VARIoT IoT vulnerabilities database

The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. Wonderware SuiteLink Crafted by TCP Denial of service when processing packets (DoS) There are vulnerabilities that may be affected. Wonderware SuiteLink Is the protocol used in the control system. Implemented this protocol Wonderware SuiteLink Service(slssvc.exe) Is Windows As a service on 5413/tcp Use to communicate. Wonderware SuiteLink Service(slssvc.exe) In TCP There is a problem with the processing of the packet, and receiving a specially crafted packet can cause a service outage.Denial of service by remote third party (DoS) There is a possibility of being attacked. WonderWare is a supplier of industrial automation and information software solutions. WonderWare has a vulnerability in processing malformed request data, which could be exploited by remote attackers to render services unavailable. WonderWare's SuiteLink service listens for connections on port 5413 / TCP. Non-authenticated client programs connected to the service can send malformed messages, and by calling the new () operator, the memory allocation operation fails and returns a null pointer. Due to the lack of error checking on the results of memory allocation operations, the program may later use null pointers as targets for memory copy operations, which may trigger memory access exceptions and terminate services. An attacker can trigger a memory allocation operation failure by specifying an oversized field in the Registration message. The following binary program segment describes the cause of the vulnerability: .text: 00405C1B mov esi, [ebp + dwLen]; Our value from packet  ...  .text: 00405C20 push edi  .text: 00405C21 test esi, esi; Check value! = 0  ...  .text: 00405C31 push esi; Alloc with our length  .text: 00405C32 mov [ebp + var_4], 0  .text: 00405C39 call operator new (uint); Big values return NULL  .text: 00405C3E mov ecx, esi; Memcpy with our length  .text: 00405C40 mov esi, [ebp + pDestionationAddr]  .text: 00405C43 mov [ebx + 4], eax; new result is used as dest  .text: 00405C46 mov edi, eax; address without checks.  .text: 00405C48 mov eax, ecx  .text: 00405C4A add esp, 4  .text: 00405C4D shr ecx, 2  .text: 00405C50 rep movsd; AV due to invalid  .text: 00405C52 mov ecx, eax; destination pointer.  .text: 00405C54 and ecx, 3  ------------ /. Wonderware SuiteLink is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed. Versions prior to Wonderware SuiteLink 2.0 Patch 01 are vulnerable. UPDATE: References to Wonderware InTouch 8.0 have been removed; that software is not affected by this vulnerability. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. PROVIDED AND/OR DISCOVERED BY: Sebastian Muniz, Core Security Technologies ORIGINAL ADVISORY: Wonderware (requires login): http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm CORE-2008-0129: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2187 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Wonderware SuiteLink Denial of Service vulnerability *Advisory Information* Title: Wonderware SuiteLink Denial of Service vulnerability Advisory ID: CORE-2008-0129 Advisory URL: http://www.coresecurity.com/?action=item&id=2187 Date published: 2008-05-05 Date of last update: 2008-05-05 Vendors contacted: Wonderware Release mode: Coordinated release *Vulnerability Information* Class: Denial of service Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 28974 CVE Name: CVE-2008-2005 *Vulnerability Description* WonderWare is supplier of industrial automation and information software solutions. According to the company's website [1]: "one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more". WonderWare offers software solutions in the areas of Production and Performance Management, and Geographical SCADA and Supervisory HMI (Human-Machine Interface). Several of these solutions running on Microsoft Windows Operating Systems use a common software component, the SuiteLink Service, to implement communications between components using a proprietary protocol over TCP/IP networks. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario. *Vulnerable Packages* . *Non-vulnerable Packages* . Contact WonderWare for details. *Vendor Information, Solutions and Workarounds* The vendor has made a technical document available to registered customers detailing how to address this issue [2]. Additionally, an extensive guide detailing how to deploy and secure Industrial Control Systems is available at the vendor's support site [3]. Vendor Statement: Wonderware, a business unit of Invensys, is committed to collaborate with our customers and industry standards committees to provide secure applications, security best practices, deployment guidelines, tools and prescriptive guidance for maintaining a secure environment. A potential denial of service issue on an insecure network which could have been instigated by a hostile internal user has been addressed in SuiteLink 2.0 Patch 01. More details can be found in Wonderware's Tech Alert 106 posted on our website along with the Patch. (Please note that access to the Tech Alert and the Patch will require that you register on our web site.) Wonderware users interested in upgrading should contact Wonderware or their local distributor. *Credits* This vulnerability was discovered and researched by Sebastian Muniz from the Exploit Writers Team (EWT) at Core Security Technologies. *Technical Description / Proof of Concept Code* WonderWare SuiteLink is a service that runs on Microsoft Windows Operating Systems listening for connections on port 5413/tcp. .text:00405C54 and ecx, 3 - -----------/ *Report Timeline* . 2008-01-30: Initial contact email sent by to Wonderware setting the estimated publication date of the advisory to February 25th. 2008-01-30: Contact email re-sent to Wonderware asking for a software security contact for Wonderware InTouch. 2008-02-06: New email sent to Wonderware asking for a response and for a software security contact for Wonderware InTouch. 2008-02-28: Core makes direct phone calls to Wonderware headquarters informing of the previous emails and requesting acknowledgement of the notification of a security vulnerability. 2008-02-28: As requested during the phone call, Core re-sends the original notification mail, stating that an advisory draft describing the vulnerability is available since January 30th. The publication of the advisory is re-scheduled to March 24th. 2008-02-28: Vendor acknowledges the email notification. 2008-02-28: Core sends the advisory draft to Wonderware support team. 2008-02-29: Vendor acknowledges reception of the report and states that it understands the seriousness of the problem and that its development team will look into it. 2008-02-29: Vendor asks for a copy of the proof of concept code used to demonstrate the vulnerability. 2008-03-03: Core sends proof-of-concept code written in Python. 2008-03-05: Vendor asks for compiler tools required to use the PoC code. 2008-03-05: Core sends a link to http://www.python.org where a Python interpreter can be downloaded. 2008-03-10: Vendor requests more information about the network and the firewall settings used during the tests and inquires about conformance (or lack thereof) of the tested network with the vendor's security policies and recommendations. 2008-03-10: Vendor asks for details about how the advisory will be published. 2008-03-12: Core responds that the workstation running the vulnerable service had no firewall activated in the tests, but since the Wonderware SuiteLink Service allows incoming connections it is assumed that the corresponding port should be allowed to receive inbound session establishment packets. Core offers the vendor the opportunity to include additional information in the "vendor information" section of the advisory. Core explains that the advisory will be published on Core's website and sent to security mailing lists. Core also reminds the vendor that the publication date of the advisory has been moved from February 25th to March 24th, and explains that it is willing to discuss a new publication date on the basis of having concrete plans, with a specific date for the fix release. 2008-03-21: Vendor indicates that it will be unable to commit to releasing fixes by March 24th and requests publication of the advisory to be delayed to create a fix for vulnerable customers. The development team is investigating how long it will take to make such a fix available. The vendor indicates that the previous questions about firewall setup referred to the vendor's recommended practices to secure networks on which their systems run using firewalls and IPsec. 2008-03-21: Vendor indicates that it is issuing a Tech Alert to its customers to address the issue. Details about the vulnerability have been minimized in the Tech Alert. The vendor expresses concern about the level of detail included in Core's advisory and requests that those details be removed from the advisory because they give more detail than what is needed to make people aware of the issue, and may lend itself to use by people who might want to exploit it. Early estimates put the delivery time for a fix at approximately three months, and the estimate is not final. Vendor asks Core to delay any publication until it is able to have a software fix ready. 2008-03-21: Core asks if the three-month estimate should be assumed to have begun since the vendor's initial acknowledgement of Core's notification -- which puts the estimated date for the release of a fix at the end of May -- or since the date of the last email received (fix released at the end of June). Core indicates that as of today it still has no confirmation from the vendor that the vulnerability was replicated and identified, and that the fix is already under development or testing, and that is the information needed to re-schedule the publication date. Core is expecting to receive that information from the vendor, but in the meantime publication of the advisory is re-scheduled to March 31st 2008. With regards to the questions and requests about the contents of the security advisory, Core indicates that Core's technical publications are aimed at providing legitimate security practitioners worldwide with the technical details necessary to understand the nature of the security issues reported; so they are able to devise, by their own judgment, the risk mitigation approach that fits them the best. For that purpose, Core believes that it is fundamental that they have precise and accurate technical details about security issues -- as Wonderware itself has demonstrated with the request for further technical details and proof-of-concept code -- and that the whole reporting and disclosure process is transparent for scrutiny of all interested parties. 2008-03-21: Vendor acknowledges Core's email and provides a copy of the issued Technical Alert 106 and indicates that will provide more information by March 25th 2008. 2008-03-26: Vendor confirms to have replicated the issue reported and indicated that the Tech Alert 106 sent to customers confirms and recognizes the issue. The Tech Alert also points out what measures can be taken to mitigate risk. A project has been charter and is in progress to fix this issue and properly QA the fix. With regard to the contents of Core's report, it says that stating that a Denial of Service of SuiteLink communication can be created from a remote node sends a corrupted data packet seems to be sufficient to make people aware. The vendor says that is having trouble understanding what the value is in providing specific detail as to what technical issue is happening and asks for clarification to understand how this information would benefit organizations. The vendor acknowledges that the proof of concept code did help to replicate the issue and that without it, it would have needed more time to identify it from the report alone. The concern is that the details provided in the report may give a hacker a specific direction to look for the vulnerability. Finally, the vendor indicates that will have a better estimation for the rlease date of a fix by Friday March 28th, 2008. 2008-03-27: Core acknowledges the vendor's email and indicates that is looking forward to having the new estimate by Friday. 2008-03-28: Vendor informs that it has brought the estimated release date in to May 2nd. If things go well during QA, they may be able to bring that date in sooner and vendor requests that Core postpone publication until that time. 2008-03-28: Core re-schedules publication of the advisory to May 2nd 2008 and says that it considers this date final unless the vendor indicates any deviation from the current estimate with at least a week in advance of the publication date, in which case Core would re-evaluate postponing publication up to 5 working days. With regard to the previous inquiry about the advisory's content, Core states that the purpose of publishing security advisories and the rationale used to define their content is simple and hopefully, once explained, both reasonable and understandable. Core publishes advisories not only to make users aware of the existence of a given vulnerability but also to facilitate its mitigation by either official or any other means that the security community and/or the vulnerable user population may devise. In order to do so, Core has learned over the course of 13 years working in this particular field that it is fundamental to provide precise and accurate technical information about problems. It is that information that can help other security practitioners to determine how to prevent exploitation, detect attacks or to verify that a fix or workaround is actually functioning properly. Thus, Core believes that it is necessary not only to indicate the mere existence of the bug, but also to explain how to uniquely identify it in the vulnerable software (to avoid confusion with all other known bugs or to differentiate it from others that may be discovered in the future). It is also important to determine how the vulnerability could be used by potential attackers so that proper detection mechanisms can be built, for example firewall rules, or IDS and antivirus signatures. While Core recognizes that this may provide some additional data to would-be attackers, clearly it also provides preciously needed information to the defenders thus, leveling a field on which Core believes the attackers are initially at advantage. 2008-04-01: Vendor acknowledges previous email and indicates that it will provide a new update as soon as is available. 2008-04-28: Vendor informs Core that a fix for the vulnerability in SuiteLink has been released. 2008-04-28: Core acknowledges previous emails and requests an official vendor statement for the security advisory and more details about the vulnerable packages and versions. Multiple products use SuiteLink. 2008-04-30: The advisory is ready for release, but the publication date is re-scheduled to May 5th because May 1st is a public holiday in many countries (International Workers' Day) and Core does not usually publish advisories on Fridays (to avoid IT work on weekends). 2008-05-05: CORE-2008-0129 advisory is published. *References* [1] WonderWare website http://us.wonderware.com/ [2] Tech Alert 106 http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm [3] WonderWare Security Manual - Securing Industrial Control Systems http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIH2eAyNibggitWa0RAtlcAKCgV83vS0v4aLVTRtFmkBsEg0UPXgCdHL4p si+I8mGJwJuglh+QESsZ9ZE= =705O -----END PGP SIGNATURE-----

