dcsimg
Linux Today: Linux News On Internet Time.





Mandrakelinux Advisories: squid, wxGTK2, kdegraphics, gaim, cups, gpdf, xpdf

Oct 22, 2004, 15:59 (0 Talkback[s])

Mandrakelinux Security Update Advisory


Package name: squid
Advisory ID: MDKSA-2004:112
Date: October 21st, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2


Problem Description:

iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting.

Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities


Updated Packages:

Mandrakelinux 10.0:
73fa6afb48cd0c9985ff1ca0fe4502e6 10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.i586.rpm
6c927aa442c77b743f7861b05930cf9d 10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
197673fc1350ee72516f28a1bced5125 amd64/10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
6c927aa442c77b743f7861b05930cf9d amd64/10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm

Corporate Server 2.1:
d430ee037aea1e66b1bcc488e2e502ca corporate/2.1/RPMS/squid-2.4.STABLE7-2.2.C21mdk.i586.rpm
ad5d5630905720f6e2b358430d5d366a corporate/2.1/SRPMS/squid-2.4.STABLE7-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
4ba0032bb54a30c1d2cb221b128f9f22 x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.2.C21mdk.x86_64.rpm
ad5d5630905720f6e2b358430d5d366a x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.2.C21mdk.src.rpm

Mandrakelinux 9.2:
a026dc8229fddb9072b9029f2cf9c0e9 9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.i586.rpm
a09fa332b5f211305012012ca24e59d2 9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
52a4d17751414ac7a5f3c091ef4b1c48 amd64/9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
a09fa332b5f211305012012ca24e59d2 amd64/9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm

Multi Network Firewall 8.2:
95fc106c9cd480a933b4aefab1ab2ae8 mnf8.2/RPMS/squid-2.4.STABLE7-1.3.M82mdk.i586.rpm
0895cefcfe0e7bb183502a19c37b4814 mnf8.2/SRPMS/squid-2.4.STABLE7-1.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: wxGTK2
Advisory ID: MDKSA-2004:111
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities:

Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803)

Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804)

Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886)


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886


Updated Packages:

Mandrakelinux 10.0:
89c1cb672d4c3b10f82028015bc70561 10.0/RPMS/libwxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
cfce0a6e9ee754001a23ffd3c50c11db 10.0/RPMS/libwxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
dd3cb6919ca0611c97c462acdb67b799 10.0/RPMS/libwxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
162cbe607fe645bd9cbc65d5ef7095ef 10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
757b3b2aca258ecaedef0f16a8ea85da 10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0a871df7bb36c375d779304c453f521c amd64/10.0/RPMS/lib64wxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
696c530bbd3fc68174a75231e68d2cee amd64/10.0/RPMS/lib64wxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
ae7d9e51d3a93ba6581db43b26e6b626 amd64/10.0/RPMS/lib64wxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
f93e1b508deaa09b4ea82a272a691371 amd64/10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
757b3b2aca258ecaedef0f16a8ea85da amd64/10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: kdegraphics
Advisory ID: MDKSA-2004:115
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf:

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.

The updated packages are patched to protect against these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888


Updated Packages:

