Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, and other products allow remote
attackers to cause a denial of service (crash) via a crafted PDF file,
related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3)
JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as
used in Poppler and other products, when running on Mac OS X, has
unspecified impact, related to g*allocn. (CVE-2009-0165)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of
service (crash) via a crafted PDF file that triggers a free of
uninitialized memory. (CVE-2009-0166)

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly related
to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
an out-of-bounds read. (CVE-2009-0799)

Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other
products allow remote attackers to execute arbitrary code via a
crafted PDF file. (CVE-2009-0800)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF
file. (CVE-2009-1179)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
execute arbitrary code via a crafted PDF file that triggers a free of
invalid data. (CVE-2009-1180)

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
cause a denial of service (crash) via a crafted PDF file that triggers
a NULL pointer dereference. (CVE-2009-1181)

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other
products allow remote attackers to execute arbitrary code via a
crafted PDF file. (CVE-2009-1182)

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file. (CVE-2009-1183)

Two integer overflow flaws were found in the CUPS pdftops filter. An
attacker could create a malicious PDF file that would cause pdftops to
crash or, potentially, execute arbitrary code as the lp user if the
file was printed. (CVE-2009-3608, CVE-2009-3609)

This update corrects the problems.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now