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. This vulnerability CVE-2007-0709 Is a different vulnerability.Service disruption by local users via: ( System crash ) There is a possibility of being put into a state. (1) NtDeleteFile Crafted in a call to a function OBJECT_ATTRIBUTES Through the structure ZwQueryObject Trigger improper validation of results (2) NtCreateFile Call to function (3) NtSetThreadContext Call to function. Comodo Firewall Pro is prone to multiple local vulnerabilities. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Comodo Firewall Pro 2.4.18.184 is vulnerable; other versions may also be affected. The NtDeleteFile, NtCreateFile, and NtSetThreadContext functions of the Comodo firewall do not validate parameters correctly. … . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. These can be exploited to cause a DoS by calling the affected functions with specially crafted arguments. The vulnerabilities are reported in version 2.4.18.184. SOLUTION: Upgrade to version 3.0. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls *Advisory Information* Title: Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls Advisory ID: CORE-2008-0320 Advisory URL: http://www.coresecurity.com/?action=item&id=2249 Date published: 2008-04-28 Date of last update: 2008-04-28 Vendors contacted: BitDefender, Comodo, Sophos and Rising Release mode: Coordinated release (BitDefender, Comodo, Rising), User release (Sophos) *Vulnerability Information* Class: Invalid memory reference Remotely Exploitable: No Locally Exploitable: Yes Bugtraq ID: 28741, 28742, 28743, 28744 CVE Name: CVE-2008-1735, CVE-2008-1736, CVE-2008-1737, CVE-2008-1738 *Vulnerability Description* Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls (BitDefender Antivirus [1], Comodo Firewall [2], Sophos Antivirus [3] and Rising Antivirus [4]) have been found that could lead to a Denial of Service (DoS) and possibly to code execution attacks. An attacker, utilizing these flaws, could be able to locally reboot the whole system shutting down the firewall or anti-virus protection. *Vulnerable Packages* . BitDefender Antivirus 2008 Build 11.0.11 . Sophos Antivirus 7.0.5 . Rising Antivirus 19.60.0.0 and 19.66.0.0 . Older versions may be affected, but were not checked. *Non-vulnerable Packages* . BitDefender Antivirus 2008 builds available through automatic updates, posterior to January 18th. Rising Antivirus 20.38.20 *Vendor Information, Solutions and Workarounds* 1) BITDEFENDER ANTIVIRUS (BID 28741, CVE-2008-1735) According to BitDefender, the flaw was not exploited by any malicious application, and it was corrected through automatic updates. Information on this issue can be found on BitDefender website at this location: http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html. Non-vulnerable products from Sophos are earlier versions of Sophos Anti-Virus for Windows, Sophos Anti-Virus for non-Windows platforms and all other Sophos products. The vulnerability is only exploitable if Runtime Behavioural Analysis is switched on. Even then the exploit will only be effective if the end user is using security settings that are lower than the defaults for most web browsers today, or if the end user agrees to activate an ActiveX or Java Applet from the webpage hosting the exploit. Workarounds to avoid this vulnerability include: a. Using the default security settings or higher on the latest version of your chosen web browser. In line with general security best practice we would also encourage end users not to download ActiveX or Java Applets unless confident about their content. b. Turning off the Runtime Behavioural Analysis functionality within Sophos Anti-Virus (customers will still benefit from Sophos Behavioural Genotype protection and other means of protecting endpoints against malware). N.B. Should an exploit be released into the wild, Sophos will deploy protection against that exploit. The fix for this vulnerability requires customers to reboot their endpoints. Given the low severity of the vulnerability, to minimise disruption to our customers Sophos will release the fix at the earliest opportunity that coincides with a necessary reboot of the product." 4) RISING ANTIVIRUS (BID 28744, CVE-2008-1738) A fixed version of Rising Antivirus can be downloaded from: http://rsdownload.rising.com.cn/for_down/rsfree/ravolusrfree.exe All Rising customers can also update up to a patched version through automatic updates. *Credits* These vulnerabilities (except the Rising one) were discovered by Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco y Rodrigo Carvalho from Core Security Technologies, during Bugweek 2007. The Rising vulnerability was discovered by Anibal Sacco from Core Security Technologies exploit writers team. These vulnerabilities were researched by Anibal Sacco and Damian Saura from Core Security Technologies. *Technical Description / Proof of Concept Code* We have found that BitDefender Antivirus, Rising Antivirus, Comodo Firewall and Sophos Antivirus have hooks that do not properly validate the arguments of the hooked functions before accessing them, and lead to the program trying to reference some invalid memory, leading in some scenarios to a BSOD (Blue Screen of Death). In our tests we used the kernel hooks probing tool BSODhook [5] in order to find any kind of insufficient argument validation of hooked SSDT functions. From Matousec paper [6]: "Hooking kernel functions by modifying the System Service Descriptor Table (SSDT) is a very popular method of implementation of additional security features and is used frequently by personal firewalls and other security and low-level software. Although undocumented and despised by Microsoft, this technique can be implemented in a correct and stable way. However, many software vendors do not follow the rules and recommendations for kernel-mode code writing and many drivers that implement SSDT hooking do not properly validate the parameters of the hooking functions." "Hooking SSDT functions requires extra caution. SSDT function handlers are executed in the kernel mode but their callers are executed in the user mode. Hence all function arguments come from the user mode. This is why it is necessary to validate these arguments properly. Otherwise a simple user call can easily crash the whole system. This bug usually results in a system crash. However, it may happen that this bug is even more dangerous and may lead to the execution of an arbitrary code in the privileged kernel mode." A local DoS attack, despite not being a very sophisticated intrusion attack, could be used as an accessory under several scenarios. It is commonly used by viruses as added feature, when the specific AV is detected on the infected machine, crashing the system just to annoy. Or by a human attacker, after a succesful remote intrusion with unprivileged credentials to make a computer resource unavailable to its intended users. Besides, this could be a very valuable resource when trying to fake some service that answers broadcasts request like a DHCP, allowing to start the service in another location replacing the original one. 1) BITDEFENDER ANTIVIRUS (BID 28741, CVE-2008-1735) BitDefender fails to validate the pointer to the 'CLIENT_ID' structure provided to 'NtOpenProcess'. So, if we pass an invalid pointer, we will crash the whole system. /----------- NtOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK AccessMask, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId ) .text:00010ADE push 0Ch .text:00010AE0 push offset stru_114E8 .text:00010AE5 call __SEH_prolog .text:00010AEA call KeGetCurrentThread .text:00010AEF xor ebx, ebx .text:00010AF1 cmp [eax+140h], bl .text:00010AF7 jz short loc_10B0D .text:00010AF9 call PsGetCurrentProcessId .text:00010AFE call PsGetCurrentProcessId .text:00010B03 push eax .text:00010B04 call sub_10724 .text:00010B09 test eax, eax .text:00010B0B jnz short loc_10B12 .text:00010B0D .text:00010B0D loc_10B0D: ; CODE XREF: sub_10ADE+19_j .text:00010B0D push [ebp+ClientId] .text:00010B10 jmp short loc_10B73 .text:00010B12 ; - --------------------------------------------------------------------------- .text:00010B12 .text:00010B12 loc_10B12: ; CODE XREF: sub_10ADE+2D_j .text:00010B12 mov edi, [ebp+ClientId] .text:00010B15 cmp edi, ebx ; Little check to avoid a Null Pointer - -----------/ Here it gets the pointer to the 'ClientId' value, and if it is non zero ('!= 0') it does not care where it is pointing to. /----------- .text:00010B17 jnz short loc_10B1C .text:00010B19 push ebx .text:00010B1A jmp short loc_10B73 .text:00010B1C ; - --------------------------------------------------------------------------- .text:00010B1C .text:00010B1C loc_10B1C: ; CODE XREF: sub_10ADE+39_j .text:00010B1C mov [ebp+ms_exc.disabled], ebx .text:00010B1F mov esi, [edi] ; Here it crashes - -----------/ It access to that memory, and if that is invalid memory the system will crash. /----------- .text:00010B21 mov [ebp+var_1C], esi .text:00010B24 or [ebp+ms_exc.disabled], 0FFFFFFFFh .text:00010B28 jmp short loc_10B3B .text:00010B28 sub_10ADE endp - -----------/ 2) COMODO FIREWALL PRO (BID 28742, CVE-2008-1736) In Comodo there are problems in the arguments validation of 'NtDeleteFile', 'NtCreateFile' and 'NtSetThreadContext' functions. 'NtDeleteFile' receives just one parameter, a pointer to an 'OBJECT_ATTRIBUTES' structure. These attributes would include the 'ObjectName' and the 'SECURITY_DESCRIPTOR', for example. This is the hook placed by Comodo at 'NtDeleteFile'. /----------- NTDeleteFile (POBJECT_ATTRIBUTES ObjectAttributes) .text:0001ACB0 push 1Ch .text:0001ACB2 push offset stru_1E3F0 .text:0001ACB7 call __SEH_prolog .text:0001ACBC xor ebx, ebx .text:0001ACBE inc ebx .text:0001ACBF mov [ebp+var_1C], ebx .text:0001ACC2 xor esi, esi .text:0001ACC4 mov [ebp+var_24], esi .text:0001ACC7 mov [ebp+var_20], ebx .text:0001ACCA mov [ebp+var_28], esi .text:0001ACCD mov [ebp+ms_exc.disabled], esi .text:0001ACD0 call ds:ExGetPreviousMode .text:0001ACD6 mov edi, [ebp+ObjectAttributes] - -----------/ Here it does a lot of 'ProbeForRead' checks to see if the pointers of the structure are valid. Nice! ('EDI' still has a pointer to the 'OBJECT_ATTRIBUTES' structure) /----------- .... sub_1A692 .text:0001A692 push 28h .text:0001A694 push offset stru_1E3C0 .text:0001A699 call __SEH_prolog .text:0001A69E xor edi, edi .... .text:0001A6B3 mov [ebp+ms_exc.disabled], edi .text:0001A6B6 push 72747052h ; Tag .text:0001A6BB mov ebx, 400h .text:0001A6C0 push ebx ; NumberOfBytes .text:0001A6C1 push 1 ; PoolType .text:0001A6C3 call ds:ExAllocatePoolWithTag ; Allocates memory to hold the data retrieved by ZwQueryObject .text:0001A6C9 mov esi, eax .text:0001A6CB mov [ebp+var_28], esi .text:0001A6CE cmp esi, edi .text:0001A6D0 jz short loc_1A74F .text:0001A6D2 mov edi, [ebp+ObjectAttributes] .text:0001A6D5 mov eax, [edi+OBJECT_ATTRIBUTES.RootDirectory] ; Here, the code retrieves the RootDirectory's field value from the structure, controled by us. .text:0001A6D8 test eax, eax .text:0001A6DA jz short loc_1A71B .text:0001A6DC push 0 ; ReturnLength .text:0001A6DE push ebx ; ObjectInformationLength .text:0001A6DF push esi ; ObjectInformation ; buffer where ZwQueryObject will put the object information .text:0001A6E0 push 1 ; ObjectInformationClass ; Specifies an OBJECT_INFORMATION_CLASS value that determines the type ; of information returned in the ObjectInformation buffer. It's using ; an undocumented type (OBJECT_NAME_INFORMATION) which returns an UNICODE_STRING structure .text:0001A6E2 push eax ; ObjectHandle ; Now, the user-controlled handle 'll be used here to identify the object by ZwQueryObject, .text:0001A6E3 call ds:ZwQueryObject .text:0001A6E9 mov [ebp+var_20], eax .text:0001A6EC test eax, eax .text:0001A6EE jl short loc_1A746 - -----------/ Here is where the problem shows up. The code does not properly validates the data retrieved by 'ZwQueryObject', expecting an 'UNICODE_STRING' structure. But it is possible to make multiple calls to the function using different handlers to obtain a null structure crashing the system when the code tries to dereference its 'Buffer' field. /----------- .text:0001A6F0 movzx eax, [esi+UNICODE_STRING.Length] .text:0001A6F3 shr eax, 1 .text:0001A6F5 mov ecx, [esi+UNICODE_STRING.Buffer] .text:0001A6F8 movzx eax, word ptr [ecx+eax*2-2] ; Here is the problem .text:0001A6FD mov [ebp+var_30], eax .text:0001A700 cmp ax, 5Ch .text:0001A704 jz short loc_1A725 - -----------/ 3) SOPHOS ANTIVIRUS (BID 28743, CVE-2008-1737) Insufficient argument validation of hooked SSDT functions on Sophos lead to a DoS. An attacker, utilizing this flaw, would be able to locally reboot the whole system shutting down the Firewall or AV protection. Although neither the vendor nor Core Security has found a means of exploiting the flaw to execute arbitrary code, it has not been possible to rule this out. In Sophos AV there is a problem in the arguments validation of 'NtCreateKey' function. /----------- int __cdecl NtCreateKeyHook(PHANDLE pKeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG TitleIndex,PUNICODE_STRING Class, ULONG CreateOptions, PULONG Disposition) [...] .text:0001C01C push 4 ; Alignment .text:0001C01E push 18h ; Length .text:0001C020 mov esi, [ebp+ObjectAttributes] .text:0001C023 push esi ; Address .text:0001C024 call ds:ProbeForRead - -----------/ Here it checks for 'ObjectAttributes' to be pointing to a valid address. /----------- .text:0001C02A mov eax, [esi+OBJECT_ATTRIBUTES.RootDirectory] .text:0001C02D mov [ebp+Handle], eax .text:0001C030 mov esi, [esi+OBJECT_ATTRIBUTES.ObjectName] .text:0001C033 mov [ebp+pUnicodeString], esi - -----------/ Now, it gets from 'OBJECT_ATTRIBUTES' a handle and a pointer to an 'UNICODE_STRING' structure. /----------- .text:0001C095 push 4 .text:0001C097 push 8 .text:0001C099 push esi .text:0001C09A mov ebx, ds:ProbeForRead .text:0001C0A0 call ebx ; ProbeForRead, it checks the pointer before the dereference. .text:0001C0A2 mov eax, dword ptr [esi+UNICODE_STRING.Length] .text:0001C0A4 mov dword ptr [ebp+stUnicodeString.Length], eax .text:0001C0A7 mov esi, [esi+UNICODE_STRING.Buffer] ; And gets from the UNICODE_STRING structure ; a pointer to the unicode buffer. .text:0001C0AA mov [ebp+stUnicodeString.Buffer], esi .text:0001C0AD push 2 ; Alignment .text:0001C0AF shr eax, 10h .text:0001C0B2 push eax ; Length .text:0001C0B3 push esi ; Address .text:0001C0B4 call ebx ; ProbeForRead - -----------/ It does the check, but here is the problem /----------- .text:0001C0B6 push gdwValue .text:0001C0BC lea eax, [ebp+stUnicodeString] .text:0001C0BF push eax .text:0001C0C0 push [ebp+Object] .text:0001C0C3 call sub_1cb40 - -----------/ The problem relies in the function not properly checking the 'Length' field of the 'UNICODE_STRING' structure. When doing the check, 'ProbeForRead' receives the length field of the structure as a parameter without any kind of validation. So, if we set this field to 0, 'ProbeForRead' will not raise any exception even though we were passing it an invalid address. And it will crash when trying to access to the desired invalid memory. /----------- sub_1cb40 [...] .text:0001CB5E xor esi, esi .text:0001CB60 mov [ebp+ms_exc.disabled], esi .text:0001CB63 mov edi, [ebp+pUnicodeString] .text:0001CB66 mov eax, [edi+UNICODE_STRING.Buffer] - -----------/ And here is where it will crash: /----------- .text:0001CB69 cmp word ptr [eax], '\' ; Reference the first pointed byte - -----------/ 4) RISING ANTIVIRUS (BID 28744, CVE-2008-1738) In Rising antivirus the code of the 'NtOpenProcess' hook does not validates if the pointer to the structure /----------- typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread;} - -----------/ is really pointing to mapped memory. So, when the code tries to dereference the pointer to check the 'CLIENT_ID->UniqueProcess' value, if it is pointing to invalid memory, will crash. /----------- NtOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK AccessMask, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ) .text:00010EAA push ebp .text:00010EAB mov ebp, esp .text:00010EAD push esi .text:00010EAE mov esi, offset Addend .text:00010EB3 push edi .text:00010EB4 mov ecx, esi ; Addend .text:00010EB6 call ds:InterlockedIncrement .text:00010EBC call PsGetCurrentProcessId .text:00010EC1 cmp eax, dword_11C8C .text:00010EC7 jnz short loc_10ECE .text:00010EC9 .text:00010EC9 loc_10EC9: ; CODE XREF: sub_10EAA+37_j .text:00010EC9 push [ebp+ClientId] .text:00010ECC jmp short loc_10EF0 .text:00010ECE ; - --------------------------------------------------------------------------- .text:00010ECE .text:00010ECE loc_10ECE: ; CODE XREF: sub_10EAA+1D_j .text:00010ECE call PsGetCurrentProcessId .text:00010ED3 mov ecx, dword_11C80 .text:00010ED9 push eax .text:00010EDA call sub_11070 .text:00010EDF test al, al .text:00010EE1 jnz short loc_10EC9 .text:00010EE3 call PsGetCurrentProcessId .text:00010EE8 mov edi, [ebp+ClientId] ; Here is the bug, if ClientId is pointing to an invalid address .text:00010EEB cmp eax, [edi] ; it will crash. .text:00010EED jnz short loc_10F0D - -----------/ *Report Timeline* . 