Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Mandriva - Five Security Update Advisories

August 2005

Mandriva - Five Security Update Advisories

ID: 00674
Ref: 623/05
Date: 12 August 2005:16:56:29
Version: 1
Title: Mandriva - Five Security Update Advisories
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Five Security Update Advisories:
1. Updated xpdf packages fix vulnerability [MDKSA-2005:134]
2. Updated kdegraphics packages fix vulnerability [MDKSA-2005:135]
3. Updated gpdf packages fix vulnerability [MDKSA-2005:136]
4. Updated ucd-snmp packages fix a DoS vulnerability [MDKSA-2005:137]
5. Updated cups packages fix vulnerability [MDKSA-2005:138]


Detail
======

Security update advisory summaries:

1. A vulnerability in the xpdf PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause xpdf to consume
all available disk space in /tmp when opened.

2. A vulnerability in the kpdf KDE PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause kpdf to consume
all available disk space in /tmp when opened.

3. A vulnerability in the gpdf PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause gpdf to consume
all available disk space in /tmp when opened.

4. A Denial of Service vulnerability was discovered in the way that
ucd-snmp uses network stream protocols. A remote attacker could send
a ucd-snmp agent a specially crafted packet that would cause the agent
to crash.

5. A vulnerability was discovered in the CUPS printing package where
when processing a PDF file, bounds checking was not correctly
performed on some fields. As a result, this could cause the pdtops
filter to crash.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xpdf
Advisory ID: MDKSA-2005:134
Date: August 11th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A vulnerability in the xpdf PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause xpdf to consume
all available disk space in /tmp when opened.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
7f4f100067cd672f016516b194909e43 10.1/RPMS/xpdf-3.00-7.5.101mdk.i586.rpm
7368fa33facb2083cd26a6ef3a799948 10.1/SRPMS/xpdf-3.00-7.5.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
56cadb3d47e6710952de1049ce13fab1 x86_64/10.1/RPMS/xpdf-3.00-7.5.101mdk.x86_64.rpm
7368fa33facb2083cd26a6ef3a799948 x86_64/10.1/SRPMS/xpdf-3.00-7.5.101mdk.src.rpm

Mandrakelinux 10.2:
787175ff7706f5ab401b3513d083c837 10.2/RPMS/xpdf-3.00pl3-6.1.102mdk.i586.rpm
10a6b76595cef0a8ab5c6bf7192a095f 10.2/SRPMS/xpdf-3.00pl3-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
45ad909c03b59b466dc1b87f822fba00 x86_64/10.2/RPMS/xpdf-3.00pl3-6.1.102mdk.x86_64.rpm
10a6b76595cef0a8ab5c6bf7192a095f x86_64/10.2/SRPMS/xpdf-3.00pl3-6.1.102mdk.src.rpm

Corporate 3.0:
c45e030af9055bcfc3ccd6c38ee6e226 corporate/3.0/RPMS/xpdf-3.00-5.6.C30mdk.i586.rpm
064e874426edf0ae682a663fd808dcb4 corporate/3.0/SRPMS/xpdf-3.00-5.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
78a63c78dcf717ef6a35fbbd554d7a19 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.6.C30mdk.x86_64.rpm
064e874426edf0ae682a663fd808dcb4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.6.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7HCmqjQ0CJFipgRAo7YAJ92L4dHgAcRmcMGqZPqJRlv/IM+6QCgvO0K
gklbkGZ74VGVfbpMdX2CoQI=
=xt5U
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: kdegraphics
Advisory ID: MDKSA-2005:135
Date: August 11th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

