From debian-security-announce@lists.debian.org Thu Oct 21 18:53:15 2004 From: debian-security-announce@lists.debian.org Resent-From: list@murphy.debian.org (SmartList) To: full-disclosure@lists.netsys.com Date: Thu, 21 Oct 2004 16:18:22 +0200 (CEST) Reply-To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] [SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 573-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 21st, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : cupsys Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0888 Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document. For the stable distribution (woody) these problems have been fixed in version 1.1.14-5woody10. For the unstable distribution (sid) these problems have been fixed in version 1.1.20final+rc1-10. We recommend that you upgrade your CUPS packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10.dsc Size/MD5 checksum: 712 ae31959c46f48c5385b676f26a2e842d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10.diff.gz Size/MD5 checksum: 40124 baba5be8d7564311a27cb81ce914e035 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 1900822 a70479f7bb60a8286689480b6d308d25 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 74422 d98680769dc77eb8e87d1340a8168abf http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 93052 1fbb64fd54fe3b66fbf3e2f27842518f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 2445890 333911b1b11bd1058c453f6190979da9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 138086 fc159f99d5f10e551d05e56fe9385f34 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_alpha.deb Size/MD5 checksum: 181022 8aede5734f2bc35dff191664ca07481d ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_arm.deb Size/MD5 checksum: 1821796 d842e1185dd4a50cd9fa2f71fd7f216a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_arm.deb Size/MD5 checksum: 68558 c575b8ba9a7bbe9ab4bd5ff003787c80 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_arm.deb Size/MD5 checksum: 85752 442b511623d5641ec33d0913e9756fe6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_arm.deb Size/MD5 checksum: 2345934 64a06768229c53e681e5bdb0f9b56197 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_arm.deb Size/MD5 checksum: 113060 5677fdf18c89fe349fd18a1eecef562f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_arm.deb Size/MD5 checksum: 150474 c8c4653a290a66724d717a709ae18a66 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_i386.deb Size/MD5 checksum: 1788626 9cb6367a1455987dfbbc03e26d4a0ab9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_i386.deb Size/MD5 checksum: 68074 d5b263fabbe23c5714d43770ea81b612 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_i386.deb Size/MD5 checksum: 84244 e6cb1b13280664e12ded8709cfefebcc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_i386.deb Size/MD5 checksum: 2312054 ab9511108a2281079e86da8e9e450349 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_i386.deb Size/MD5 checksum: 111096 7eb7f16bd74c6dba80c1dd3b39b697db http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_i386.deb Size/MD5 checksum: 136658 7c186791884a0733fea8f63c3bb189f5 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 2008270 ec8aeb2946896bbd26708b8adb539604 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 77478 148442739408fc6255d39292f135bec3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 97202 8172c2f63908fb6cb23dbee41f8e2bec http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 2656844 b125add104054e6db76625fa0f661206 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 156076 9e2a814e3565a0303074baa1fec3a8ad http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_ia64.deb Size/MD5 checksum: 183024 0e6b10d730a19628fb5982e62cc9a037 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 1881842 30933a611e124b53496a1eaa6e78ead6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 70888 a627539e4c17fcb53c81a4a524aa9b6d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 89912 2121010bef372effdc7b5df87f19c14c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 2456114 d7f144753a6ef2dfd30b804a496b266a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 126552 59a4876e8430211df619bfbba7192c4f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_hppa.deb Size/MD5 checksum: 159622 14750861065ede6ba4fb1779385125ee Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 1755320 e772fc6e575816204d24d65b93b233d5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 66368 ae622df8d8310ed713e21fcff06e861b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 81460 316c268fe6263463ffa70650cf0b727a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 2261474 6f73920c2550f1f49fe4e8c93d6bc836 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 106314 001809ddc9a6e03054e096b6f4f30885 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_m68k.deb Size/MD5 checksum: 128858 17e57bbefae47ff07db3e6eac08fd651 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_mips.deb Size/MD5 checksum: 1811706 356e49aca2dd13198f1e8528bd410d53 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_mips.deb Size/MD5 checksum: 67978 5f0a6cbf68d05696537ab036c877baf3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_mips.deb Size/MD5 checksum: 81422 fd91fe740b055e8ea764a2309704c385 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_mips.deb Size/MD5 checksum: 2404692 f5a42ecff952b876db268ba46b1f9297 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_mips.deb Size/MD5 checksum: 112844 a957508600052e33c04372114ba0d6e8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_mips.deb Size/MD5 checksum: 151276 c36b4acdd08b3dbfc20f6d8e20f72684 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 1812220 1c1515aa26c641f7a0c652187a763b3f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 67954 7704b6cda625f1543cfed3fa7807a71d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 81446 fb012b9d0b1f016820be28c237c1d1c7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 2407024 9ff53f42aff59fbf5050e7bf045af0c7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 112630 6b96071e8be67ad72ccd14395e472224 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_mipsel.deb Size/MD5 checksum: 151098 f6bfedf92870b76638ef16f52c8f185f PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 1800710 3b1a280e2c0504303fcefed1f1487540 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 67996 6feace4eadb9a7e53d81fb6f77d1df59 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 83558 940e4461997283996cd62c07b9456f53 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 2359890 f612a6bcb3c52147398fd6b0b7972a2d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 116866 9f1e4c94ce84e65f20ee7ac2a65d28bc http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_powerpc.deb Size/MD5 checksum: 145298 d5e77aad9f5e67acc715b4250d705873 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_s390.deb Size/MD5 checksum: 1795792 08de62dd48dd94d3ff3b2fee9a7fc044 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_s390.deb Size/MD5 checksum: 69368 eaa0849593f8132eb3128a4d5e91bb98 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_s390.deb Size/MD5 checksum: 86100 7037788341cbf3a5294ac771bea83519 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_s390.deb Size/MD5 checksum: 2337736 a11a41b78d3ee10608803b29d2ebdf2a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_s390.deb Size/MD5 checksum: 115398 40a4137f1dfc8beff7ef6ee20853e897 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_s390.deb Size/MD5 checksum: 140918 747abc057dccf3cc061f142ca16b8f20 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 1845462 b413070f1f98f540a6a7cf78ad4cf1c0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 70948 c77a09b25782f511430ac73420358a35 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 84376 1446a20a1664c349db050d90f8319580 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 2354776 c430d70b36aaa7bc279fd9631658d713 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 120548 c51a797aa901917d759ce116d3afd2ee http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_sparc.deb Size/MD5 checksum: 146862 92e2f650e7b8156b51c2d8d0bfb68e15 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBd8UuW5ql+IAeqTIRAiIhAKCcPO8v77Mr8yhoEz8R2Ttp0EI0VwCgp6IE sxADLxKio99q4rjQG4p/ubI= =fKqL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html