2008-01-11: Core Security Technologies found a security vulnerability in BitDefender antivirus. 2008-01-14: BitDefender team is contacted by Core. 2008-01-15: BitDefender team asks Core for technical description of the vulnerability. 2008-01-15: Technical details are sent to BitDefender team by Core. 2008-01-22: BitDefender notifies Core that a fix has been produced and the flaw was corrected through automatic updates. 2008-02-04: According to the original schedule, the CORE-2008-0320 advisory would be released at this date, but similar flaws in other antivirus products were discovered by Core exploit writers team. Considering all BitDefender users are patched, Core Security Technologies does not release the advisory and continues the research of this issue in other products. 2008-03-20: Core analyzes similar vulnerabilities in Comodo Firewall, Sophos Antivirus and Rising Antivirus. 2008-03-25: Core notifies the Comodo, Sophos and Rising teams of the vulnerabilities. 2008-03-27: Comodo team asks Core for technical description of the vulnerability. 2008-03-27: Technical details are sent to Comodo team by Core. 2008-03-31: Rising team asks Core for technical description of the vulnerability. 2008-04-01: Technical details are sent to Rising team by Core. 2008-04-02: Rising team inform Core that the flaw has been fixed in the Rising AV 2008 version. 2008-04-02: Sophos team asks Core for technical description of the vulnerability. 2008-04-07: Technical details are sent to Sophos team by Core. 2008-04-11: Sophos team informs that the flaw is found in one of the antivirus drivers, and fixing it will require a reboot for all of Sophos Windows customers. Sophos would like to fix the bug in the next major version (second quarter 2009), in particular considering the fact that they were unable to come up with any practical use of this vulnerability. 2008-04-14: Comodo notifies Core that a fix has been produced. 2008-04-14: Sophos informs Core that they will be able to release a fix to the vulnerability at the end of October 2008. 2008-04-21: Core responds that they will reschedule the publication to April 24th, 2008. Since the vulnerability is not critical, and has been found using publicly available tools, like the other vulnerabilities included in the advisory, Core doesn't see a reason to postpone the publication of the Sophos bug until October 2008. 2008-04-21: Sophos asks Core not to release details of the vulnerability until a fix is available, and not to publish Proof of Concept code. Sophos informs that they do not believe that arbitrary code execution is possible. 2008-04-24: Core responds that the advisory does not contain Proof of Concept code. Core confirms its intention of publishing the advisory, including the technical description, but decides to postpone it to April 28th, to give the participants more time to coordinate the release of public information. 2008-04-25: Sophos provides additional information, included in the "vendor information" section of the advisory. 2008-04-28: CORE-2008-0320 advisory is published. *References* [1] http://www.bitdefender.com [2] http://www.comodo.com [3] http://www.sophos.com [4] http://www.rising-global.com [5] http://www.matousec.com/downloads [6] http://www.matousec.com/info/articles/plague-in-security-software-drivers.php *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFj4WyNibggitWa0RAkUcAJ9yUGXQQV5ZQ1J0R2U+MSTMRuHa4wCgkXh1 UGe5qGGTXrCSFfFX3JH6ovE= =3mt3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Safari is prone to a denial-of-service vulnerability

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Safari is prone to a remote security vulnerability. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 4 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Safari Address Bar URL Spoofing Security Issue SECUNIA ADVISORY ID: SA29900 VERIFY ADVISORY: http://secunia.com/advisories/29900/ CRITICAL: Less critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari for Windows 3.x http://secunia.com/product/17978/ DESCRIPTION: Juan Pablo Lopez Yacubian has discovered a security issue in Safari, which can be exploited by malicious people to display a fake URL in the address bar. The security issue is confirmed in version 3.1.1 on Mac OS X and Vista. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Juan Pablo Lopez Yacubian ORIGINAL ADVISORY: http://es.geocities.com/jplopezy/pruebasafari3.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple QuickTime is prone to an unspecified remote code-execution vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. Successful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application. This may facilitate a compromise of affected computers. This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. Safari is prone to a denial-of-service vulnerability

Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. FirePass 4100 SSL VPN Firmware 5.4.2-5.5.2 and 6.0-6.2 are vulnerable. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 3 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Input passed via the URL to the "installControl.php3" script is not properly sanitised before being returned to the user. SOLUTION: Do not follow untrusted links. Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Alberto Cuesta Partida, 514.es ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Both BT Home Hub and Speedtouch are home wireless Internet routers. The default WEP/WPA key algorithm used by BT Home Hub and Speedtouch routers is predictable, and remote attackers can predict keys based on some public information (such as MAC address or SSID) so that they can completely invade the router. For Speedtouch router router: S/N: CP0615JT109 (53) Delete CC and PP values: CP0615109 converts XXX value to hexadecimal: CP0615313039 through SHA-1 processing: 742da831d2b657fa53d347301ec610e1ebf8a3d0 converts the last 3 bytes into 6-byte characters The string, then added to SpeedTouch, becomes the default SSID: SpeedTouchF8A3D0 converts the first 5 bytes into a 10-byte string and becomes the default WEP/WPA key: 742DA831D2 for BT Home Hub, the only difference is Use the last 2 bytes of the SHA1 hash to get the SSID: S/N: CP0647EH6DM (BF) Delete CC and PP values: CP06476DM16 encoding XXX: CP064736444DSHA1 encryption: 06f48a28eba1ab896a396077d772fd65503b8df3 Default SSID: BTHomeHub-8DF3 default encryption key: 06f48a28eb. Multiple wireless routers are prone to a vulnerability that can allow an attacker to predict their default WEP/WPA encryption keys. Attackers can exploit this issue to bypass authentication to an affected device, which can allow them to completely compromise the device or to gain access to the private network

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox for Mac OS X is prone to a memory-corruption vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects Firefox 3.0. Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 13 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Javascript Garbage Collector Vulnerability SECUNIA ADVISORY ID: SA29787 VERIFY ADVISORY: http://secunia.com/advisories/29787/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ DESCRIPTION: A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 2.0.0.13. Prior versions may also be affected. SOLUTION: Update to version 2.0.0.14. http://www.mozilla.com/en-US/firefox/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Mozilla Foundation: http://www.mozilla.org/security/announce/2008/mfsa2008-20.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. For more information: SA30761 SA30911 SA31120 SA31132 SA31984 SA32007 SA32192 SA32693 SA32713 SA33203 SOLUTION: Apply patches. -- SPARC Platform -- Firefox 2.0 for Solaris 10: Apply patch 125539-06 or later. OpenSolaris: Fixed in build snv_95 or later. -- x86 Platform -- Firefox 2.0 for Solaris 10: Apply patch 125540-06 or later. OpenSolaris: Fixed in build snv_95 or later. =========================================================== Ubuntu Security Notice USN-626-1 July 29, 2008 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-2785, CVE-2008-2933, CVE-2008-2934 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.1+build1+nobinonly-0ubuntu0.8.04.3 xulrunner-1.9 1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 105875 20bf75de131b805b31602d03f76edcdb http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1605 0a4c85fb6f3771e494cb2596eb174f42 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 10830088 546304d00e486587023418bef4c8c17e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 77642 dd673f6d7523c5129df6775c369f55b1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1669 7fbd2e794a99288141e6c5fd6ca7bb8b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 40083410 802b0c07675ba0d1cc1819a6dac22c94 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 9fb1bd4f57c4ddaf255dec745cfb6394 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65824 9352e1cba510bcaed37478516413e41a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65784 3ef3e033acca41bf431e196289ff3075 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65776 30a60ceed5a490065dddb86dcbc44917 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65926 093d9772c250695694846c4a862151e4 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65832 2f47d1abc1cfee76a537e665c2a961e3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65782 852eac738d3bf243f6f3ab707cab7de1 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8978 4ee6943368ba1582827914b014aa0b12 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8964 9df1e05f125072a41decae2f03ed796d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 4cdc3a9a27af41bd6fadf4f9f1271af0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65774 a12883abab5cdc8fd1be41abec1d2553 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65768 d30e21a3afcf4897450a2220b0448c52 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8944 ddb77e423b0d2fa01775998de6d16074 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65792 662c3740f2451030de9dbeef8915cd53 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8938 19647a69ea1a19fb20c3d832efb3f667 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65762 2948beefbc937ce8014246761aa5c42f http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 125048 61ddef6346ed04823e4e08cb8b5915ad http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 235166 7dcc225d1e6a35d1c72d83478b264b03 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9030 51c56b6eb17a90596664e5de1efcfaf0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 29598 bdb8fd33fbb551fba94829b6de8f48c8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 1086692 9e85d93762021da9663079eb43a806ec http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 4034992 ded5cd52011190445b8cdbbc387dbb0e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 48708 63a365a1ed33bdd9f3e86c704639c54b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9020046 ce8df3e6a4d09ac7c1429f63a69bb164 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 9032 9655df6f35d580fcd316fdbe35b25c44 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 25740 b449c8c524b7cb50e05a5092bb1692ad http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 1064456 58ffa05cc64086c5c51ff694beca780d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 4016584 3c8e123c09ff04f63cde52effc867f0d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 38500 8934fc3c6cdfa988ad9dee140be7373d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 7749536 7ef6da6f25b7e0878419acccc052da3f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 9028 fdd61fb530a3339c1fffbd9ece833d8e http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 25344 7666413c6a56eb14c3708ad2e16470c7 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 1062684 ec46a573876b24eb4748bd01a2bb5435 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 4012106 243d516f2dc244758d3568e4ead4839f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 37592 d9c551a6e990c7e63b457d7c6166113a http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 7639310 ff4c7144795f6fa0a38b0f065c04db8e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 9032 5ffb1ce496a65cc0cfa57405a249426c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 27506 ee4f59f65df53fdf3e09fa271e290dbc http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 1078404 8ee97515994e3deac2fe7aabbbbe15ab http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 4023136 5342ffc1f46ff68174dca7b3621eeab0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 43654 649fa96e5214857fff22b53455e99bac http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 8595530 7a92e064fe96a000b0d9a507c0827555 . This can be exploited to free an uninitialised pointer via a specially crafted GIF file. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system

Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. Cisco Network Admission Control (NAC) Appliance Contains an information disclosure vulnerability. This may facilitate the complete compromise of the device and may lead to further attacks. This issue is documented in Cisco Bug ID CSCsj33976. This issue affects the following versions of the NAC appliance software: - all 3.5 versions - all 3.6 versions prior to 3.6.4.4 - all 4.0 versions prior to 4.0.6 - all 4.1 versions prior to 4.1.2. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml. No other Cisco products are currently known to be affected by this vulnerability. Details ======= The Cisco NAC Appliance solution allows network administrators to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. The solution identifies whether machines are compliant with security policies and repairs vulnerabilities before permitting access to the network. Obtaining this information could enable an attacker to gain complete control of the CAS remotely over the network. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss. * NAC Appliance Shared Secret Vulnerability (CSCsj33976) CVSS Base Score - 10.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability could allow an attacker to take complete control of the CAS remotely over the network. Software Versions and Fixes =========================== Each row of the following software table (below) describes the earliest possible releases that contain the fix for this vulnerability. These are shown in the "First Fixed Release" column. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). +---------------------------------------+ | Affected Releases | First Fixed | | | Releases | |----------------------+----------------| | NAC Appliance | Vulnerable - | | software version | Contact TAC | | 3.5.x | | |----------------------+----------------| | NAC Appliance | | | software version | 3.6.4.4 | | 3.6.x | | |----------------------+----------------| | NAC Appliance | | | software version | 4.0.6 | | 4.0.x | | |----------------------+----------------| | NAC Appliance | | | software version | 4.1.2 | | 4.1.x | | +---------------------------------------+ You can download NAC Appliance software from http://www.cisco.com/public/sw-center/ciscosecure/cleanaccess.shtml. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------------------+ | Revision | 2008-April-16 | Initial public | | 1.0 | | release. | +-----------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +---------------------------------------------------------------------- All contents are Copyright (C) 2006-2008 Cisco Systems, Inc. All rights reserved. +---------------------------------------------------------------------- Updated: Apr 16, 2008 Document ID: 100782 +---------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIBhW586n/Gc8U/uARArhVAJ945/SIFFcZfqjuVRNl+8R4CTYgZACfVfYh 3tRLhF0zXPh/7NL9INMpM8s= =OAQT -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 13 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. These issues affect versions prior to CUPS 1.3.9. Common Unix Printing System (CUPS) is a common Unix printing system and a cross-platform printing solution in the Unix environment. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The Silicon Graphics Image (SGI) file format parsing module of CUPS has a heap overflow vulnerability when parsing malformed Run Length Encoded (RLE) data. The cause of the vulnerability is that the read_rle16() function does not properly validate the value of the line read from the file and uses this value to control how many 16-bit integers are stored in the heap buffer. If a small graphics dimension and a large number of lines are provided, it will May trigger a heap overflow. The WriteProlog() function of the CUPS texttops application uses multiple values ​​obtained from attacker-controlled content in the multiplication operation when calculating the page size used to store PostScript data. This calculation may overflow, resulting in an incorrect total page size. size. This value is then used to allocate a heap buffer filled with attacker-controlled content, triggering a heap overflow. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. This is related to: SA29809 SOLUTION: Updated packages are available via Red Hat Network. 1) Two boundary errors exist in the implementation of the HP-GL/2 filter. 2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. PROVIDED AND/OR DISCOVERED BY: 1) regenrecht, reported via ZDI 2, 3) regenrecht, reported via iDefense CHANGELOG: 2008-10-10: Updated CVE reference list. For more information: SA32226 The vulnerabilities affect all Avaya Messaging Storage Server versions. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: CUPS PNG Filter Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA29809 VERIFY ADVISORY: http://secunia.com/advisories/29809/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: CUPS 1.x http://secunia.com/product/921/ DESCRIPTION: Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.3.7. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Thomas Pollet ORIGINAL ADVISORY: http://www.cups.org/str.php?L2790 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. These issues affect versions prior to CUPS 1.3.9. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The WriteProlog() function of the CUPS texttops application uses multiple values ​​obtained from attacker-controlled content in the multiplication operation when calculating the page size used to store PostScript data. This calculation may overflow, resulting in an incorrect total page size. size. =========================================================== Ubuntu Security Notice USN-656-1 October 15, 2008 cupsys vulnerabilities CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.11 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.6 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.8 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the SGI image filter in CUPS did not perform proper bounds checking. If a user or automated system were tricked into opening a crafted SGI image, an attacker could cause a denial of service. (CVE-2008-3639) It was discovered that the texttops filter in CUPS did not properly validate page metrics. If a user or automated system were tricked into opening a crafted text file, an attacker could cause a denial of service. (CVE-2008-3640) It was discovered that the HP-GL filter in CUPS did not properly check for invalid pen parameters. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-3641) NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the the fix for CVE-2008-1722 applied. This update includes fixes for the problem. We apologize for the inconvenience. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.diff.gz Size/MD5: 102981 403c1494b264696702f055fc5cdcc60d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.dsc Size/MD5: 1052 cc47231c220e8d0e1659cf83d9e08445 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.11_all.deb Size/MD5: 994 8b094f8389b70e0153d7bbfcd23ed912 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 36226 ddea26501964356559ee3a11124acd8b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 81902 670924b1b9a36db787e3b4cc6a7f1782 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 2286676 455fe7748b3ab167658bb5b42ef0363a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 6086 dc0bd3799366e32503466ba4588fc4df http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 77226 31e781bf2c8f0f4140799b21b9d0484a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 25742 6812b0831f37474b50607e4c6eb83fe5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 129960 88a0b954c9f50df6aa37824b3da7041b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 34768 d04de29dfcca09a4dc70a385e8a0766b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 77974 efed93511d0ee579706e5cf538378dbd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 2253974 30ac219c7cd66460df6fa2b76c147ae8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 6090 648459c3b58ddaf1fc646c8cd476e9f8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 76350 d044f4fa44a792c81bca198f44687a1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 25740 4c97e6e30f95bd3c3a32c761db4f5183 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 122178 7298a6d762d2edbe6fd107656932f32a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 40468 24cf01572a6f790296c1accba097352c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 89528 0172b346d78458df1a6cd91a371b3b67 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 2301292 f1a755a88fde554fdabbfb8081a88e52 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 6098 f3e962ddc060712ed3ba78bb5625d5e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 79004 de095980afadd9352e5d7e92600d75b5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 25744 21a4d908ae8de551cda885d4835d69c0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 127932 6e50fa3fa4185c781551e5744331f20b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 35392 ede504cfaaf1e068c68b3fa759777098 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 78712 49f458e339846bcc2eb9ffdc482de5be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 2287588 864ab74a020db94ab2acc1283720a05c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 6092 58c6f56f79c35af1b0ca47eaeedd7ea3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 76262 759f3df1a04440d71ae6634109045bf6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 25740 8bbdc7b4842df909bdfb95b96fd9f884 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 123662 4c4f4a4faae61a0c3901c63fe58bbf26 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.diff.gz Size/MD5: 160216 80696d47933857b9665da1492f9a801b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.dsc Size/MD5: 1143 0dbd641692767f4e2e5b7f390c412a9f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.6_all.deb Size/MD5: 926804 41e6c60357740e668198976afcce6bd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 37404 2d7cb4cb3bfeeeb5af3db756f1a0a5be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 83230 361cd5ffca4125245798312c3a9c7eaa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 1638902 a502a4f981385dcba50ed5b6fc8fe969 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 56598 a9f413ff725abe42af63312ea6e826e7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 104860 7bfc0e70546baa2c98421a9dd7a373e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 144852 9d30fa04e2aa415fb126188aa4d32349 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 182728 0ed6d4f8c813e2c36bcaa7b7ca98ccad i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 36712 014d51e184b4435a28c1e820455fb0a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 80752 4d29ca2e6d3de00e3a10c55c677c8cd6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 1621450 551c9d7c9836efe7a927a609699976ad http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 55720 b70e3b3a1c86aa782a42fcf1a40ff197 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 104592 ececfa4f50e077d5049116a47cc44965 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 139320 b5c4606316c175feac7dd9a8f78acc56 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 179030 b2bb50b90caac66408739e67ecc9fdb5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 46766 ad2b053736a2165b39f1749b7e3409e0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 101094 bea4c45325710b1e2d5e67dceb7853bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 1696124 7e3469aa52e2de4e93352e44f7623305 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 56398 47755a89a609e4401d70f6adcfcfb9a5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 110478 94a5f78770c410fce9a0c88a187fe9c4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 141178 69f22a6730b291c9df2b0541c07223d6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 188650 634498a8eb5ab4c75eab74e1655234b1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 37778 cde58d9fa7d256698ef6ba128b16a799 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 83740 072c6f65496619d5808c542d3a2ebe97 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 1659626 a5b6c19a436e9737af44cbaee93d093c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 54928 5a8347021b82084600e0d08971cb41a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 104156 ca7b062c097aa7f92a9085615fc3e828 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 141756 299acfe9e1964d21e7ba2fc3a390ded8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 178292 02e3059c98fb42cb83173e0b3a08d469 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.diff.gz Size/MD5: 128977 cc7a79b80d0cc2caa8f9c5aea2f9397b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.dsc Size/MD5: 1218 4f603d11b93e600bd82009983bc88580 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.8_all.deb Size/MD5: 1080404 6419c157fd22fcfb2e1563ccced2fcae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 37204 88b05a4cbb9f5714951edade3dd0609b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 89506 cb352043a1985e24614dc27ffa5ded01 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 2034890 3a2c4daded2923691da8fe3f60d93f3e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 60020 5007c193bb8416754a9d7e7ad09c4808 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 46884 9a2fd628887a01cc2fcb49131ec8ed0f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 152014 7a9debd353faa26803f0e8707a97697a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 186418 13e510e27e1025732d203a933ded8ade i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 36486 05cb382029ccb2285530af9de662b686 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 86494 80b08f6080ed3c46e4fc954da05d9e6d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 2018384 16b0a7b694a38e4616fce6415116a7e9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 58882 8572d274d06e1a650d2d5199ea5dcf6f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 46280 158a4aef965ef1c697c5c7aef53f9e90 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 145692 36b5af34074b13e44e2d2ae5f76fa6fc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 183190 fe12de8de5a779538844e2aecd5ccedb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 36570 f73b632b59630a2727e45be083730c23 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 88054 07cfc2fdf8615471278b10550f713a3e http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 2020696 d97dab5d5a099884f7bca77dd118233a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 59624 d582e3100eaf68e9b10585ca6ce0a078 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 47662 a2e2c5cc101d720249efd108b1a724ca http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 142426 8e91390ca3bb0bd98ab7a43017e38a90 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 181382 0806d0e1be2fdb48b873ea977107b759 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 46502 1f2a7db4dd6dfc7910a9c84f28425537 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 107736 9a34baee6e8356d911d637e52fcb0747 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 2099614 b0f8237ccff1e54e070645e79e085794 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 59494 c3c1a6f415dacee7b5f0e63e0f83ca6c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 51856 91fcaca5686ce2070e654699b60514f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 146952 205fedd96bd614314b2e9ecb18e78f53 