A vulnerability in the kpdf KDE PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause kpdf to consume
all available disk space in /tmp when opened.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
dc99859286e4d0fed79e36a2234f968b 10.2/RPMS/kdegraphics-3.3.2-21.2.102mdk.i586.rpm
ef892e76c8facb4d4a6dfbdee38ba43f 10.2/RPMS/kdegraphics-common-3.3.2-21.2.102mdk.i586.rpm
d5c53c81977b6afc9e99489011138f96 10.2/RPMS/kdegraphics-kdvi-3.3.2-21.2.102mdk.i586.rpm
fa73712fe80d6781fc10e165ebf3f51b 10.2/RPMS/kdegraphics-kfax-3.3.2-21.2.102mdk.i586.rpm
9a120204e9d79af11c5d3155dfe62c5f 10.2/RPMS/kdegraphics-kghostview-3.3.2-21.2.102mdk.i586.rpm
82083ee778f6ef85caef00374f81ca93 10.2/RPMS/kdegraphics-kiconedit-3.3.2-21.2.102mdk.i586.rpm
c08c81b8100c411db62eb57060cffc10 10.2/RPMS/kdegraphics-kolourpaint-3.3.2-21.2.102mdk.i586.rpm
c47bd293b26c83efcf232ff0289cfb76 10.2/RPMS/kdegraphics-kooka-3.3.2-21.2.102mdk.i586.rpm
f5a4851fd0bf983c8bb7cf84b4ea5d70 10.2/RPMS/kdegraphics-kpaint-3.3.2-21.2.102mdk.i586.rpm
d9eb92a5b8563d352a024edf46697ba2 10.2/RPMS/kdegraphics-kpdf-3.3.2-21.2.102mdk.i586.rpm
5966cff09aa2fc0ccfa7e20c90cf685e 10.2/RPMS/kdegraphics-kpovmodeler-3.3.2-21.2.102mdk.i586.rpm
56a56d26e4f8d76b2d9767c984adbff8 10.2/RPMS/kdegraphics-kruler-3.3.2-21.2.102mdk.i586.rpm
6a3a3bf1536264dfb3fcb76234ea1f53 10.2/RPMS/kdegraphics-ksnapshot-3.3.2-21.2.102mdk.i586.rpm
58939be6689e882e9333131ba7ae34b4 10.2/RPMS/kdegraphics-ksvg-3.3.2-21.2.102mdk.i586.rpm
b8ab358a9c108a0287c3fc91b4c5b6ce 10.2/RPMS/kdegraphics-kuickshow-3.3.2-21.2.102mdk.i586.rpm
855cf3cbbdcc291f148c56d1d96ccd38 10.2/RPMS/kdegraphics-kview-3.3.2-21.2.102mdk.i586.rpm
94786f5cba3f6708307264d85eca1cf6 10.2/RPMS/kdegraphics-mrmlsearch-3.3.2-21.2.102mdk.i586.rpm
df4b7c27e0840c93afa31723bddfec8f 10.2/RPMS/libkdegraphics0-common-3.3.2-21.2.102mdk.i586.rpm
8eb00f01f5aebf9c8c8f02731924ee36 10.2/RPMS/libkdegraphics0-common-devel-3.3.2-21.2.102mdk.i586.rpm
6a468ed84919e033d42aa948beaf3086 10.2/RPMS/libkdegraphics0-kghostview-3.3.2-21.2.102mdk.i586.rpm
351a74ef90d41124b3bb635bc38f9d09 10.2/RPMS/libkdegraphics0-kghostview-devel-3.3.2-21.2.102mdk.i586.rpm
ddfa6189d773023f2ea9d44755e4469a 10.2/RPMS/libkdegraphics0-kooka-3.3.2-21.2.102mdk.i586.rpm
d1a3935ca53fc9a24199f7e14c899b14 10.2/RPMS/libkdegraphics0-kooka-devel-3.3.2-21.2.102mdk.i586.rpm
e1d9efd2588cfcc38d4dcce4acb58d0f 10.2/RPMS/libkdegraphics0-kpovmodeler-3.3.2-21.2.102mdk.i586.rpm
b0b7ca65dd69cb59a2a3eda210953d1c 10.2/RPMS/libkdegraphics0-kpovmodeler-devel-3.3.2-21.2.102mdk.i586.rpm
8e8b5a4edc7b45bcf1be1e3d46a6757a 10.2/RPMS/libkdegraphics0-ksvg-3.3.2-21.2.102mdk.i586.rpm
834f3866fe6ba195307487f449b58d4d 10.2/RPMS/libkdegraphics0-ksvg-devel-3.3.2-21.2.102mdk.i586.rpm
ac457fab7ebfea9f0c519ab1ec2f32cd 10.2/RPMS/libkdegraphics0-kuickshow-3.3.2-21.2.102mdk.i586.rpm
47092acf77b769b620ba9748ca868a22 10.2/RPMS/libkdegraphics0-kview-3.3.2-21.2.102mdk.i586.rpm
7f97d956309b0467359f3f522f897a9a 10.2/RPMS/libkdegraphics0-kview-devel-3.3.2-21.2.102mdk.i586.rpm
315a93ebae47bbb647125c385a8e3d3f 10.2/RPMS/libkdegraphics0-mrmlsearch-3.3.2-21.2.102mdk.i586.rpm
ff7a54a756406bdd58e4159476e78114 10.2/SRPMS/kdegraphics-3.3.2-21.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
371492535d90510377975b818b6cceb2 x86_64/10.2/RPMS/kdegraphics-3.3.2-21.2.102mdk.x86_64.rpm
b1678ad78ea0ffd304eebfda97279256 x86_64/10.2/RPMS/kdegraphics-common-3.3.2-21.2.102mdk.x86_64.rpm
