-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: cups Advisory ID: MDKSA-2005:041 Date: February 17th, 2005 Affected versions: 9.2, 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like cups, that use embedded versions of xpdf. The updated packages are patched to deal with these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0/AMD64: 0863a33d5e67873f53c0b8fa1d2f4384 amd64/10.0/RPMS/cups-1.1.20-5.7.100mdk.amd64.rpm 3822cee8837630a96f78a33d3bf1bd4a amd64/10.0/RPMS/cups-common-1.1.20-5.7.100mdk.amd64.rpm 931290407a940ff87909496292ac8912 amd64/10.0/RPMS/cups-serial-1.1.20-5.7.100mdk.amd64.rpm 929258c3e29a676e5a91393412105271 amd64/10.0/RPMS/lib64cups2-1.1.20-5.7.100mdk.amd64.rpm 91a2b0e5dbf46c66147297a9896d2d6d amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.7.100mdk.amd64.rpm d814596362f8e2d01855161ec94bea9e amd64/10.0/SRPMS/cups-1.1.20-5.7.100mdk.src.rpm Mandrakelinux 10.1/X86_64: 4907f2fb60a614b25f326c54f6937acf x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.5.101mdk.x86_64.rpm 6cdb17b703326feb5a831329b0e7f1eb x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.5.101mdk.x86_64.rpm 81080d7ceb102050b663d5eacdbed61a x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.5.101mdk.x86_64.rpm 40c653a1689810a0555f19a88a7bf7ca x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.5.101mdk.x86_64.rpm 7abd4f4d3194e874aa54d66a32e5cd8d x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.5.101mdk.x86_64.rpm 75dc2c7fad73b6a86b2991ec9374a6fc x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.5.101mdk.src.rpm Corporate Server 2.1/X86_64: 91e06052bb835506724d476eba84fd40 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.9.C21mdk.x86_64.rpm 4f5c7d6820f07b71e6a68e6aa6d38eec x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.9.C21mdk.x86_64.rpm 4dfedb90e3f6249ea662bb47df938d16 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.9.C21mdk.x86_64.rpm 94e043c2439c13e3b829298982fe1f42 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.9.C21mdk.x86_64.rpm ff21acb50be45d2fba6b47fc65747db6 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.9.C21mdk.x86_64.rpm ef9b4b42e7d425fb1994a14c59a6b783 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.9.C21mdk.src.rpm Corporate 3.0/X86_64: d37f68dc8e316d66534b9e8c1271ac28 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.7.C30mdk.x86_64.rpm 5e2b3dfd3f0bd5c5663a941f8249eacb x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.7.C30mdk.x86_64.rpm c3f4bfde26c351d68e69f08e32cab55e x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.7.C30mdk.x86_64.rpm 66689b4a41a53463a7257add19dcee1b x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.7.C30mdk.x86_64.rpm 5b11a94570f61bf3c783cb9b3474e2c9 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.7.C30mdk.x86_64.rpm b1e5fe6870130ab6478dfa0becc16e74 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.7.C30mdk.src.rpm Mandrakelinux 9.2/AMD64: 82d2b5794f51069b2e23aa0b2a451205 amd64/9.2/RPMS/cups-1.1.19-10.7.92mdk.amd64.rpm 6fbc82f6e69736e2fca7c947c3f2e2ba amd64/9.2/RPMS/cups-common-1.1.19-10.7.92mdk.amd64.rpm 64452fd2b22d176811d43a4fad4704b5 amd64/9.2/RPMS/cups-serial-1.1.19-10.7.92mdk.amd64.rpm d317fdcd91d9c1974903025d6eb55da3 amd64/9.2/RPMS/lib64cups2-1.1.19-10.7.92mdk.amd64.rpm c52af110fdb57c8164e0efedc8074bbe amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.7.92mdk.amd64.rpm 8ed5be0556fac198f872fd7a160b8bf5 amd64/9.2/SRPMS/cups-1.1.19-10.7.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCFVehmqjQ0CJFipgRAk41AJ9fEpaiA3ngelDouyMU41C5du1JKgCgy0nU 2r55cl20pwVkb5TATTiRZsU= =E6Fu -----END PGP SIGNATURE-----