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 192204 0033c62b251a505fb7d80b5b8c96f6b6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 37558 f568ceabe0e419d263b75a5c852eb10a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 89606 d916d0d9478082000a0f698347613387 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 2061026 a1b9da985d3d0211790f170443e74ac9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 58098 dc5d816068b451c8926dd06a25e1715b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 45572 9976f70a905893735ee445cca7ecda7f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 148486 48954d641e131708913530887d28c064 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 182218 074755797d588b92f7030c0a9562cb67 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.diff.gz Size/MD5: 133549 8146f7a668701caad4379707ccedf538 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.dsc Size/MD5: 1433 de3ffa5e20bdbc0bd61cf543cc2d351f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.1_all.deb Size/MD5: 1143834 7230e79bb0d6a1435f3ce0de114e1ad3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 37530 0362fc9c1260486e4d1dcccca8dc60a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 89982 9a1ac844025f66fb85357e1807256331 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 1880646 233fbeadff826a6b6f22347559fe8bf5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 60892 98a65443be4d97fb1de2f8580dd67e40 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 50356 89ca2e97385912ebf2ffe8a0871610d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 344926 631f297ea0a13321c61ee211d65fceab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 177500 8dd137567dbc9644bda3b0a799cb2f6a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 36952 deba752b21bdf04393626cf35ebb79eb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 88408 2e76b5856bde6afe82da9a6b03a98026 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 1862954 aaa0817cb6b67729276e799275ad3346 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 60090 b37d935af9661002730cd5cb2b3f11d3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 49838 a1d85e18616340eed3778b5286890c08 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 339344 f3d29993795e7172667356c8d255f296 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 174354 b1d7b741729749c6a3249fbcd0babe56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 36676 c46beddd8f227e1ee0b1c9a80d41b19a http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 88734 c8b70c2665734c45caa22ae41f60b486 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 1865262 27de39c2fbe2471f11b7756b5bc02cc3 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 60540 b54c6711e74c55777f0e509f642c42f0 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 50860 64989632d1f49f5d25209bb9a68809d5 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 337020 ca60ea21ad93aca447e1ae04e0ad818f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 173276 6e0af5026f452171993817fbd6e6b4e7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 46932 d8e051bd4e95f28090036d7087437127 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 110808 44e0741ccd8b9edab092b835c6831aca http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 1949134 0facca356ce9e5ffdacffde23d0713e3 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 59924 367a29bd4545906374eb27c511d33658 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 54940 d762741ddd48f75e0e54ffd0efc45645 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 341670 0958081b22a680ccf1f30abc36c06054 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 183238 e303094f36fcc1af0ac40321411bd90a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 38028 a8ee904a732a7392314b9b4f2faf5557 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 91034 832edccd7ed2eec51759bbcce97536b1 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 1897904 31192c6d2b5a6dca4eaf065c541795fc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 57856 398dadf7e1ee5075e4d3e2a4766b4580 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 48242 cc45265b41fd932d084a6bce9888e67f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 341388 9411fb065604b882530faf47a0a85d4e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 173184 4a5e9e3508932262eefe3b08f94019d0 . For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch5. For the unstable distribution (sid) and the upcoming stable distribution (lenny), these problems have been fixed in version 1.3.8-1lenny2 of the source package cups. We recommend that you upgrade your cupsys package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb Size/MD5 checksum: 48742 9c6f61fb9c5af3f1496c249eb79542ce http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb Size/MD5 checksum: 1569620 943fdc257cdf387c1a161adff88623bd http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb Size/MD5 checksum: 85468 3e9d699071d741d86c5e2fbcc91a5241 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb Size/MD5 checksum: 35940 0bb609f5c990c932c0fed843bb659062 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 84800 df6569c3eaad919b7f7768a75277838f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 91988 08040e0dcc8cc99298d40aa370be50cc http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 1624214 e5d55a0aeacee0d85d7899018725b3d3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 153956 e11bfd3cb812f0892238a676a3453967 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 171790 5b483d2f739ed456d94cf28047b2b2f5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 39548 181a14e58af274287bf02f8a758b70b5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 57398 715a6f4bb1b68b8a384a85ac384de668 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 1032836 e1d9158ff6134678b976331566db0076 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb Size/MD5 checksum: 999302 2ccf6ae0ef6f3d3dd56e484ba2199313 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb Size/MD5 checksum: 160638 f22f7da23cd3dea82d49cc9900d62512 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb Size/MD5 checksum: 138276 392028f61da2c29dcab1ffe3b4fe072f http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb Size/MD5 checksum: 1548856 e1e04e47f556586eb83aff005d4870d2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb Size/MD5 checksum: 36474 9bea3cd926f04da508b6a714f0a1daac http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb Size/MD5 checksum: 86776 f3188eafaa1bd01a7b92d9403aab03a1 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb Size/MD5 checksum: 79878 ba1ed2b707101da54b3990b33ee1d877 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb Size/MD5 checksum: 53276 346cdebc7980089b28610ceb30f65519 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 106226 829b2e5f435c8fb5eee03513654ee12f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 106998 08fcec24b8c165542d986a1fd174ddd3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 46336 32d29b5c2986070f5d5b909864952dc3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 1771030 e7b261b4627ee20a3083a4f18a382e24 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 192370 576e218a37e677170e9201946f24da5a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 1108310 bdee8fbcfd10ba2847ab81ced8e9cc73 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 204232 d5eb2138a8584813643dfe4e39d2fefb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 74224 846a87584f78285569aee9c037b677d9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 158560 74bc73b9eb3c7494ce762f7beb9ab4cd http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 1553460 cd35f3de34290840be09b1b10729d7b3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 150900 150e5405933cef2a8cf9147d88c9a4fb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 57860 2b7cdd4399e2893d2df0b5568d766239 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 86996 d4776eace76cb37f72557a44d053a677 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 1085494 429194a44228d669ecfa2acdeadf55e6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 36058 f28b3f705fd293fc82a256d571119452 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 77448 4a9be71b3fc25253b1e77c2594e7f508 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 51880 d1b872415002b54aba1ef54833cd5564 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 90008 fe2be6aba034693532a01b653781f501 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 1576600 d954a84710f9671d34eca72922f8d1d8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 136868 ee633edb72a9d6d74481d9fe17d887d5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 1143388 320529a907596704df487d89978e1948 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 41296 8e0fed6ae1645411f4daa52842ead589 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 163206 d0fc59550e27b346adb422e4d82cecaf http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 88476 dfe47fbfeef0a714d6397ec9467165af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb Size/MD5 checksum: 1037260 a151e36916ffd7eae88e6b82cc0c08d7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb Size/MD5 checksum: 37420 b095022e25c603ee57748795c4ec423b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb Size/MD5 checksum: 82338 3417e5562b6aa064ab5d3d11f15a69fb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb Size/MD5 checksum: 87928 6eea10e5b223fbd5f5a8d524bb03ab8e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb Size/MD5 checksum: 1587330 8b66abd7e3156f3beeaa27fbd971cbde http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb Size/MD5 checksum: 166710 10f172f4c48ab9981d7c48564a2142a4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb Size/MD5 checksum: 144932 3955c00c6293f7aec0a7cb9edb28a16d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb Size/MD5 checksum: 52524 b4e639621d58f91a8ec32043534c008f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 51826 8e3613f9041774f1dd42586782780fb5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 159434 d2352f19b51feab43fc17b5e3f17bb2b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 138734 8b53d144485267cb99ec8a32262446e8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 1577758 748b77d9e54a363d46cd61548e72df7c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 996834 0ad8037cbb3959581a0aeb29eb84a853 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 85790 16bf4ce2378a68fc9b0ce4052e463e5d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 36062 426fe5dbac939828393d99e561abf0e3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 78608 f469105c5d9f121c333d5e4ac315c7be These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkj8vewACgkQXm3vHE4uylo3VQCfe5/oLteemHII7TUL80ybcnZd REIAn1hdR3STx867KCMafAi58O1fia05 =T/kw -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:211 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : October 10, 2008 Affected: 2007.1, 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: d8041b477aac8897e465fd7885c4f046 2007.1/i586/cups-1.2.10-2.8mdv2007.1.i586.rpm 85169e175683eee33f38c3dc6dca555d 2007.1/i586/cups-common-1.2.10-2.8mdv2007.1.i586.rpm 3838db5f9b5313587335232f4bdfadb7 2007.1/i586/cups-serial-1.2.10-2.8mdv2007.1.i586.rpm 4dac70286d0aaa55d0c585c4e485f4d6 2007.1/i586/libcups2-1.2.10-2.8mdv2007.1.i586.rpm 2647b541d7a80ea194d6cc4983342e14 2007.1/i586/libcups2-devel-1.2.10-2.8mdv2007.1.i586.rpm 5bf9cba238150a77016869b2b600e0bd 2007.1/i586/php-cups-1.2.10-2.8mdv2007.1.i586.rpm 3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 27098b09dc01c70600c55572cb928422 2007.1/x86_64/cups-1.2.10-2.8mdv2007.1.x86_64.rpm fbd01859759af3a2e32244cfff7aaa33 2007.1/x86_64/cups-common-1.2.10-2.8mdv2007.1.x86_64.rpm 4197004f7a59cc90d8d51f8ff34e2997 2007.1/x86_64/cups-serial-1.2.10-2.8mdv2007.1.x86_64.rpm 6cc45d922f07d379db0de2e08eb1589e 2007.1/x86_64/lib64cups2-1.2.10-2.8mdv2007.1.x86_64.rpm d7443db8a26f27b41c32c95dee129437 2007.1/x86_64/lib64cups2-devel-1.2.10-2.8mdv2007.1.x86_64.rpm eca467e20954fea23fd050ee41d2ca4a 2007.1/x86_64/php-cups-1.2.10-2.8mdv2007.1.x86_64.rpm 3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm Mandriva Linux 2008.0: 837c0714eef677dfcdb1befc56012db5 2008.0/i586/cups-1.3.6-1.3mdv2008.0.i586.rpm cb8d17edacf1dc1dc5915fbb35745d9a 2008.0/i586/cups-common-1.3.6-1.3mdv2008.0.i586.rpm 635eb3405a6b5a4b93ca6373207093df 2008.0/i586/cups-serial-1.3.6-1.3mdv2008.0.i586.rpm 59939c1a2a730a0887750bafb4cabee1 2008.0/i586/libcups2-1.3.6-1.3mdv2008.0.i586.rpm 6183d24df353f4e8082374951636a657 2008.0/i586/libcups2-devel-1.3.6-1.3mdv2008.0.i586.rpm 0f1df17bf9cc86bb607ef28d4b29c6b2 2008.0/i586/php-cups-1.3.6-1.3mdv2008.0.i586.rpm 68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5b73d5bfebbc66f8a56922c7b943f351 2008.0/x86_64/cups-1.3.6-1.3mdv2008.0.x86_64.rpm a41d07d80c38b30ee5357b25f7b828ab 2008.0/x86_64/cups-common-1.3.6-1.3mdv2008.0.x86_64.rpm 34d6d4eb79b1ee5a9235843398301646 2008.0/x86_64/cups-serial-1.3.6-1.3mdv2008.0.x86_64.rpm 3157dcaafb55463d8ad149d99e4d0c55 2008.0/x86_64/lib64cups2-1.3.6-1.3mdv2008.0.x86_64.rpm 78b5f7fcedbbbef9c2318977b5f50264 2008.0/x86_64/lib64cups2-devel-1.3.6-1.3mdv2008.0.x86_64.rpm 082094f0923f72890f6dbb47eb9072b4 2008.0/x86_64/php-cups-1.3.6-1.3mdv2008.0.x86_64.rpm 68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm Mandriva Linux 2008.1: c22f4c131005e05768b0c45e931015c7 2008.1/i586/cups-1.3.6-5.2mdv2008.1.i586.rpm 8f1ad7b01f0d48aa920cb2378f5fce0a 2008.1/i586/cups-common-1.3.6-5.2mdv2008.1.i586.rpm 763dfee5def4727b34769298beb5c9fe 2008.1/i586/cups-serial-1.3.6-5.2mdv2008.1.i586.rpm dadd48446b97869372535fb2ef02a471 2008.1/i586/libcups2-1.3.6-5.2mdv2008.1.i586.rpm cf48ae8c17120d7d83b638f432620797 2008.1/i586/libcups2-devel-1.3.6-5.2mdv2008.1.i586.rpm 33d7dcb6b32e58bc38e847f827447b54 2008.1/i586/php-cups-1.3.6-5.2mdv2008.1.i586.rpm 25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 3804ff0deea819d375cdee86b1d98bf4 2008.1/x86_64/cups-1.3.6-5.2mdv2008.1.x86_64.rpm 9f8550ffbb7778636b18c33c6854e163 2008.1/x86_64/cups-common-1.3.6-5.2mdv2008.1.x86_64.rpm 077652b9f481f72873b6e94a0f54fe17 2008.1/x86_64/cups-serial-1.3.6-5.2mdv2008.1.x86_64.rpm 569bcdcf971b564d3ad3cec8b6281fec 2008.1/x86_64/lib64cups2-1.3.6-5.2mdv2008.1.x86_64.rpm 05ce67f5f2bf9f27b69963bbc0ba3f6e 2008.1/x86_64/lib64cups2-devel-1.3.6-5.2mdv2008.1.x86_64.rpm 8a48fbfa84679702c496744f394ac4f6 2008.1/x86_64/php-cups-1.3.6-5.2mdv2008.1.x86_64.rpm 25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 3480a3533f163c8559254c7dc7dccca4 2009.0/i586/cups-1.3.9-0.1mdv2009.0.i586.rpm 2eda3ae527a0d6477bf2f52f57f37297 2009.0/i586/cups-common-1.3.9-0.1mdv2009.0.i586.rpm 1b0849a0dcd6cc52debfdc23ca347e60 2009.0/i586/cups-serial-1.3.9-0.1mdv2009.0.i586.rpm 9ef6a24d1e8155bea9e7e148252dc4e7 2009.0/i586/libcups2-1.3.9-0.1mdv2009.0.i586.rpm 2a8be000df9a71f506a039e58faaf1b4 2009.0/i586/libcups2-devel-1.3.9-0.1mdv2009.0.i586.rpm 7f04461fd982b387144f73612b3cbd86 2009.0/i586/php-cups-1.3.9-0.1mdv2009.0.i586.rpm 1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 926221e97b7c4c52562468b26066f049 2009.0/x86_64/cups-1.3.9-0.1mdv2009.0.x86_64.rpm 96abb10e235084a80cd17c79cc31a360 2009.0/x86_64/cups-common-1.3.9-0.1mdv2009.0.x86_64.rpm cb817300fa6d8c9b40a0f8a01572d691 2009.0/x86_64/cups-serial-1.3.9-0.1mdv2009.0.x86_64.rpm