Mandrakelinux 10.0:
54d34901667194a884990df8fceda44c 10.0/RPMS/kdegraphics-3.2-15.2.100mdk.i586.rpm
c4393b2bef8977690eccc8ed51a8efca 10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.i586.rpm
edbbe2c21d81f8677f16c2956a06009c 10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.i586.rpm
b69407bdd8d350da7173f517f2f7d51e 10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.i586.rpm
cd077849e2865034b3610c9235d53819 10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.i586.rpm
3de0a548d73689a892d48a85406b8367 10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.i586.rpm
1d4eaaa7b4a47343b05004d4fc023988 10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.i586.rpm
60f70cd8d5980f74ca000903a1d71771 10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.i586.rpm
7176f1ebb79391b5fcc3d68941dccb35 10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.i586.rpm
2133d2d63704206192910570b6bc742d 10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.i586.rpm
6b21f6fea34206888c47b89d5a0536af 10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.i586.rpm
86612aea584598abec93481389525095 10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.i586.rpm
1f87a0f8ee2de982a58ad24491fc6b1e 10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.i586.rpm
e09d7392164b04b3209f6ef5f197325e 10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.i586.rpm
0681dd5bd8be3c6eaef7d26bbfd338aa 10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.i586.rpm
cc6e2ea22232cd78ac6563e636ba2b22 10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.i586.rpm
cb5026e54d040308243b9644dff42bae 10.0/RPMS/libkdegraphics0-common-3.2-15.2.100mdk.i586.rpm
6bec482da4b14188d860853db62228b5 10.0/RPMS/libkdegraphics0-common-devel-3.2-15.2.100mdk.i586.rpm
73cc1c8d2165273320375df5dc29e7c2 10.0/RPMS/libkdegraphics0-kooka-3.2-15.2.100mdk.i586.rpm
c64f9cd73ab00e9e52338e03b29cb2f4 10.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.2.100mdk.i586.rpm
425f38c7c3cc3fab66ff43d4f554c7d2 10.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.2.100mdk.i586.rpm
c33cf1d0feb1d82cc196e677a5efc758 10.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.i586.rpm
a8c9c5d367d4f85cd4f9fcc61a8a0d2d 10.0/RPMS/libkdegraphics0-ksvg-3.2-15.2.100mdk.i586.rpm
974b2c6f93cdc7dfd06ea67ff9f02164 10.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.2.100mdk.i586.rpm
c5977ef7a743dfd00240bbc3043d8e56 10.0/RPMS/libkdegraphics0-kuickshow-3.2-15.2.100mdk.i586.rpm
e820d02b9fb85f24ac1a6fda9de70661 10.0/RPMS/libkdegraphics0-kview-3.2-15.2.100mdk.i586.rpm
fb591c6cfe29caf42f8ae5a224138f3a 10.0/RPMS/libkdegraphics0-kview-devel-3.2-15.2.100mdk.i586.rpm
f430452370cab160119df86eb2b2b63e 10.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.2.100mdk.i586.rpm
3f22b2bdc5c9e388f8d2e264722b7d2a 10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ee02e1458dcf080047edabfdd7047e3c amd64/10.0/RPMS/kdegraphics-3.2-15.2.100mdk.amd64.rpm
65c92d7d9c5288662bdba996bf3f6d2f amd64/10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.amd64.rpm
64d471c8e414f14fa16d74f251fc3584 amd64/10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.amd64.rpm
b5749f135d53171d3eb100f0052198c4 amd64/10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.amd64.rpm
9b392ea47cf0f9aa4c2a7eb04289e0fe amd64/10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.amd64.rpm
31eed9dd801faa37e97ec9e5a9e71992 amd64/10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.amd64.rpm
11653b00fe1fea148bb07bb1675fc01d amd64/10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.amd64.rpm
870d1f006b04602c41a816355c9769eb amd64/10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.amd64.rpm
99b640d366d4f629ee18cd55df4ba37f amd64/10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.amd64.rpm
87b282af64223971d10f003c8c717714 amd64/10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.amd64.rpm
d6e2df5e9cbe67781712cc3220db4d14 amd64/10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.amd64.rpm
f68a79ffd407b44a75b3d8c83448d8c3 amd64/10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.amd64.rpm
ab67b16558cbd39eb2f6ce960f55aac8 amd64/10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.amd64.rpm
df749af5048d222370e41c91aff26353 amd64/10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.amd64.rpm
a63255ee573e2f414c8bdc8a6ea7dbc4 amd64/10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.amd64.rpm
e025d51bea713a40a0d227094bb7392f amd64/10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.amd64.rpm
8d49246916b1f89ddf1af50f804c7ee9 amd64/10.0/RPMS/lib64kdegraphics0-common-3.2-15.2.100mdk.amd64.rpm
f3ff0d16d3c9a9af87cb5c67c8888e01 amd64/10.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.2.100mdk.amd64.rpm
f240739fdae68158779b796773e9c503 amd64/10.0/RPMS/lib64kdegraphics0-kooka-3.2-15.2.100mdk.amd64.rpm
fa4378e2fa62fdc3ccb14c8c8e24f267 amd64/10.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.2.100mdk.amd64.rpm
9c6b2a5890ca2b0c16b1821b31bf612f amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.2.100mdk.amd64.rpm
7b6306d97f7e36baa7099e02682f3730 amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.amd64.rpm
2e762585ccef621055d509fa353e1e7d amd64/10.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.2.100mdk.amd64.rpm
4fec49765fbc8f6d88dd6c1960f2a2aa amd64/10.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.2.100mdk.amd64.rpm
bea91129fe97457e6585b3e83c28319f amd64/10.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.2.100mdk.amd64.rpm
0ccafa6f2645f8a1a1df72432150d49a amd64/10.0/RPMS/lib64kdegraphics0-kview-3.2-15.2.100mdk.amd64.rpm
b9ae2f1ec754c18dac81ed546a47b2f7 amd64/10.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.2.100mdk.amd64.rpm
b97aacf4697f053d74003e058783dc88 amd64/10.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.2.100mdk.amd64.rpm
3f22b2bdc5c9e388f8d2e264722b7d2a amd64/10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: gaim
Advisory ID: MDKSA-2004:110
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. There is also a buffer overflow in the way gaim handles receiving very long URLs.

