/x86_64/lib64cups2-devel-1.2.10-2.7mdv2007.1.x86_64.rpm
d1803179503ff874539580d027d50f0e 2007.1/x86_64/php-cups-1.2.10-2.7mdv2007.1.x86_64.rpm
02cf79142cb3188f74ac7b23826531ec 2007.1/SRPMS/cups-1.2.10-2.7mdv2007.1.src.rpm

Mandriva Linux 2008.0:
ad1944423890980426468c9d2cc35292 2008.0/i586/cups-1.3.6-1.2mdv2008.0.i586.rpm
e2da311a716df6075450e3fc700f8fa0 2008.0/i586/cups-common-1.3.6-1.2mdv2008.0.i586.rpm
26952cab7a9352b7ee261e324cb2a864 2008.0/i586/cups-serial-1.3.6-1.2mdv2008.0.i586.rpm
596464ca36baba5e1ea8a3b82c0b5aca 2008.0/i586/libcups2-1.3.6-1.2mdv2008.0.i586.rpm
38628e8316b29e266bbfce642ff40ed4 2008.0/i586/libcups2-devel-1.3.6-1.2mdv2008.0.i586.rpm
16a7a67f6ea9d0533500a02f5fc2197d 2008.0/i586/php-cups-1.3.6-1.2mdv2008.0.i586.rpm
cf55fd60312efe614352598a124ad721 2008.0/SRPMS/cups-1.3.6-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
bc0185dc8eb598431661de50b6b67538 2008.0/x86_64/cups-1.3.6-1.2mdv2008.0.x86_64.rpm
07bc12fc705e94ba554b915b48778726 2008.0/x86_64/cups-common-1.3.6-1.2mdv2008.0.x86_64.rpm
bb085c47b0c75e6244d25c3ac6575013 2008.0/x86_64/cups-serial-1.3.6-1.2mdv2008.0.x86_64.rpm
7cae6612c1bcc43b0d8ecc14dd24b2b7 2008.0/x86_64/lib64cups2-1.3.6-1.2mdv2008.0.x86_64.rpm
b3566be34e2041b40f7ed6be97cec831 2008.0/x86_64/lib64cups2-devel-1.3.6-1.2mdv2008.0.x86_64.rpm
02195805095b57b48f41f82ae25ba35e 2008.0/x86_64/php-cups-1.3.6-1.2mdv2008.0.x86_64.rpm
cf55fd60312efe614352598a124ad721 2008.0/SRPMS/cups-1.3.6-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
cead86dad7a602167161f8e62fd6c43c 2008.1/i586/cups-1.3.6-5.1mdv2008.1.i586.rpm
2c3a0be519d0f027ef9ad58a0502ea06 2008.1/i586/cups-common-1.3.6-5.1mdv2008.1.i586.rpm
40a13e5f2d2d7b557cc3cd18a271444a 2008.1/i586/cups-serial-1.3.6-5.1mdv2008.1.i586.rpm
f7ac7c6daa9e94d7be7215d20b5a9dd8 2008.1/i586/libcups2-1.3.6-5.1mdv2008.1.i586.rpm
4e684a41c2174acc19a3ca26917503a5 2008.1/i586/libcups2-devel-1.3.6-5.1mdv2008.1.i586.rpm
cd62b541b3a8ff5076081aaa98dcd186 2008.1/i586/php-cups-1.3.6-5.1mdv2008.1.i586.rpm
2eed67e578b217fe60b9b88dd8f67efe 2008.1/SRPMS/cups-1.3.6-5.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
6260df80fd2ed6a506cda8b8e08a8965 2008.1/x86_64/cups-1.3.6-5.1mdv2008.1.x86_64.rpm
4d4f83b7b4c345ed09bcf7a30bcf563c 2008.1/x86_64/cups-common-1.3.6-5.1mdv2008.1.x86_64.rpm
ff623fb9ade013d2e9162171cda2987b 2008.1/x86_64/cups-serial-1.3.6-5.1mdv2008.1.x86_64.rpm
452d007674d0bf192a1b1e142b5b8425 2008.1/x86_64/lib64cups2-1.3.6-5.1mdv2008.1.x86_64.rpm
ec07d9fdf765dbccea3a85d65301b12f 2008.1/x86_64/lib64cups2-devel-1.3.6-5.1mdv2008.1.x86_64.rpm
3dc1a8a3673ed4c98b706067eea40b1d 2008.1/x86_64/php-cups-1.3.6-5.1mdv2008.1.x86_64.rpm
2eed67e578b217fe60b9b88dd8f67efe 2008.1/SRPMS/cups-1.3.6-5.1mdv2008.1.src.rpm