d56cea0645b26b668f9b8a66f2dc090f 2009.0/x86_64/lib64cups2-1.3.9-0.1mdv2009.0.x86_64.rpm f4a04369ad8d202d87ea49a3da4ab67c 2009.0/x86_64/lib64cups2-devel-1.3.9-0.1mdv2009.0.x86_64.rpm 85124180f179ae504ad2f27ef814683d 2009.0/x86_64/php-cups-1.3.9-0.1mdv2009.0.x86_64.rpm 1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm Corporate 3.0: d235e680a70a94ce2c32a556a1fea6d5 corporate/3.0/i586/cups-1.1.20-5.19.C30mdk.i586.rpm eccffd52489f0aca14a11b6b88a5c59f corporate/3.0/i586/cups-common-1.1.20-5.19.C30mdk.i586.rpm 743aad40e707a1c6ec8de19e6ba19668 corporate/3.0/i586/cups-serial-1.1.20-5.19.C30mdk.i586.rpm 931bd82e26396ef7109369893e8fb740 corporate/3.0/i586/libcups2-1.1.20-5.19.C30mdk.i586.rpm 007b156ceb1f78c107a05bba499f544d corporate/3.0/i586/libcups2-devel-1.1.20-5.19.C30mdk.i586.rpm 685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm Corporate 3.0/X86_64: c57219da87ef50832e74efbfd3471f64 corporate/3.0/x86_64/cups-1.1.20-5.19.C30mdk.x86_64.rpm 6f9772a800e70f1e3766d76de8dcf6e3 corporate/3.0/x86_64/cups-common-1.1.20-5.19.C30mdk.x86_64.rpm e1221063527caed05a6e94f9cebed9ab corporate/3.0/x86_64/cups-serial-1.1.20-5.19.C30mdk.x86_64.rpm a0b15b24cfc995a7a769c1e87d53a696 corporate/3.0/x86_64/lib64cups2-1.1.20-5.19.C30mdk.x86_64.rpm aaabff95ac9a30ff1d9ce224612bcb50 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.19.C30mdk.x86_64.rpm 685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm Corporate 4.0: 56f3e394ac8e4b4e7d423c7989d2e6af corporate/4.0/i586/cups-1.2.4-0.10.20060mlcs4.i586.rpm dcb4425723e63a2d094305cde05890f3 corporate/4.0/i586/cups-common-1.2.4-0.10.20060mlcs4.i586.rpm 348427ebb4f1f1f530c3c129850de957 corporate/4.0/i586/cups-serial-1.2.4-0.10.20060mlcs4.i586.rpm d0a8052949416c5ba260b48596cbf415 corporate/4.0/i586/libcups2-1.2.4-0.10.20060mlcs4.i586.rpm ab7637abe249e4369cf39d37113ba37f corporate/4.0/i586/libcups2-devel-1.2.4-0.10.20060mlcs4.i586.rpm 86af12b21de1212e72286e9b2db23caa corporate/4.0/i586/php-cups-1.2.4-0.10.20060mlcs4.i586.rpm 5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 59784628a2385248e8d71c1476773071 corporate/4.0/x86_64/cups-1.2.4-0.10.20060mlcs4.x86_64.rpm a7933ad29b9a77973fcf7feb02c381b9 corporate/4.0/x86_64/cups-common-1.2.4-0.10.20060mlcs4.x86_64.rpm 26da08a5da63053f418e47792cf26280 corporate/4.0/x86_64/cups-serial-1.2.4-0.10.20060mlcs4.x86_64.rpm 0614662f2661171ade097e562a94c635 corporate/4.0/x86_64/lib64cups2-1.2.4-0.10.20060mlcs4.x86_64.rpm a899db16ce3db8ec71aaef67a6650616 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.10.20060mlcs4.x86_64.rpm 9e3dc91c4390d7ba60ca26dcc095b8d8 corporate/4.0/x86_64/php-cups-1.2.4-0.10.20060mlcs4.x86_64.rpm 5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFI8DeJmqjQ0CJFipgRAmbxAKCxSRvJTtancZ/puQkgifGbRQnZIQCg6Bum EnuxPIlaIiQWBIjMSk4WWoo= =aMXC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 10, 2008 Bugs: #238976, #249727 ID: 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Background ========== CUPS is the Common Unix Printing System. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1 Description =========== Several buffer overflows were found in: * The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI) * The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI) * The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense) * The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) Impact ====== A remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server. Workaround ========== None this time. Resolution ========== All CUPS users should upgrade to the latest version. # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1" References ========== [ 1 ] CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 [ 2 ] CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 [ 3 ] CVE-2008-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 [ 4 ] CVE-2008-5286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: CUPS PNG Filter Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA29809 VERIFY ADVISORY: http://secunia.com/advisories/29809/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: CUPS 1.x http://secunia.com/product/921/ DESCRIPTION: Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.3.7. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Thomas Pollet ORIGINAL ADVISORY: http://www.cups.org/str.php?L2790 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. These issues affect versions prior to CUPS 1.3.9. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The cause of the vulnerability is that the read_rle16() function does not correctly validate the value of the line read from the file and uses this value to control how many 16-bit integers are stored in the heap buffer. If a small graphics dimension and a large number of lines are provided, it will May trigger a heap overflow. =========================================================== Ubuntu Security Notice USN-656-1 October 15, 2008 cupsys vulnerabilities CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.11 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.6 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.8 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the SGI image filter in CUPS did not perform proper bounds checking. If a user or automated system were tricked into opening a crafted SGI image, an attacker could cause a denial of service. (CVE-2008-3639) It was discovered that the texttops filter in CUPS did not properly validate page metrics. If a user or automated system were tricked into opening a crafted text file, an attacker could cause a denial of service. (CVE-2008-3640) It was discovered that the HP-GL filter in CUPS did not properly check for invalid pen parameters. If a user or automated system were tricked into opening a crafted HP-GL or HP-GL/2 file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-3641) NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the the fix for CVE-2008-1722 applied. This update includes fixes for the problem. We apologize for the inconvenience. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.diff.gz Size/MD5: 102981 403c1494b264696702f055fc5cdcc60d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.dsc Size/MD5: 1052 cc47231c220e8d0e1659cf83d9e08445 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.11_all.deb Size/MD5: 994 8b094f8389b70e0153d7bbfcd23ed912 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 36226 ddea26501964356559ee3a11124acd8b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 81902 670924b1b9a36db787e3b4cc6a7f1782 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 2286676 455fe7748b3ab167658bb5b42ef0363a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 6086 dc0bd3799366e32503466ba4588fc4df http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 77226 31e781bf2c8f0f4140799b21b9d0484a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 25742 6812b0831f37474b50607e4c6eb83fe5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_amd64.deb Size/MD5: 129960 88a0b954c9f50df6aa37824b3da7041b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 34768 d04de29dfcca09a4dc70a385e8a0766b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 77974 efed93511d0ee579706e5cf538378dbd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 2253974 30ac219c7cd66460df6fa2b76c147ae8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 6090 648459c3b58ddaf1fc646c8cd476e9f8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 76350 d044f4fa44a792c81bca198f44687a1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 25740 4c97e6e30f95bd3c3a32c761db4f5183 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_i386.deb Size/MD5: 122178 7298a6d762d2edbe6fd107656932f32a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 40468 24cf01572a6f790296c1accba097352c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 89528 0172b346d78458df1a6cd91a371b3b67 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 2301292 f1a755a88fde554fdabbfb8081a88e52 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 6098 f3e962ddc060712ed3ba78bb5625d5e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 79004 de095980afadd9352e5d7e92600d75b5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 25744 21a4d908ae8de551cda885d4835d69c0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_powerpc.deb Size/MD5: 127932 6e50fa3fa4185c781551e5744331f20b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 35392 ede504cfaaf1e068c68b3fa759777098 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 78712 49f458e339846bcc2eb9ffdc482de5be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 2287588 864ab74a020db94ab2acc1283720a05c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 6092 58c6f56f79c35af1b0ca47eaeedd7ea3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 76262 759f3df1a04440d71ae6634109045bf6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 25740 8bbdc7b4842df909bdfb95b96fd9f884 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_sparc.deb Size/MD5: 123662 4c4f4a4faae61a0c3901c63fe58bbf26 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.diff.gz Size/MD5: 160216 80696d47933857b9665da1492f9a801b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.dsc Size/MD5: 1143 0dbd641692767f4e2e5b7f390c412a9f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.6_all.deb Size/MD5: 926804 41e6c60357740e668198976afcce6bd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 37404 2d7cb4cb3bfeeeb5af3db756f1a0a5be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 83230 361cd5ffca4125245798312c3a9c7eaa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 1638902 a502a4f981385dcba50ed5b6fc8fe969 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 56598 a9f413ff725abe42af63312ea6e826e7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 104860 7bfc0e70546baa2c98421a9dd7a373e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 144852 9d30fa04e2aa415fb126188aa4d32349 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_amd64.deb Size/MD5: 182728 0ed6d4f8c813e2c36bcaa7b7ca98ccad i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 36712 014d51e184b4435a28c1e820455fb0a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 80752 4d29ca2e6d3de00e3a10c55c677c8cd6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 1621450 551c9d7c9836efe7a927a609699976ad http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 55720 b70e3b3a1c86aa782a42fcf1a40ff197 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 104592 ececfa4f50e077d5049116a47cc44965 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 139320 b5c4606316c175feac7dd9a8f78acc56 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_i386.deb Size/MD5: 179030 b2bb50b90caac66408739e67ecc9fdb5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 46766 ad2b053736a2165b39f1749b7e3409e0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 101094 bea4c45325710b1e2d5e67dceb7853bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 1696124 7e3469aa52e2de4e93352e44f7623305 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 56398 47755a89a609e4401d70f6adcfcfb9a5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 110478 94a5f78770c410fce9a0c88a187fe9c4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 141178 69f22a6730b291c9df2b0541c07223d6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_powerpc.deb Size/MD5: 188650 634498a8eb5ab4c75eab74e1655234b1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 37778 cde58d9fa7d256698ef6ba128b16a799 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 83740 072c6f65496619d5808c542d3a2ebe97 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 1659626 a5b6c19a436e9737af44cbaee93d093c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 54928 5a8347021b82084600e0d08971cb41a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 104156 ca7b062c097aa7f92a9085615fc3e828 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 141756 299acfe9e1964d21e7ba2fc3a390ded8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_sparc.deb Size/MD5: 178292 02e3059c98fb42cb83173e0b3a08d469 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.diff.gz Size/MD5: 128977 cc7a79b80d0cc2caa8f9c5aea2f9397b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.dsc Size/MD5: 1218 4f603d11b93e600bd82009983bc88580 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.8_all.deb Size/MD5: 1080404 6419c157fd22fcfb2e1563ccced2fcae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 37204 88b05a4cbb9f5714951edade3dd0609b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 89506 cb352043a1985e24614dc27ffa5ded01 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 2034890 3a2c4daded2923691da8fe3f60d93f3e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 60020 5007c193bb8416754a9d7e7ad09c4808 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 46884 9a2fd628887a01cc2fcb49131ec8ed0f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 152014 7a9debd353faa26803f0e8707a97697a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_amd64.deb Size/MD5: 186418 13e510e27e1025732d203a933ded8ade i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 36486 05cb382029ccb2285530af9de662b686 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 86494 80b08f6080ed3c46e4fc954da05d9e6d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 2018384 16b0a7b694a38e4616fce6415116a7e9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 58882 8572d274d06e1a650d2d5199ea5dcf6f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 46280 158a4aef965ef1c697c5c7aef53f9e90 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 145692 36b5af34074b13e44e2d2ae5f76fa6fc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_i386.deb Size/MD5: 183190 fe12de8de5a779538844e2aecd5ccedb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 36570 f73b632b59630a2727e45be083730c23 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 88054 07cfc2fdf8615471278b10550f713a3e http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 2020696 d97dab5d5a099884f7bca77dd118233a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 59624 d582e3100eaf68e9b10585ca6ce0a078 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 47662 a2e2c5cc101d720249efd108b1a724ca http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 142426 8e91390ca3bb0bd98ab7a43017e38a90 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_lpia.deb Size/MD5: 181382 0806d0e1be2fdb48b873ea977107b759 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 46502 1f2a7db4dd6dfc7910a9c84f28425537 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 107736 9a34baee6e8356d911d637e52fcb0747 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 2099614 b0f8237ccff1e54e070645e79e085794 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 59494 c3c1a6f415dacee7b5f0e63e0f83ca6c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 51856 91fcaca5686ce2070e654699b60514f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 146952 205fedd96bd614314b2e9ecb18e78f53 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_powerpc.deb Size/MD5: 192204 0033c62b251a505fb7d80b5b8c96f6b6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 37558 f568ceabe0e419d263b75a5c852eb10a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 89606 d916d0d9478082000a0f698347613387 