The provided packages have been patched to fix these problems. These issues, amongst others, have been fixed upstream in version 0.82.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785


Updated Packages:

Mandrakelinux 10.0:
fb5e0402f4debc556bbd9415d96f9638 10.0/RPMS/gaim-0.75-5.3.100mdk.i586.rpm
9b398cc925dabbf3cdc5f2dd412d09cb 10.0/RPMS/gaim-encrypt-0.75-5.3.100mdk.i586.rpm
d27addd1e3d0392f1076cb26ff274af3 10.0/RPMS/gaim-festival-0.75-5.3.100mdk.i586.rpm
2076ce789cfd20e8a09963d7966846d6 10.0/RPMS/gaim-perl-0.75-5.3.100mdk.i586.rpm
e9bb68490f6e66f8f53602c646bfe6e8 10.0/RPMS/libgaim-remote0-0.75-5.3.100mdk.i586.rpm
1fc1fb4b90b3772b315b84c35c9a91c1 10.0/RPMS/libgaim-remote0-devel-0.75-5.3.100mdk.i586.rpm
949b9d4232202401c724cb01fc220e1e 10.0/SRPMS/gaim-0.75-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
63f64fdf9a464f06a6626b27ca7a523c amd64/10.0/RPMS/gaim-0.75-5.3.100mdk.amd64.rpm
163af8675953560f0ffc38650971fd54 amd64/10.0/RPMS/gaim-encrypt-0.75-5.3.100mdk.amd64.rpm
8361be40fdbb0ed37be46fdf99885554 amd64/10.0/RPMS/gaim-festival-0.75-5.3.100mdk.amd64.rpm
7e618514ba49b043dce5e295240f7ef9 amd64/10.0/RPMS/gaim-perl-0.75-5.3.100mdk.amd64.rpm
2d21ba0e9402576f374a710946e7eae1 amd64/10.0/RPMS/lib64gaim-remote0-0.75-5.3.100mdk.amd64.rpm
4ae450fd3b03c6efd96ea2f62d9ab0d5 amd64/10.0/RPMS/lib64gaim-remote0-devel-0.75-5.3.100mdk.amd64.rpm
949b9d4232202401c724cb01fc220e1e amd64/10.0/SRPMS/gaim-0.75-5.3.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2004:116
Date: October 21st, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code:

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CAN-2004-0888)

Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via "ps". (CAN-2004-0923)

The updated packages are patched to protect against these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923
http://www.cups.org/str.php?L920


Updated Packages:

Mandrakelinux 10.0:
404f47bf2e48e0fe5e6351fb0a51e482 10.0/RPMS/cups-1.1.20-5.3.100mdk.i586.rpm
7b4b06f845f94a076c7a5e86ac1ebd0f 10.0/RPMS/cups-common-1.1.20-5.3.100mdk.i586.rpm
86c01887240c7dc25eaa0584f6f286e0 10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.i586.rpm
0817ea1f56f41c96361723bd010f08dd 10.0/RPMS/libcups2-1.1.20-5.3.100mdk.i586.rpm
604d96d4fc8d5590310b0dfdaf95c9da 10.0/RPMS/libcups2-devel-1.1.20-5.3.100mdk.i586.rpm
f56a2a9b631ff34c6a2e1a8eb01f3690 10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e8e41e0ad06ea13c49aa4097778ef251 amd64/10.0/RPMS/cups-1.1.20-5.3.100mdk.amd64.rpm
2c76ce0c7f6985fd6cedd2b0f6ba0f67 amd64/10.0/RPMS/cups-common-1.1.20-5.3.100mdk.amd64.rpm
0f993cd224e36539c1c9938877850385 amd64/10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.amd64.rpm
ff9d25d91c01c44760aac8d1f7f36f79 amd64/10.0/RPMS/lib64cups2-1.1.20-5.3.100mdk.amd64.rpm
e72d698c6ac954e51aa05f746bbe9365 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.3.100mdk.amd64.rpm
f56a2a9b631ff34c6a2e1a8eb01f3690 amd64/10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