ddc17693e76485b149dfc6d83197bee8 x86_64/10.2/RPMS/kdegraphics-kdvi-3.3.2-21.2.102mdk.x86_64.rpm
fd3d77c9cc5348ee046c2660b61d7015 x86_64/10.2/RPMS/kdegraphics-kfax-3.3.2-21.2.102mdk.x86_64.rpm
aefbbdd70bf5b13577bb7ae5e0580046 x86_64/10.2/RPMS/kdegraphics-kghostview-3.3.2-21.2.102mdk.x86_64.rpm
9382bb409c6f2bd78c25dd4bd9c099e0 x86_64/10.2/RPMS/kdegraphics-kiconedit-3.3.2-21.2.102mdk.x86_64.rpm
2693a7332d9a02ed059535f97f87d395 x86_64/10.2/RPMS/kdegraphics-kolourpaint-3.3.2-21.2.102mdk.x86_64.rpm
5fafa0928c09d3ae9779b75141c6117c x86_64/10.2/RPMS/kdegraphics-kooka-3.3.2-21.2.102mdk.x86_64.rpm
64633c041bd2dced17eb2cbc10d0d2b7 x86_64/10.2/RPMS/kdegraphics-kpaint-3.3.2-21.2.102mdk.x86_64.rpm
7e1953e64b8807f6f1f5259461eb34b1 x86_64/10.2/RPMS/kdegraphics-kpdf-3.3.2-21.2.102mdk.x86_64.rpm
00bb60faa9ef9a7ec21e3525ed5561d4 x86_64/10.2/RPMS/kdegraphics-kpovmodeler-3.3.2-21.2.102mdk.x86_64.rpm
f247e4c766652d2d3a15986881a11cf1 x86_64/10.2/RPMS/kdegraphics-kruler-3.3.2-21.2.102mdk.x86_64.rpm
85431fe8e530992bd49ca69a59f0e2b3 x86_64/10.2/RPMS/kdegraphics-ksnapshot-3.3.2-21.2.102mdk.x86_64.rpm
8cee3225a9e7298698d2574a77686762 x86_64/10.2/RPMS/kdegraphics-ksvg-3.3.2-21.2.102mdk.x86_64.rpm
e97f0429d28ec59c7b5afc27b9761af8 x86_64/10.2/RPMS/kdegraphics-kuickshow-3.3.2-21.2.102mdk.x86_64.rpm
b9e87ae4b7fed624ba20c120d675b319 x86_64/10.2/RPMS/kdegraphics-kview-3.3.2-21.2.102mdk.x86_64.rpm
19332441b7057b15755bdae3e37277ba x86_64/10.2/RPMS/kdegraphics-mrmlsearch-3.3.2-21.2.102mdk.x86_64.rpm
b0667c3aad4160080f92def692ad270f x86_64/10.2/RPMS/lib64kdegraphics0-common-3.3.2-21.2.102mdk.x86_64.rpm
4cc674f3a375954937366d2a52ca3662 x86_64/10.2/RPMS/lib64kdegraphics0-common-devel-3.3.2-21.2.102mdk.x86_64.rpm
dc2e8fef7c03828ee5393ffa98d3adf3 x86_64/10.2/RPMS/lib64kdegraphics0-kghostview-3.3.2-21.2.102mdk.x86_64.rpm
37b22f4c2eac765038ae559765f23532 x86_64/10.2/RPMS/lib64kdegraphics0-kghostview-devel-3.3.2-21.2.102mdk.x86_64.rpm
3b02ec29fc8abd8b4bf76a2e7bcf5cdd x86_64/10.2/RPMS/lib64kdegraphics0-kooka-3.3.2-21.2.102mdk.x86_64.rpm
caf54d100aa98e50aa8e13f9e8babc66 x86_64/10.2/RPMS/lib64kdegraphics0-kooka-devel-3.3.2-21.2.102mdk.x86_64.rpm
6b670ee7d4e90ecc6447f3cc402b4912 x86_64/10.2/RPMS/lib64kdegraphics0-kpovmodeler-3.3.2-21.2.102mdk.x86_64.rpm
4521f77d6fc03815c5b011fd8b8e9d0f x86_64/10.2/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.3.2-21.2.102mdk.x86_64.rpm
af03e92003c944d8017a669cbdccc264 x86_64/10.2/RPMS/lib64kdegraphics0-ksvg-3.3.2-21.2.102mdk.x86_64.rpm
626457c41e46b369d565ef3c01e86e08 x86_64/10.2/RPMS/lib64kdegraphics0-ksvg-devel-3.3.2-21.2.102mdk.x86_64.rpm
bc981122de4936cf0e388c2fcf0ef9de x86_64/10.2/RPMS/lib64kdegraphics0-kuickshow-3.3.2-21.2.102mdk.x86_64.rpm
5a7aced477550ecfa7ed0df1b11f782b x86_64/10.2/RPMS/lib64kdegraphics0-kview-3.3.2-21.2.102mdk.x86_64.rpm
d99b9d3d03d3bf550abd28f174acd8e8 x86_64/10.2/RPMS/lib64kdegraphics0-kview-devel-3.3.2-21.2.102mdk.x86_64.rpm
afe126ed795de6981081bdd1c84b704e x86_64/10.2/RPMS/lib64kdegraphics0-mrmlsearch-3.3.2-21.2.102mdk.x86_64.rpm
ff7a54a756406bdd58e4159476e78114 x86_64/10.2/SRPMS/kdegraphics-3.3.2-21.2.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7JlmqjQ0CJFipgRAkCiAJwO24cmq1iX8pVhjsVtbLwNvRfUmwCcC0+h
ylLnIDyglGnzIxkz0ZAG1AM=
=eD4j
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gpdf
Advisory ID: MDKSA-2005:136
Date: August 11th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