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 2061026 a1b9da985d3d0211790f170443e74ac9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 58098 dc5d816068b451c8926dd06a25e1715b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 45572 9976f70a905893735ee445cca7ecda7f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 148486 48954d641e131708913530887d28c064 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_sparc.deb Size/MD5: 182218 074755797d588b92f7030c0a9562cb67 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.diff.gz Size/MD5: 133549 8146f7a668701caad4379707ccedf538 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.dsc Size/MD5: 1433 de3ffa5e20bdbc0bd61cf543cc2d351f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.1_all.deb Size/MD5: 1143834 7230e79bb0d6a1435f3ce0de114e1ad3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 37530 0362fc9c1260486e4d1dcccca8dc60a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 89982 9a1ac844025f66fb85357e1807256331 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 1880646 233fbeadff826a6b6f22347559fe8bf5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 60892 98a65443be4d97fb1de2f8580dd67e40 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 50356 89ca2e97385912ebf2ffe8a0871610d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 344926 631f297ea0a13321c61ee211d65fceab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_amd64.deb Size/MD5: 177500 8dd137567dbc9644bda3b0a799cb2f6a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 36952 deba752b21bdf04393626cf35ebb79eb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 88408 2e76b5856bde6afe82da9a6b03a98026 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 1862954 aaa0817cb6b67729276e799275ad3346 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 60090 b37d935af9661002730cd5cb2b3f11d3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 49838 a1d85e18616340eed3778b5286890c08 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 339344 f3d29993795e7172667356c8d255f296 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_i386.deb Size/MD5: 174354 b1d7b741729749c6a3249fbcd0babe56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 36676 c46beddd8f227e1ee0b1c9a80d41b19a http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 88734 c8b70c2665734c45caa22ae41f60b486 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 1865262 27de39c2fbe2471f11b7756b5bc02cc3 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 60540 b54c6711e74c55777f0e509f642c42f0 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 50860 64989632d1f49f5d25209bb9a68809d5 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 337020 ca60ea21ad93aca447e1ae04e0ad818f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_lpia.deb Size/MD5: 173276 6e0af5026f452171993817fbd6e6b4e7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 46932 d8e051bd4e95f28090036d7087437127 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 110808 44e0741ccd8b9edab092b835c6831aca http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 1949134 0facca356ce9e5ffdacffde23d0713e3 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 59924 367a29bd4545906374eb27c511d33658 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 54940 d762741ddd48f75e0e54ffd0efc45645 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 341670 0958081b22a680ccf1f30abc36c06054 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_powerpc.deb Size/MD5: 183238 e303094f36fcc1af0ac40321411bd90a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 38028 a8ee904a732a7392314b9b4f2faf5557 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 91034 832edccd7ed2eec51759bbcce97536b1 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 1897904 31192c6d2b5a6dca4eaf065c541795fc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 57856 398dadf7e1ee5075e4d3e2a4766b4580 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 48242 cc45265b41fd932d084a6bce9888e67f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 341388 9411fb065604b882530faf47a0a85d4e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_sparc.deb Size/MD5: 173184 4a5e9e3508932262eefe3b08f94019d0 . CVE-2008-3640 It was discovered that an integer overflow in the Postscript conversion tool "texttops" may lead to the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch5. For the unstable distribution (sid) and the upcoming stable distribution (lenny), these problems have been fixed in version 1.3.8-1lenny2 of the source package cups. We recommend that you upgrade your cupsys package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb Size/MD5 checksum: 48742 9c6f61fb9c5af3f1496c249eb79542ce http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb Size/MD5 checksum: 1569620 943fdc257cdf387c1a161adff88623bd http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb Size/MD5 checksum: 85468 3e9d699071d741d86c5e2fbcc91a5241 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb Size/MD5 checksum: 35940 0bb609f5c990c932c0fed843bb659062 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 84800 df6569c3eaad919b7f7768a75277838f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 91988 08040e0dcc8cc99298d40aa370be50cc http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 1624214 e5d55a0aeacee0d85d7899018725b3d3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 153956 e11bfd3cb812f0892238a676a3453967 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 171790 5b483d2f739ed456d94cf28047b2b2f5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 39548 181a14e58af274287bf02f8a758b70b5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 57398 715a6f4bb1b68b8a384a85ac384de668 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb Size/MD5 checksum: 1032836 e1d9158ff6134678b976331566db0076 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb Size/MD5 checksum: 999302 2ccf6ae0ef6f3d3dd56e484ba2199313 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb Size/MD5 checksum: 160638 f22f7da23cd3dea82d49cc9900d62512 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb Size/MD5 checksum: 138276 392028f61da2c29dcab1ffe3b4fe072f http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb Size/MD5 checksum: 1548856 e1e04e47f556586eb83aff005d4870d2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb Size/MD5 checksum: 36474 9bea3cd926f04da508b6a714f0a1daac http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb Size/MD5 checksum: 86776 f3188eafaa1bd01a7b92d9403aab03a1 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb Size/MD5 checksum: 79878 ba1ed2b707101da54b3990b33ee1d877 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb Size/MD5 checksum: 53276 346cdebc7980089b28610ceb30f65519 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 106226 829b2e5f435c8fb5eee03513654ee12f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 106998 08fcec24b8c165542d986a1fd174ddd3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 46336 32d29b5c2986070f5d5b909864952dc3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 1771030 e7b261b4627ee20a3083a4f18a382e24 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 192370 576e218a37e677170e9201946f24da5a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 1108310 bdee8fbcfd10ba2847ab81ced8e9cc73 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 204232 d5eb2138a8584813643dfe4e39d2fefb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb Size/MD5 checksum: 74224 846a87584f78285569aee9c037b677d9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 158560 74bc73b9eb3c7494ce762f7beb9ab4cd http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 1553460 cd35f3de34290840be09b1b10729d7b3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 150900 150e5405933cef2a8cf9147d88c9a4fb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 57860 2b7cdd4399e2893d2df0b5568d766239 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 86996 d4776eace76cb37f72557a44d053a677 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 1085494 429194a44228d669ecfa2acdeadf55e6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 36058 f28b3f705fd293fc82a256d571119452 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb Size/MD5 checksum: 77448 4a9be71b3fc25253b1e77c2594e7f508 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 51880 d1b872415002b54aba1ef54833cd5564 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 90008 fe2be6aba034693532a01b653781f501 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 1576600 d954a84710f9671d34eca72922f8d1d8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 136868 ee633edb72a9d6d74481d9fe17d887d5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 1143388 320529a907596704df487d89978e1948 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 41296 8e0fed6ae1645411f4daa52842ead589 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 163206 d0fc59550e27b346adb422e4d82cecaf http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb Size/MD5 checksum: 88476 dfe47fbfeef0a714d6397ec9467165af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb Size/MD5 checksum: 1037260 a151e36916ffd7eae88e6b82cc0c08d7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb Size/MD5 checksum: 37420 b095022e25c603ee57748795c4ec423b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb Size/MD5 checksum: 82338 3417e5562b6aa064ab5d3d11f15a69fb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb Size/MD5 checksum: 87928 6eea10e5b223fbd5f5a8d524bb03ab8e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb Size/MD5 checksum: 1587330 8b66abd7e3156f3beeaa27fbd971cbde http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb Size/MD5 checksum: 166710 10f172f4c48ab9981d7c48564a2142a4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb Size/MD5 checksum: 144932 3955c00c6293f7aec0a7cb9edb28a16d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb Size/MD5 checksum: 52524 b4e639621d58f91a8ec32043534c008f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 51826 8e3613f9041774f1dd42586782780fb5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 159434 d2352f19b51feab43fc17b5e3f17bb2b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 138734 8b53d144485267cb99ec8a32262446e8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 1577758 748b77d9e54a363d46cd61548e72df7c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 996834 0ad8037cbb3959581a0aeb29eb84a853 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 85790 16bf4ce2378a68fc9b0ce4052e463e5d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 36062 426fe5dbac939828393d99e561abf0e3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb Size/MD5 checksum: 78608 f469105c5d9f121c333d5e4ac315c7be These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkj8vewACgkQXm3vHE4uylo3VQCfe5/oLteemHII7TUL80ybcnZd REIAn1hdR3STx867KCMafAi58O1fia05 =T/kw -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:211 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : October 10, 2008 Affected: 2007.1, 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: d8041b477aac8897e465fd7885c4f046 2007.1/i586/cups-1.2.10-2.8mdv2007.1.i586.rpm 85169e175683eee33f38c3dc6dca555d 2007.1/i586/cups-common-1.2.10-2.8mdv2007.1.i586.rpm 3838db5f9b5313587335232f4bdfadb7 2007.1/i586/cups-serial-1.2.10-2.8mdv2007.1.i586.rpm 4dac70286d0aaa55d0c585c4e485f4d6 2007.1/i586/libcups2-1.2.10-2.8mdv2007.1.i586.rpm 2647b541d7a80ea194d6cc4983342e14 2007.1/i586/libcups2-devel-1.2.10-2.8mdv2007.1.i586.rpm 5bf9cba238150a77016869b2b600e0bd 2007.1/i586/php-cups-1.2.10-2.8mdv2007.1.i586.rpm 3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 27098b09dc01c70600c55572cb928422 2007.1/x86_64/cups-1.2.10-2.8mdv2007.1.x86_64.rpm fbd01859759af3a2e32244cfff7aaa33 2007.1/x86_64/cups-common-1.2.10-2.8mdv2007.1.x86_64.rpm 4197004f7a59cc90d8d51f8ff34e2997 2007.1/x86_64/cups-serial-1.2.10-2.8mdv2007.1.x86_64.rpm 6cc45d922f07d379db0de2e08eb1589e 2007.1/x86_64/lib64cups2-1.2.10-2.8mdv2007.1.x86_64.rpm d7443db8a26f27b41c32c95dee129437 2007.1/x86_64/lib64cups2-devel-1.2.10-2.8mdv2007.1.x86_64.rpm eca467e20954fea23fd050ee41d2ca4a 2007.1/x86_64/php-cups-1.2.10-2.8mdv2007.1.x86_64.rpm 3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm Mandriva Linux 2008.0: 837c0714eef677dfcdb1befc56012db5 2008.0/i586/cups-1.3.6-1.3mdv2008.0.i586.rpm cb8d17edacf1dc1dc5915fbb35745d9a 2008.0/i586/cups-common-1.3.6-1.3mdv2008.0.i586.rpm 635eb3405a6b5a4b93ca6373207093df 2008.0/i586/cups-serial-1.3.6-1.3mdv2008.0.i586.rpm 59939c1a2a730a0887750bafb4cabee1 2008.0/i586/libcups2-1.3.6-1.3mdv2008.0.i586.rpm 6183d24df353f4e8082374951636a657 2008.0/i586/libcups2-devel-1.3.6-1.3mdv2008.0.i586.rpm 0f1df17bf9cc86bb607ef28d4b29c6b2 2008.0/i586/php-cups-1.3.6-1.3mdv2008.0.i586.rpm 68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5b73d5bfebbc66f8a56922c7b943f351 2008.0/x86_64/cups-1.3.6-1.3mdv2008.0.x86_64.rpm a41d07d80c38b30ee5357b25f7b828ab 2008.0/x86_64/cups-common-1.3.6-1.3mdv2008.0.x86_64.rpm 34d6d4eb79b1ee5a9235843398301646 2008.0/x86_64/cups-serial-1.3.6-1.3mdv2008.0.x86_64.rpm 3157dcaafb55463d8ad149d99e4d0c55 2008.0/x86_64/lib64cups2-1.3.6-1.3mdv2008.0.x86_64.rpm 78b5f7fcedbbbef9c2318977b5f50264 2008.0/x86_64/lib64cups2-devel-1.3.6-1.3mdv2008.0.x86_64.rpm 082094f0923f72890f6dbb47eb9072b4 2008.0/x86_64/php-cups-1.3.6-1.3mdv2008.0.x86_64.rpm 68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm Mandriva Linux 2008.1: c22f4c131005e05768b0c45e931015c7 2008.1/i586/cups-1.3.6-5.2mdv2008.1.i586.rpm 8f1ad7b01f0d48aa920cb2378f5fce0a 2008.1/i586/cups-common-1.3.6-5.2mdv2008.1.i586.rpm 763dfee5def4727b34769298beb5c9fe 2008.1/i586/cups-serial-1.3.6-5.2mdv2008.1.i586.rpm dadd48446b97869372535fb2ef02a471 2008.1/i586/libcups2-1.3.6-5.2mdv2008.1.i586.rpm cf48ae8c17120d7d83b638f432620797 2008.1/i586/libcups2-devel-1.3.6-5.2mdv2008.1.i586.rpm 33d7dcb6b32e58bc38e847f827447b54 2008.1/i586/php-cups-1.3.6-5.2mdv2008.1.i586.rpm 25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 3804ff0deea819d375cdee86b1d98bf4 2008.1/x86_64/cups-1.3.6-5.2mdv2008.1.x86_64.rpm 9f8550ffbb7778636b18c33c6854e163 2008.1/x86_64/cups-common-1.3.6-5.2mdv2008.1.x86_64.rpm 077652b9f481f72873b6e94a0f54fe17 2008.1/x86_64/cups-serial-1.3.6-5.2mdv2008.1.x86_64.rpm 569bcdcf971b564d3ad3cec8b6281fec 2008.1/x86_64/lib64cups2-1.3.6-5.2mdv2008.1.x86_64.rpm 05ce67f5f2bf9f27b69963bbc0ba3f6e 2008.1/x86_64/lib64cups2-devel-1.3.6-5.2mdv2008.1.x86_64.rpm 8a48fbfa84679702c496744f394ac4f6 2008.1/x86_64/php-cups-1.3.6-5.2mdv2008.1.x86_64.rpm 25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 3480a3533f163c8559254c7dc7dccca4 2009.0/i586/cups-1.3.9-0.1mdv2009.0.i586.rpm 2eda3ae527a0d6477bf2f52f57f37297 2009.0/i586/cups-common-1.3.9-0.1mdv2009.0.i586.rpm 1b0849a0dcd6cc52debfdc23ca347e60 2009.0/i586/cups-serial-1.3.9-0.1mdv2009.0.i586.rpm 9ef6a24d1e8155bea9e7e148252dc4e7 2009.0/i586/libcups2-1.3.9-0.1mdv2009.0.i586.rpm 2a8be000df9a71f506a039e58faaf1b4 2009.0/i586/libcups2-devel-1.3.9-0.1mdv2009.0.i586.rpm 7f04461fd982b387144f73612b3cbd86 2009.0/i586/php-cups-1.3.9-0.1mdv2009.0.i586.rpm 1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 926221e97b7c4c52562468b26066f049 2009.0/x86_64/cups-1.3.9-0.1mdv2009.0.x86_64.rpm 96abb10e235084a80cd17c79cc31a360 2009.0/x86_64/cups-common-1.3.9-0.1mdv2009.0.x86_64.rpm cb817300fa6d8c9b40a0f8a01572d691 