Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                         MDVSA-2011:146
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date    : October 11, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in cups:

The cupsDoAuthentication function in auth.c in the client in CUPS
before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a
demand for authorization, which allows remote CUPS servers to cause
a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses
(CVE-2010-2432).

The LZW decompressor in the LWZReadByte function in giftoppm.c in
the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
and earlier, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which
allows remote attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
(CVE-2011-2896).

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896 (CVE-2011-3170).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
451f5c217b5607e6ae8e2c091b7ecc75  2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm
0c7f78718f376f9df426aa4dc1b6f93e  2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm
deefb9a51325690a9f4fe8fe519faf9f  2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm
bdea2daf7c44f8a5250df2d548a9e030  2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm
dd60444ba124fa9c024375b9356848d6  2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm
680ac463439bb2332229a52fb1d8a4c4  2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm
67417654d026df854d35370724c1565b  2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
557d87c9d241ae39c785c6373dd8b70f  2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm
f68379827c3e1dd18601fff8dd19621f  2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm
5439dfb021e198212a04698d95ddb5f2  2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm
6567d318f829bafaa625262159589806  2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm
17f56ba710371a2297d13880fc7676d7  2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm
8d29304cb6f1bbb89682bf852a2da6ed  2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm
67417654d026df854d35370724c1565b  2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm

Mandriva Linux 2010.1:
333f2b8f389a7210be1123ce092bbb8b  2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm
2f753bd61e2726d1099d2dd3d57f2eca  2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm
2d9ae53f0a159618391ef18c94561408  2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm
9fbb242780d33b802667d5babdeff105  2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm
461913f016aa628f81379e1a4e67151b  2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm
3b907ebc975bbf2d700edd64d44e5e79  2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm
d079c755b005a0336eef88cdaf7124a4  2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
0eb77a9809fcd349c3fa223781f7794e  2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm
e5e69d444efa6344cff81af4278c9755  2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm
6c0a637a71baa5c5a58ce5c4b28d0137  2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm
b34fcde9ed6ef29b76e816f800d11237  2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm
ebc1a568d6dee5bf1d88bdceded2a716  2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm
98f1846e79b75e9e0a3e98b15385d80d  2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm
d079c755b005a0336eef88cdaf7124a4  2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
776e12f8d570445f63c0a9437fcddd2e  mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad33a9c8115cc83c1008028bcb0e29c7  mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm
21b795c7736553fd6a825598976c866b  mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm
c3fd62dd50d3ce0b96ef0b3c2520ff89  mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm
34b4518819bfac3d5ea9d6e925b7945b  mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm
5403247140449d963d791c54df419b18  mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad71fafb07ed353fa7addfad6049cf8b  mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
7f11915d7803d01df1840d891882e6ba  mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
1a364126747bf4f24987c184344c4ec4  mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm
3d728c0528cc1ad0d23b1a511c122f68  mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm
1abee6673d58115557b11c5fded196d2  mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm
dab5b4d9ef8442301b180e21fc003b45  mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm
91955cdd36674dc12ba5bb716c2bee36  mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
ad71fafb07ed353fa7addfad6049cf8b  mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOktgPmqjQ0CJFipgRAhG2AKCAuUZh2rvZdtbjtd0ycVemOY39TQCgn0jF
Ee6oHfd4+Nq17qNb0y7s7Nc=
=lZgy
-----END PGP SIGNATURE-----