SCIENTIFIC-LINUX-ERRATA Archives

October 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 14 Oct 2008 16:16:21 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (99 lines) 
We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has 
been fixed and is working now.  Both the x86_64 and i386 rpm's have been 
rebuilt with the new name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

        SRPMS:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.src.rpm
        i386:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
        x86_64:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm

Troy Dawson

Troy J Dawson wrote:
> Synopsis:       Important: cups security update
> Issue date:     2008-10-10
> CVE Names:      CVE-2008-3639 CVE-2008-3640 CVE-2008-3641
> 
> A buffer overflow flaw was discovered in the SGI image format decoding
> routines used by the CUPS image converting filter "imagetops". An attacker
> could create a malicious SGI image file that could, possibly, execute
> arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)
> 
> An integer overflow flaw leading to a heap buffer overflow was discovered
> in the Text-to-PostScript "texttops" filter. An attacker could create a
> malicious text file that could, possibly, execute arbitrary code as the
> "lp" user if the file was printed. (CVE-2008-3640)
> 
> An insufficient buffer bounds checking flaw was discovered in the
> HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a
> malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
> "lp" user if the file was printed. (CVE-2008-3641)
> 
> SL 3.0.x
> 
>       SRPMS:
> cups-1.1.17-13.3.54.src.rpm
>       i386:
> cups-1.1.17-13.3.54.i386.rpm
> cups-devel-1.1.17-13.3.54.i386.rpm
> cups-libs-1.1.17-13.3.54.i386.rpm
>       x86_64:
> cups-1.1.17-13.3.54.x86_64.rpm
> cups-devel-1.1.17-13.3.54.x86_64.rpm
> cups-libs-1.1.17-13.3.54.i386.rpm
> cups-libs-1.1.17-13.3.54.x86_64.rpm
> 
> SL 4.x
> 
>       SRPMS:
> cups-1.1.22-0.rc1.9.27.el4_7.1.src.rpm
>       i386:
> cups-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
>       x86_64:
> cups-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> 
> SL 5.x
> 
>       SRPMS:
> cups-1.2.4-11.18.el5_2.2.src.rpm
>       i386:
> cups-1.2.4-11.18.el5_2.2.i386.rpm
> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
> cups-lpd-1.2.4-11.18.el5_2.2.i386.rpm
>       x86_64:
> cups-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
> cups-devel-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
> cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-lpd-1.2.4-11.18.el5_2.2.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2