2009.0/x86_64/cups-serial-1.3.9-0.1mdv2009.0.x86_64.rpm d56cea0645b26b668f9b8a66f2dc090f 2009.0/x86_64/lib64cups2-1.3.9-0.1mdv2009.0.x86_64.rpm f4a04369ad8d202d87ea49a3da4ab67c 2009.0/x86_64/lib64cups2-devel-1.3.9-0.1mdv2009.0.x86_64.rpm 85124180f179ae504ad2f27ef814683d 2009.0/x86_64/php-cups-1.3.9-0.1mdv2009.0.x86_64.rpm 1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm Corporate 3.0: d235e680a70a94ce2c32a556a1fea6d5 corporate/3.0/i586/cups-1.1.20-5.19.C30mdk.i586.rpm eccffd52489f0aca14a11b6b88a5c59f corporate/3.0/i586/cups-common-1.1.20-5.19.C30mdk.i586.rpm 743aad40e707a1c6ec8de19e6ba19668 corporate/3.0/i586/cups-serial-1.1.20-5.19.C30mdk.i586.rpm 931bd82e26396ef7109369893e8fb740 corporate/3.0/i586/libcups2-1.1.20-5.19.C30mdk.i586.rpm 007b156ceb1f78c107a05bba499f544d corporate/3.0/i586/libcups2-devel-1.1.20-5.19.C30mdk.i586.rpm 685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm Corporate 3.0/X86_64: c57219da87ef50832e74efbfd3471f64 corporate/3.0/x86_64/cups-1.1.20-5.19.C30mdk.x86_64.rpm 6f9772a800e70f1e3766d76de8dcf6e3 corporate/3.0/x86_64/cups-common-1.1.20-5.19.C30mdk.x86_64.rpm e1221063527caed05a6e94f9cebed9ab corporate/3.0/x86_64/cups-serial-1.1.20-5.19.C30mdk.x86_64.rpm a0b15b24cfc995a7a769c1e87d53a696 corporate/3.0/x86_64/lib64cups2-1.1.20-5.19.C30mdk.x86_64.rpm aaabff95ac9a30ff1d9ce224612bcb50 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.19.C30mdk.x86_64.rpm 685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm Corporate 4.0: 56f3e394ac8e4b4e7d423c7989d2e6af corporate/4.0/i586/cups-1.2.4-0.10.20060mlcs4.i586.rpm dcb4425723e63a2d094305cde05890f3 corporate/4.0/i586/cups-common-1.2.4-0.10.20060mlcs4.i586.rpm 348427ebb4f1f1f530c3c129850de957 corporate/4.0/i586/cups-serial-1.2.4-0.10.20060mlcs4.i586.rpm d0a8052949416c5ba260b48596cbf415 corporate/4.0/i586/libcups2-1.2.4-0.10.20060mlcs4.i586.rpm ab7637abe249e4369cf39d37113ba37f corporate/4.0/i586/libcups2-devel-1.2.4-0.10.20060mlcs4.i586.rpm 86af12b21de1212e72286e9b2db23caa corporate/4.0/i586/php-cups-1.2.4-0.10.20060mlcs4.i586.rpm 5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 59784628a2385248e8d71c1476773071 corporate/4.0/x86_64/cups-1.2.4-0.10.20060mlcs4.x86_64.rpm a7933ad29b9a77973fcf7feb02c381b9 corporate/4.0/x86_64/cups-common-1.2.4-0.10.20060mlcs4.x86_64.rpm 26da08a5da63053f418e47792cf26280 corporate/4.0/x86_64/cups-serial-1.2.4-0.10.20060mlcs4.x86_64.rpm 0614662f2661171ade097e562a94c635 corporate/4.0/x86_64/lib64cups2-1.2.4-0.10.20060mlcs4.x86_64.rpm a899db16ce3db8ec71aaef67a6650616 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.10.20060mlcs4.x86_64.rpm 9e3dc91c4390d7ba60ca26dcc095b8d8 corporate/4.0/x86_64/php-cups-1.2.4-0.10.20060mlcs4.x86_64.rpm 5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFI8DeJmqjQ0CJFipgRAmbxAKCxSRvJTtancZ/puQkgifGbRQnZIQCg6Bum EnuxPIlaIiQWBIjMSk4WWoo= =aMXC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 10, 2008 Bugs: #238976, #249727 ID: 200812-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Background ========== CUPS is the Common Unix Printing System. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1 Description =========== Several buffer overflows were found in: * The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI) * The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI) * The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense) * The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) Impact ====== A remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server. Workaround ========== None this time. Resolution ========== All CUPS users should upgrade to the latest version. # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1" References ========== [ 1 ] CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 [ 2 ] CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 [ 3 ] CVE-2008-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 [ 4 ] CVE-2008-5286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: CUPS PNG Filter Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA29809 VERIFY ADVISORY: http://secunia.com/advisories/29809/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: CUPS 1.x http://secunia.com/product/921/ DESCRIPTION: Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.3.7. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Thomas Pollet ORIGINAL ADVISORY: http://www.cups.org/str.php?L2790 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. Nero MediaHome is a media server component in the Nero suite that allows media files to be shared on a local area network. Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 17 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Nero MediaHome Denial of Service Vulnerability SECUNIA ADVISORY ID: SA29808 VERIFY ADVISORY: http://secunia.com/advisories/29808/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Nero MediaHome 3.x http://secunia.com/product/17236/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Nero MediaHome, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL-pointer dereference error in NMMediaServer.exe and can be exploited to cause the process to crash via e.g. sending an overly long string to default port 54444/TCP. SOLUTION: Use in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/neromedia-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. SAP NetWeaver is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. F5 BIG-IP Web Management Interface is prone to a remote code-injection vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows attackers to execute arbitrary code with the privileges of the user running the affected application. This issue affects F5 BIG-IP 9.4.3; other versions may also be affected. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The vulnerability is caused by using Perl EP3 with templates similar to the following without escaping the single quotes in NEW_VALUE: $val=&\'\'NEW_VALUE&\'\'; ​​For example, the SNMP community string configuration accepts The following value is an SNMP request: \"none\'\'.`touch /etc/foo`.\'\'\" An attacker can create a specially crafted URL link that can inject an HTTP GET request through cross-site scripting in BIG-IP Make any changes on the device

Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ManageEngine Firewall Analyzer 4.0.3 is vulnerable; other versions may be affected as well. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "displayName" parameter in mindex.do is not properly sanitised before being returned to a user. Successful exploitation requires that the target user is logged in to the application. The vulnerability is reported in version 4.0.3. SOLUTION: Filter malicious characters and character sequences using a web proxy. The vendor will reportedly fix this in the next release. PROVIDED AND/OR DISCOVERED BY: Jason Rhodes ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. network Requests received from do not require authentication, which could allow a remote attacker to execute arbitrary code via an unknown route.Please refer to the “Overview” for the impact of this vulnerability. Multiple Cisco Unified Communications products are prone to a remote command-execution vulnerability. This issue occurs in the Disaster Recovery Framework. An attacker can exploit this issue to execute arbitrary commands with full administrative privileges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Successful exploitation allows execution of arbitrary commands. PROVIDED AND/OR DISCOVERED BY: The vendor credits VoIPshield Systems. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. There is a workaround for this vulnerability. Cisco has released free software updates that address this vulnerability. DRF allows administrators to backup and restore a system configuration to a local tape drive or remote server. The DRF Master server is responsible for performing backup and restoration requests. A remote, unauthenticated user can connect to the DRF Master server and may be able to perform any DRF-related tasks. These tasks include: * Modifying or deleting a scheduled backup * Copying a system backup to a remote, user-specified server * Restoring a user-specified configuration from a remote server * Execute arbitrary operating system commands An attacker could exploit this vulnerability to cause a denial of service condition, obtain sensitive configuration information, overwrite configuration parameters, or execute arbitrary commands with full administrative privileges. The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCso53771 - Unauthenticated Access to Disaster Recovery Framework CVSS Base Score - 10 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete CVSS Temporal Score - 8.3 Exploitability: Functional Remediation Level: Official-Fix Report Confidence: Confirmed Impact ====== Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to cause a denial of service condition, obtain sensitive configuration information, overwrite configuration parameters or execute arbitrary commands with full administrative privileges. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Fixed software is available for the following Cisco products. This advisory will be updated as additional fixes are available. The filename is ciscocm.CSCso53771.security.patch.cop and can be downloaded at the following link: http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr-utilpage?psrtdcat20e2 Please consult the COP file Readme for installation instructions. Workarounds =========== Administrators can mitigate this vulnerability by disabling the DRF Master service. However, administrators should exercise caution when disabling the DRF Master service, as system backups will not occur while the service is stopped. Administrators are encouraged to perform a complete system backup before employing this workaround and use care when making configuration changes until the DRF Master service can be safely re-enabled. Instructions for disabling the DRF Master service on Cisco Unified Communications Manager systems are available at the following link: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/5_0_1/ccmsrva/sasrvact.html#wp1048220 The vulnerability may be mitigated by restricting access to the DRF Master service (TCP port 4040). For a Cisco Unified Communications Manager cluster, access to the port should be restricted to valid cluster nodes. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20080403-drf.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by VoIPshield Systems. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-April-03 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFH9P4/86n/Gc8U/uARAgP1AKCYJS+NnmfcbOa6X/bOGX//WtZ9bQCdE8eQ ujmH9JrSK7JatP5eShSBxvQ= =uxdK -----END PGP SIGNATURE-----

Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. Apple QuickTime On the outside of the video URL There is an information disclosure vulnerability due to incomplete handling.There is a possibility that important information may be taken by a third party. These issues arise when the application handles specially crafted Java applets, image files, and movie files. Versions prior to QuickTime 7.4.5 are affected by these vulnerabilities. Apple QuickTime is a very popular multimedia player. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An implementation error in QuickTime for Java allows untrusted Java applets to deserialize objects provided by QTJava. This can be exploited to disclose sensitive information or execute arbitrary code e.g. when a user visits a malicious web page. 2) An unspecified error in the handling of external URLs embedded in movie files can lead to information disclosure. 3) An input validation error in the handling of data reference atoms within movie files can be exploited to cause a buffer overflow when a specially crafted movie is viewed. 4) An unspecified error in the handling of movie media tracks can be exploited to cause a memory corruption when a specially crafted movie is viewed. 5) A boundary error in the parsing of "crgn" atoms can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is viewed. 6) A boundary error in the parsing of "chan" atoms can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is viewed. 7) A boundary error in the handling of PICT records can be exploited to cause a heap-based buffer overflow when a specially crafted PICT image is viewed. 8) A boundary error in the handling of error messages when processing PICT images can be exploited to cause a heap-based buffer overflow. NOTE: This vulnerability does not affect Mac OS X systems. 9) A boundary error in the handling of Animation codec content can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is viewed. NOTE: This vulnerability does not affect Mac OS X systems. 10) A boundary error in the parsing of "obji" atoms can be exploited to cause a stack-based buffer overflow when a specially crafted QuickTime VR movie file is viewed. 11) A boundary error in the parsing of the Clip opcode can be exploited to cause a heap-based buffer overflow when a specially crafted PICT image file is viewed. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. SOLUTION: Update to version 7.4.5. QuickTime 7.4.5 for Windows: http://www.apple.com/support/downloads/quicktime745forwindows.html QuickTime 7.4.5 for Leopard: http://www.apple.com/support/downloads/quicktime745forleopard.html QuickTime 7.4.5 for Panther: http://www.apple.com/support/downloads/quicktime745forpanther.html QuickTime 7.4.5 for Tiger: http://www.apple.com/support/downloads/quicktime745fortiger.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Adam Gowdiak 2) Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs 3) Chris Ries of Carnegie Mellon University Computing Services 5) Sanbin Li working with ZDI 6) An anonymous researcher working with ZDI 7) bugfree working with ZDI 8) Ruben Santamarta of Reversemode.com working with ZDI 9) An anonymous researcher working with ZDI 10) An anonymous researcher working with ZDI 11) Wei Wang of McAfee AVERT labs ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT1241 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-094A Apple Updates for Multiple Vulnerabilities Original release date: April 3, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X running versions of QuickTime prior to 7.4.5 * Microsoft Windows running versions of QuickTime prior to 7.4.5 Overview Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. I. Description Apple QuickTime 7.4.5 vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Note that Apple iTunes installs QuickTime, so any system with iTunes may be vulnerable. II. For further information, please see Apple knowledgebase article HT1241 about the security content of QuickTime 7.4.5 III. Solution Upgrade QuickTime Upgrade to QuickTime 7.4.5. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.4.5 Update - <http://support.apple.com/kb/HT1241> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple - QuickTime - Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-094A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History April 3, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5 SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+ WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA== =cONM -----END PGP SIGNATURE-----