Corporate Server 2.1:
93ff5afeb1743f9e72ab3307b392b534 corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.i586.rpm
b29b8d51b7c0dcca6dc45143d7903cb3 corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.i586.rpm
5e3c5468ea0ab2fae1aec809daa894de corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.i586.rpm
8faf77a298ac1421bcf6c95c618303ab corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.i586.rpm
c7ac9f8314bccd7bc4b1104af279e0f1 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.i586.rpm
39b6eb02f3df6a8ac7b6ec1d9a0642a4 corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
067a8b88cf8c1377c9c6412136fc7d6b x86_64/corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.x86_64.rpm
51a15362e5f756aff3211ad343588487 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.x86_64.rpm
525f0dc8a7ef4db2ffcbe9b7d2a7d677 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.x86_64.rpm
72375896902c44ee2d5d3b3297ff8909 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.x86_64.rpm
58dd73863448021e52fbd9bf2536e4c1 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.x86_64.rpm
39b6eb02f3df6a8ac7b6ec1d9a0642a4 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

Mandrakelinux 9.2:
73897a45c5474c390adc09c32c52073e 9.2/RPMS/cups-1.1.19-10.3.92mdk.i586.rpm
35ab026be5795ef537d996dd50b3ec59 9.2/RPMS/cups-common-1.1.19-10.3.92mdk.i586.rpm
34bd630f0656b7eefa331001ebe46d07 9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.i586.rpm
dd362e1edc0774593cbb564d2fcedffb 9.2/RPMS/libcups2-1.1.19-10.3.92mdk.i586.rpm
04119307b9e5e37f36f502f3e299880c 9.2/RPMS/libcups2-devel-1.1.19-10.3.92mdk.i586.rpm
264f7c4310ff0c0bf1166374d49f5ea3 9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
a5a6317fc35c0c7ec51da2074ea59cdb amd64/9.2/RPMS/cups-1.1.19-10.3.92mdk.amd64.rpm
2de8b565958236a4cf299967187aaad1 amd64/9.2/RPMS/cups-common-1.1.19-10.3.92mdk.amd64.rpm
944995579621ce5a986459a47924370c amd64/9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.amd64.rpm
82c5aed6ab6c81a8fab48b0bd2997eb7 amd64/9.2/RPMS/lib64cups2-1.1.19-10.3.92mdk.amd64.rpm
0b99ed51e2b24aac0747334044a5730e amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.3.92mdk.amd64.rpm
264f7c4310ff0c0bf1166374d49f5ea3 amd64/9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

Multi Network Firewall 8.2:
8bfd1913756558cac4e58e7e22f2d67f mnf8.2/RPMS/libcups1-1.1.18-2.3.M82mdk.i586.rpm
a47dcb23ef45908945eff6977b4387e2 mnf8.2/SRPMS/cups-1.1.18-2.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: gpdf
Advisory ID: MDKSA-2004:114
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf:

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.

The updated packages are patched to protect against these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888


Updated Packages:

Mandrakelinux 10.0:
133d3df8bdbbb8853ed5540df8587608 10.0/RPMS/gpdf-0.112-2.2.100mdk.i586.rpm
53052a1b9209ff77cf38aa15a7210e7c 10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
a83ab4bcbff0b4ddef26af27d4aa79a4 amd64/10.0/RPMS/gpdf-0.112-2.2.100mdk.amd64.rpm
53052a1b9209ff77cf38aa15a7210e7c amd64/10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: xpdf
Advisory ID: MDKSA-2004:113
Date: October 21st, 2004
Affected versions: 10.0, Corporate Server 2.1


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package:

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CAN-2004-0888)

Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (CAN-2004-0889)

Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only.

The updated packages are patched to deal with these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889


Updated Packages:

Mandrakelinux 10.0:
9b41364f41bb8ef2b655607bc60ab9a8 10.0/RPMS/xpdf-3.00-5.2.100mdk.i586.rpm
9c8a5aa2e170428d0afc3f8e5cbf092a 10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ff780c91545babd148b1c4b4761e822d amd64/10.0/RPMS/xpdf-3.00-5.2.100mdk.amd64.rpm
9c8a5aa2e170428d0afc3f8e5cbf092a amd64/10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm

Corporate Server 2.1:
12939cf7ca98085acc4f6ba5d741a8c6 corporate/2.1/RPMS/xpdf-1.01-4.3mdk.i586.rpm
730ddc5b8c381c0ff92844dd5fe99a72 corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
5f22b8c7e2a03f4ad1d452b23348c967 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.3mdk.x86_64.rpm
730ddc5b8c381c0ff92844dd5fe99a72 x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>