Corporate 3.0:
0c84961ab135d0c81a59983b423e6f38 corporate/3.0/i586/cups-1.1.20-5.18.C30mdk.i586.rpm
33e08698de8935b7b3bb627693e3977e corporate/3.0/i586/cups-common-1.1.20-5.18.C30mdk.i586.rpm
45a222373a898a51475335072a37398e corporate/3.0/i586/cups-serial-1.1.20-5.18.C30mdk.i586.rpm
5c5f642a54212359ea0fe8bc8f48820f corporate/3.0/i586/libcups2-1.1.20-5.18.C30mdk.i586.rpm
808274f44ab2b83782d86aa500f1af68 corporate/3.0/i586/libcups2-devel-1.1.20-5.18.C30mdk.i586.rpm
ff5c02e7f7db059ac70e3ca452888d28 corporate/3.0/SRPMS/cups-1.1.20-5.18.C30mdk.src.rpm

Corporate 3.0/X86_64:
63551ab65fc917f0ea559087868fe913 corporate/3.0/x86_64/cups-1.1.20-5.18.C30mdk.x86_64.rpm
9df06fb96d03ceafeccb24e542ad0d89 corporate/3.0/x86_64/cups-common-1.1.20-5.18.C30mdk.x86_64.rpm
05e18474c9421cd3e7c6e56bc6429c7a corporate/3.0/x86_64/cups-serial-1.1.20-5.18.C30mdk.x86_64.rpm
37836aa82b213bd6b1354acd78361cef corporate/3.0/x86_64/lib64cups2-1.1.20-5.18.C30mdk.x86_64.rpm
a8ba97db51bda184b146fa0e29a31cc5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.18.C30mdk.x86_64.rpm
ff5c02e7f7db059ac70e3ca452888d28 corporate/3.0/SRPMS/cups-1.1.20-5.18.C30mdk.src.rpm

Corporate 4.0:
039665809c005439fb99e971b676f535 corporate/4.0/i586/cups-1.2.4-0.9.20060mlcs4.i586.rpm
bce68ebe471af117fa0dd2033f6f18ea corporate/4.0/i586/cups-common-1.2.4-0.9.20060mlcs4.i586.rpm
434e0523b009d495b074e4efd595f36f corporate/4.0/i586/cups-serial-1.2.4-0.9.20060mlcs4.i586.rpm
3988cb0f999fb944ca315c80ecbac584 corporate/4.0/i586/libcups2-1.2.4-0.9.20060mlcs4.i586.rpm
8e805b458bb1b3d7539b1be47245b87c corporate/4.0/i586/libcups2-devel-1.2.4-0.9.20060mlcs4.i586.rpm
53cf97e5264d4e4e553ca58786b83f99 corporate/4.0/i586/php-cups-1.2.4-0.9.20060mlcs4.i586.rpm
4d3500f0c88fd849eed34e07325132ce corporate/4.0/SRPMS/cups-1.2.4-0.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b42cb1248dcb970ed386feb61e0053fd corporate/4.0/x86_64/cups-1.2.4-0.9.20060mlcs4.x86_64.rpm
23eaf7aff2f39c1f04007e10ebba98d0 corporate/4.0/x86_64/cups-common-1.2.4-0.9.20060mlcs4.x86_64.rpm
80f678e23d28a1e05c70a9e372538172 corporate/4.0/x86_64/cups-serial-1.2.4-0.9.20060mlcs4.x86_64.rpm
7394b5abd24c4e55ad9bcb906c8fe397 corporate/4.0/x86_64/lib64cups2-1.2.4-0.9.20060mlcs4.x86_64.rpm
dd46af363759816c8336d31c6da9c947 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.9.20060mlcs4.x86_64.rpm
af0d19bf838e3f8d548ab669459c1506 corporate/4.0/x86_64/php-cups-1.2.4-0.9.20060mlcs4.x86_64.rpm
4d3500f0c88fd849eed34e07325132ce corporate/4.0/SRPMS/cups-1.2.4-0.9.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0aa4175864fda95cc92b056ee8186fec mnf/2.0/i586/libcups2-1.1.20-5.18.C30mdk.i586.rpm
28e071126d2fbb4afaa0e35299440843 mnf/2.0/SRPMS/cups-1.1.20-5.18.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIo4jlmqjQ0CJFipgRAqHiAJ497++hlRzlTIWz1CKrGswLJ1TvNQCfemi8
ae/GaLEhDVGg1Bc6PHLtTYg=
=gLWC
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close