A vulnerability in the gpdf PDF viewer was discovered. An attacker
could construct a malicious PDF file that would cause gpdf to consume
all available disk space in /tmp when opened.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
1cffcdef7f8da773c40be8d1cfe80ac5 10.2/RPMS/gpdf-2.8.3-3.1.102mdk.i586.rpm
19a31d5279c577ec707c23f631a55bf0 10.2/SRPMS/gpdf-2.8.3-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
a1f9cce3bed064907a3ef957991b0137 x86_64/10.2/RPMS/gpdf-2.8.3-3.1.102mdk.x86_64.rpm
19a31d5279c577ec707c23f631a55bf0 x86_64/10.2/SRPMS/gpdf-2.8.3-3.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7L+mqjQ0CJFipgRAii4AJ9mfS9Isf6yP1ticOpYF6LZMT+kwQCgk5xK
+vQvdrmuyIUuxtcnoSnXJ7M=
=D94C
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ucd-snmp
Advisory ID: MDKSA-2005:137
Date: August 11th, 2005

Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A Denial of Service vulnerability was discovered in the way that
ucd-snmp uses network stream protocols. A remote attacker could send
a ucd-snmp agent a specially crafted packet that would cause the agent
to crash.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
1ec82c6bba06b67fab79512b5d69991f 10.0/RPMS/libsnmp0-4.2.3-8.1.100mdk.i586.rpm
2f71452cb8c240901b01cae587cb99a0 10.0/RPMS/libsnmp0-devel-4.2.3-8.1.100mdk.i586.rpm
991e54c57ec7d6d0347d0fb01299ed7b 10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.i586.rpm
03c23cc0777224e66e382df0310e9284 10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.i586.rpm
656b798cb43a4fa9b6311a15a7255e53 10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6b67f45785c222cf3ec311e7a1e11aa2 amd64/10.0/RPMS/lib64snmp0-4.2.3-8.1.100mdk.amd64.rpm
ba7744a7506b3c3b46d6d81b0e2a17dd amd64/10.0/RPMS/lib64snmp0-devel-4.2.3-8.1.100mdk.amd64.rpm
57ffd179857bdf9d77bc92b89a9eb5ba amd64/10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.amd64.rpm
f3aa3c69a2c96d6c5ef6f977091d0390 amd64/10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.amd64.rpm
656b798cb43a4fa9b6311a15a7255e53 amd64/10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm

