Bug 19666 - Multiple Security Vulnerabilities
: Multiple Security Vulnerabilities
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/cups)
: unstable
: all Linux
: P3 blocker
Assigned To:
:
: https://rhn.redhat.com/errata/RHSA-20...
: security
:
:
  Show dependency tree
 
Reported: 2009-04-18 14:54 by
Modified: 2009-05-25 20:12 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-04-18 14:54:59
Обнаружено множество уязвимостей в cups:

CVE-2009-0163 cups: Integer overflow in the TIFF image filter
CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap,
readSymbolDictSeg)
CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder
CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2
decoder
CVE-2009-0799 PDF JBIG2 decoder OOB read
CVE-2009-0800 PDF JBIG2 multiple input validation flaws
CVE-2009-1179 PDF JBIG2 integer overflow
CVE-2009-1180 PDF JBIG2 invalid free()
CVE-2009-1181 PDF JBIG2 NULL dereference
CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows
CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS

Апстрим выпустил версию 1.3.10, где пофикшены часть этих проблем. Теперь для
конвертации из PDF в PostScript будет использоваться не встроенный код,
базированый на xpdf, а врапер на xpdf/poppler.
http://www.cups.org/articles.php?L582
------- Comment #1 From 2009-04-18 14:56:09 -------
security -> blocker
------- Comment #2 From 2009-04-20 09:57:29 -------
* Fri Apr 17 16:00:00 2009 Stanislav Ievlev <inger@altlinux.org> 1.3.10-alt1
- 1.3.10 (security update)
- add support for PidFile option (closes: #19477)

Следите за Сизифом ;)
------- Comment #3 From 2009-04-20 17:31:51 -------
с cups вроде бы всё ок, но при обновлении вытянулись "дырявые"
xpdf-utils-3.02-alt4 и xpdf-common-3.02-alt4...
------- Comment #4 From 2009-05-25 20:12:49 -------
closed