what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-096

Mandriva Linux Security Advisory 2009-096
Posted Apr 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-096 - Multiple overflows in relation to the Ghostscript code base also affect the printer-drivers package. The previous update went with a wrong require version of perl-base in the foomatic-db-engine package. It is fixed on this update.

tags | advisory, overflow, perl
systems | linux, mandriva
advisories | CVE-2007-6725, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792
SHA-256 | 10427fbc3d79e97597b7b3890a3f548ff78e24c923d7d9a2fe2d3811d36b02b7

Mandriva Linux Security Advisory 2009-096

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:096-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : printer-drivers
Date : April 24, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).

This update provides fixes for that vulnerabilities.

Update:

The previous update went with a wrong require version of perl-base
in the foomatic-db-engine package. It is fixed on this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
96dbc60a93ce4a6763d2455faf174a7b corporate/3.0/i586/cups-drivers-1.1-138.7.C30mdk.i586.rpm
22dc1a762f9a3a2fe5d7110b5eba3455 corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
d2c14e583a164b7869cf948e3c9807fa corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
bac7e6a9dc1c0001ce0e52ca46478ef8 corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.i586.rpm
d21db35d010cec004a08b81ea931e099 corporate/3.0/i586/ghostscript-7.07-19.7.C30mdk.i586.rpm
4a5ff90f604335520030e009c9bfa88f corporate/3.0/i586/ghostscript-module-X-7.07-19.7.C30mdk.i586.rpm
4f7585ce74121c1d5ac778502514b282 corporate/3.0/i586/gimpprint-4.2.7-2.7.C30mdk.i586.rpm
5d151dd1c5722bc6772f50906f1f8021 corporate/3.0/i586/libgimpprint1-4.2.7-2.7.C30mdk.i586.rpm
6451feff86856479e8a35ebf49f185f4 corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.7.C30mdk.i586.rpm
c4d87b25765d2db2efe1e45ad6ef9e16 corporate/3.0/i586/libijs0-0.34-76.7.C30mdk.i586.rpm
76d95e81afaba7c85f2263fb24a98ee8 corporate/3.0/i586/libijs0-devel-0.34-76.7.C30mdk.i586.rpm
2e816acf32ad22a5297565750840fa35 corporate/3.0/i586/printer-filters-1.0-138.7.C30mdk.i586.rpm
480c4991734be95df224865468a45e9a corporate/3.0/i586/printer-testpages-1.0-138.7.C30mdk.i586.rpm
5d0845002a84eb2a8c341039ce64a2fc corporate/3.0/i586/printer-utils-1.0-138.7.C30mdk.i586.rpm
903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
a45bd1c244e8c09768e8482ef0db740a corporate/3.0/x86_64/cups-drivers-1.1-138.7.C30mdk.x86_64.rpm
42836893a4f590eede9ffe95309c44f5 corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
97681dcc24ba1d656f5ccb90a3dc9551 corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
7988477ee8ec84c17d404300db27de1e corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.7.C30mdk.x86_64.rpm
dc7d3d21e5311227c9c7326e31b4a5b5 corporate/3.0/x86_64/ghostscript-7.07-19.7.C30mdk.x86_64.rpm
caf9a2010f126f6c5e75204ce97ae2a0 corporate/3.0/x86_64/ghostscript-module-X-7.07-19.7.C30mdk.x86_64.rpm
2b3ac0b759e0695a80a12f23f8f5e26a corporate/3.0/x86_64/gimpprint-4.2.7-2.7.C30mdk.x86_64.rpm
3bf97787fedfe9e9f4348c77a8aca100 corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.7.C30mdk.x86_64.rpm
9653764019d8fad3994332efd55a541a corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.7.C30mdk.x86_64.rpm
0d818179492f74a124d6bd28a3e2afe4 corporate/3.0/x86_64/lib64ijs0-0.34-76.7.C30mdk.x86_64.rpm
ca55063d9e24ac47784e6f5606bdc981 corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.7.C30mdk.x86_64.rpm
0e8cc9cc04b70fc207ebd843cd82bf5d corporate/3.0/x86_64/printer-filters-1.0-138.7.C30mdk.x86_64.rpm
ddf46b5e1937b911e7f8650ddc569798 corporate/3.0/x86_64/printer-testpages-1.0-138.7.C30mdk.x86_64.rpm
f90b734db08f01cac31a7f3b8c86528f corporate/3.0/x86_64/printer-utils-1.0-138.7.C30mdk.x86_64.rpm
903215b475cf0031bdd3f79983734c87 corporate/3.0/SRPMS/printer-drivers-1.0-138.7.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ9caLmqjQ0CJFipgRAq0AAKDMk/At0KOjwv8z1lMVVONLt8oU3ACg18sa
/GHaS3O+LLgMH6XSBnHCfiE=
=YDBP
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close