Mandrakelinux 10.1:
d21f32fa4f6d9237132d67a8fe1b4a98 10.1/RPMS/libsnmp0-4.2.3-11.1.101mdk.i586.rpm
8ad8f1d530f8596220c72f98fe67097b 10.1/RPMS/libsnmp0-devel-4.2.3-11.1.101mdk.i586.rpm
d1c8c884b432ea3dd02a6fe08d8a5f57 10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.i586.rpm
c7b3c2f5fe98def745a564712bbf8296 10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.i586.rpm
9abd6284019ce141e0903aa37799f35f 10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
0cf3cdf2c2fd9f499030fc1e1aa04d3f x86_64/10.1/RPMS/lib64snmp0-4.2.3-11.1.101mdk.x86_64.rpm
e6e8d2722098f70f977d2d928b32a2ef x86_64/10.1/RPMS/lib64snmp0-devel-4.2.3-11.1.101mdk.x86_64.rpm
ca7025278a9b5d2f5c3d36180a5c821b x86_64/10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.x86_64.rpm
aa7c499f22e26a12ff3de0da204028dd x86_64/10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.x86_64.rpm
9abd6284019ce141e0903aa37799f35f x86_64/10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm

Corporate Server 2.1:
6d491b7a64870b3e9f836a05c7a913ee corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.i586.rpm
896f988b8ec39d98e5d5610d481c4b42 corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.i586.rpm
0edbe96f4d21e36da8f0390a68ce66ed corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.i586.rpm
d3fd811451030ca94ceb9fcefd2f1fbb corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.i586.rpm
cb4f36a706cf22b259dce990accd0073 corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
04503e5c624db249276f1443e1447eb3 x86_64/corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.x86_64.rpm
f122515b0bc5bf07ba097fa511b7e5c9 x86_64/corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.x86_64.rpm
65e892b827b65da9dba1e4b8589a42fe x86_64/corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.x86_64.rpm
7ad7585692e61205b2655ee8c3357f4d x86_64/corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.x86_64.rpm
cb4f36a706cf22b259dce990accd0073 x86_64/corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm

Corporate 3.0:
806a8b30df5fdab502fd4212010fe966 corporate/3.0/RPMS/libsnmp0-4.2.3-8.1.C30mdk.i586.rpm
a17b9b5a8a64b4eea1182780cb047c43 corporate/3.0/RPMS/libsnmp0-devel-4.2.3-8.1.C30mdk.i586.rpm
d79ecaaec17d6890cfcc5e3ddfbd0b59 corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.i586.rpm
e38b6010ca5a50923487d0da60b124fa corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.i586.rpm
331f9d7c8087be72b048422556b2e6b3 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
8debb15a1a7ae05cda3cc280605ccf5a x86_64/corporate/3.0/RPMS/lib64snmp0-4.2.3-8.1.C30mdk.x86_64.rpm
e6f458df2f1d5c058e6d7a0d7f8573aa x86_64/corporate/3.0/RPMS/lib64snmp0-devel-4.2.3-8.1.C30mdk.x86_64.rpm
1e6ac132e2090a88df63912219948ffc x86_64/corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.x86_64.rpm
90e5cea17f37f6107a0fada648b692ea x86_64/corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.x86_64.rpm
331f9d7c8087be72b048422556b2e6b3 x86_64/corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7OXmqjQ0CJFipgRArSKAJwJKcBm/VsggNtfAAFGa1F2p+ijSgCg8Bax
4jzFXfCO8o6Zy1w5DK9VTz4=
=SHMN
- -----END PGP SIGNATURE-----




5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: cups
Advisory ID: MDKSA-2005:138
Date: August 11th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability was discovered in the CUPS printing package where
when processing a PDF file, bounds checking was not correctly
performed on some fields. As a result, this could cause the pdtops
filter to crash.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
5d48bca988287653dd56975cc47a9011 10.0/RPMS/cups-1.1.20-5.8.100mdk.i586.rpm
4766df09a7d3dab61dff26d18210607e 10.0/RPMS/cups-common-1.1.20-5.8.100mdk.i586.rpm
01d3f0e9fbca7245d29e0008f511379e 10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.i586.rpm
f654610a508b60e19a9fdd909a36ca50 10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm
2a8b8d18b2f3aafec1b3f5a6e27c8f76 10.0/RPMS/libcups2-devel-1.1.20-5.8.100mdk.i586.rpm
e8fbda4a5bc004645231929662b461f0 10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e6c500410c6737912b341994c1079a02 amd64/10.0/RPMS/cups-1.1.20-5.8.100mdk.amd64.rpm
290cbd28249758d012ce0f6405fe8bb7 amd64/10.0/RPMS/cups-common-1.1.20-5.8.100mdk.amd64.rpm
a23b7e1868ff06db1c3358ddad003e08 amd64/10.0/RPMS/cups-serial-1.1.20-5.8.100mdk.amd64.rpm
501e5559e13ab873eb84ee7449258c2c amd64/10.0/RPMS/lib64cups2-1.1.20-5.8.100mdk.amd64.rpm
39270cd3e6719b3a531c748a85d005e9 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.8.100mdk.amd64.rpm
f654610a508b60e19a9fdd909a36ca50 amd64/10.0/RPMS/libcups2-1.1.20-5.8.100mdk.i586.rpm
e8fbda4a5bc004645231929662b461f0 amd64/10.0/SRPMS/cups-1.1.20-5.8.100mdk.src.rpm

Mandrakelinux 10.1:
175bc89b8c2aa3f49f3b264eb3d11c08 10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.i586.rpm
a0f2a26a2c03c4eeb4b2d8c0edead1d7 10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.i586.rpm
f266721618d085b9039f5dca9674ecb2 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.i586.rpm
631dbfd315035444776fd6cf95cf6acd 10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm
d35a97d673a4ac95ace0a42537f88025 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.6.101mdk.i586.rpm
63feebc89515a0df9119c425c4a35884 10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
d36a3f804109352ab330793e97e1a0de x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
b50419737107d955258878707d575935 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
0d9a6b76fc5eae9190f73ad14f5cfbc2 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
7782f4c85b11d9eaf980488b84d06e93 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
ed0fe1a09d4564c4495bacb221df847d x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.6.101mdk.x86_64.rpm
631dbfd315035444776fd6cf95cf6acd x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.6.101mdk.i586.rpm
63feebc89515a0df9119c425c4a35884 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.6.101mdk.src.rpm

Mandrakelinux 10.2:
c1ef8da952cd9e56e2746be2b0bb5bd9 10.2/RPMS/cups-1.1.23-11.1.102mdk.i586.rpm
736fd01eacca34d04607795d1ef6547f 10.2/RPMS/cups-common-1.1.23-11.1.102mdk.i586.rpm
7d9dabe327857b8295bca0c689725732 10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.i586.rpm
829d2177b1f7317e5a8cde837aca55b4 10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm
16a599e6757a5bd5ed6820833d968b33 10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm
27c0d389d9a85467c9a70944b4362ec4 10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
3a1ccbf7ae89e47c1778f3c5997b178f x86_64/10.2/RPMS/cups-1.1.23-11.1.102mdk.x86_64.rpm
d3275ccee68d7429fda7ba20f89c518c x86_64/10.2/RPMS/cups-common-1.1.23-11.1.102mdk.x86_64.rpm
e665f3d80d4e13de539d9fa39a16d22e x86_64/10.2/RPMS/cups-serial-1.1.23-11.1.102mdk.x86_64.rpm
9b5863c09729384a019f725d6861839e x86_64/10.2/RPMS/lib64cups2-1.1.23-11.1.102mdk.x86_64.rpm
63770318c658c4186d7d57a2208ed46a x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.1.102mdk.x86_64.rpm
829d2177b1f7317e5a8cde837aca55b4 x86_64/10.2/RPMS/libcups2-1.1.23-11.1.102mdk.i586.rpm
16a599e6757a5bd5ed6820833d968b33 x86_64/10.2/RPMS/libcups2-devel-1.1.23-11.1.102mdk.i586.rpm
27c0d389d9a85467c9a70944b4362ec4 x86_64/10.2/SRPMS/cups-1.1.23-11.1.102mdk.src.rpm

Corporate Server 2.1:
cf770f5bf37c8318ba77c5fcde438172 corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.i586.rpm
524af59e822beba950b117106a1f96ed corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.i586.rpm
5be445e71199134e69dabe35c1e3be7d corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.i586.rpm
a54a56a116a971a49bf2f0bdbb68e94f corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.i586.rpm
77365811d8997c9ffe4495b27005dfa6 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.i586.rpm
20c930c0306bfd6294ac99f4e479b61b corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
65685f8e7a1d812a02e9cb589b2bce69 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.10.C21mdk.x86_64.rpm
aadb1a546919cc920ebec02d2bc49cfd x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.10.C21mdk.x86_64.rpm
5cfc03537c65469e4d639ef0b70cae89 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.10.C21mdk.x86_64.rpm
5dcab751c4e4882492824dbcc7cb68d3 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.10.C21mdk.x86_64.rpm
0277512cc9357f1644abb49f3a514b9d x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.10.C21mdk.x86_64.rpm
20c930c0306bfd6294ac99f4e479b61b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.10.C21mdk.src.rpm

Corporate 3.0:
ada77f1b64381034566313eb87f809c9 corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.i586.rpm
55be908096a2354e98f661ce596b2361 corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.i586.rpm
9d2b28df649b1a96e3937839adac1933 corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.i586.rpm
3dde8924c65df2232a1e908605a25c67 corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm
8aa74d6b8b151d6ca0520c8d8b23cab1 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.8.C30mdk.i586.rpm
e0606323bf662289f25298c29d64faed corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
88a009de39c8d2f7fa137c0f113ccac2 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.8.C30mdk.x86_64.rpm
7512d729ba5767b120390dd65b2d32d5 x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.8.C30mdk.x86_64.rpm
15c7f2318320357a8a54d3aa10206a99 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.8.C30mdk.x86_64.rpm
a685089585d71ba77578a25187d4970c x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.8.C30mdk.x86_64.rpm
89507149b4b041b3d954e7c2e97c0feb x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.8.C30mdk.x86_64.rpm
3dde8924c65df2232a1e908605a25c67 x86_64/corporate/3.0/RPMS/libcups2-1.1.20-5.8.C30mdk.i586.rpm
e0606323bf662289f25298c29d64faed x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.8.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+7Q2mqjQ0CJFipgRArJqAJ9Ct27CrTdqO+IWgn7o/t8y3QxvkACgxyg1
Kl+kyirBMLuNwZYU7mPLmpk=
=HdMX
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |