Mandrakelinux Security Update Advisory
Package name: printer-drivers
Advisory ID: MDKSA-2004:094
Date: September 15th, 2004
Affected versions: 10.0, 9.2
Problem Description:
The foomatic-rip filter, which is part of foomatic-filters
package, contains a vulnerability that allows anyone with access to
CUPS, local or remote, to execute arbitrary commands on the server.
The updated packages provide a fixed foomatic-rip filter that
prevents this kind of abuse.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
Updated Packages:
Mandrakelinux 10.0:
5b60d06dd30d734ac047d3ee6f6dc772
10.0/RPMS/cups-drivers-1.1-138.2.100mdk.i586.rpm
b054fe649f49aaf755d14b797b5b6601
10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.i586.rpm
db087f03bd7c8725808e9b72ad328109
10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.i586.rpm
bc8d8726f556bf49d28dac6d60131b96
10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.i586.rpm
36a87460cc5d6ea62a90b73536e904f2
10.0/RPMS/ghostscript-7.07-19.2.100mdk.i586.rpm
dd3a8164ed4959f87d8a737f7bc84b01
10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.i586.rpm
b584cf81006355ccd974cf8845c383ca
10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.i586.rpm
2a680b3686870b96498a6c2fb0aa684b
10.0/RPMS/libgimpprint1-4.2.7-2.2.100mdk.i586.rpm
e116225a8e807e81e2f94bfa5bdfd2a8
10.0/RPMS/libgimpprint1-devel-4.2.7-2.2.100mdk.i586.rpm
0de919bcb4588874ce8937257af9c699
10.0/RPMS/libijs0-0.34-76.2.100mdk.i586.rpm
1b44c0ef21bea8d59ecba973b681f0c0
10.0/RPMS/libijs0-devel-0.34-76.2.100mdk.i586.rpm
152791cb0b54d88d66870dd190007709
10.0/RPMS/printer-filters-1.0-138.2.100mdk.i586.rpm
94849ae591daa6abb27c329262d34510
10.0/RPMS/printer-testpages-1.0-138.2.100mdk.i586.rpm
817bb3003924bda9143a4ba9fc41f07b
10.0/RPMS/printer-utils-1.0-138.2.100mdk.i586.rpm
252ce79ceeb44363fcca69e8fae3124f
10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
f77b65e84043e7e426127724e6c926fd
amd64/10.0/RPMS/cups-drivers-1.1-138.2.100mdk.amd64.rpm
5f74d92859cd3423ffa69e88dfb397fb
amd64/10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
cbc7f870d50c30cdaaa3318ffd9f7cfa
amd64/10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
513edd72b47ea666813d98bf9572ae10
amd64/10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
1656f00628486bddffefc924acdb4bfe
amd64/10.0/RPMS/ghostscript-7.07-19.2.100mdk.amd64.rpm
4fbad78a6df7915e83d9cb20a6d59939
amd64/10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.amd64.rpm
ad6683d164413b5ca4571a40e78df9f3
amd64/10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.amd64.rpm
f9745491ae1a8f0634107cd7f41d76b2
amd64/10.0/RPMS/lib64gimpprint1-4.2.7-2.2.100mdk.amd64.rpm
0c7f9f7109ef86406c0d32191aa77fc2
amd64/10.0/RPMS/lib64gimpprint1-devel-4.2.7-2.2.100mdk.amd64.rpm
d8b8c565cb72e876aceda04de4ad2832
amd64/10.0/RPMS/lib64ijs0-0.34-76.2.100mdk.amd64.rpm
ed95b407652ab7064837399003bb9553
amd64/10.0/RPMS/lib64ijs0-devel-0.34-76.2.100mdk.amd64.rpm
462a427f75ccf5d024c793eb829ae025
amd64/10.0/RPMS/printer-filters-1.0-138.2.100mdk.amd64.rpm
bcad49c7a9063a7856473b1ce969e36b
amd64/10.0/RPMS/printer-testpages-1.0-138.2.100mdk.amd64.rpm
37339dff70409896959a6f4d4b8af1e7
amd64/10.0/RPMS/printer-utils-1.0-138.2.100mdk.amd64.rpm
252ce79ceeb44363fcca69e8fae3124f
amd64/10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm
Mandrakelinux 9.2:
e46b265555a2075d363d746933e88870
9.2/RPMS/cups-drivers-1.1-116.1.92mdk.i586.rpm
f2e8df86c2cc434c6b3a2d788b22069b
9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.i586.rpm
452cc2b7a3d3dfae90818f2c70112c75
9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.i586.rpm
4d3926f1a28c1d958e453d01a1708811
9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.i586.rpm
b83e8b68601c4c576e4354229f541092
9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.i586.rpm
ea2f04d7cb9a17ed26e5c0c71711c54c
9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.i586.rpm
488ad952dc1560ce2b2eba223f692ae1
9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.i586.rpm
e491c8a7e4fc6edbf205c4539d50806d
9.2/RPMS/libgimpprint1-4.2.5-30.1.92mdk.i586.rpm
4e2d702a616369ef122b16a112923c3c
9.2/RPMS/libgimpprint1-devel-4.2.5-30.1.92mdk.i586.rpm
f9a5f949e4342b550a52112aba77fdde
9.2/RPMS/libijs0-0.34-56.1.92mdk.i586.rpm
4bf9b3b6b6f210490dd74771f81929e8
9.2/RPMS/libijs0-devel-0.34-56.1.92mdk.i586.rpm
b8145f433d635d70228438401fba14d2
9.2/RPMS/omni-0.7.2-32.1.92mdk.i586.rpm
43850e0a55dadfd65ddbfbf3a0234264
9.2/RPMS/printer-filters-1.0-116.1.92mdk.i586.rpm
c5baf817bd47ba680733f87b546f0b2a
9.2/RPMS/printer-testpages-1.0-116.1.92mdk.i586.rpm
0e0de87f4facbb33d9716c22f6c53a0e
9.2/RPMS/printer-utils-1.0-116.1.92mdk.i586.rpm
3ac289d0ad9ccbae59ffbbff1d0ef6d0
9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
3805d72ab483ca73c17ec668fcfea260
amd64/9.2/RPMS/cups-drivers-1.1-116.1.92mdk.amd64.rpm
4120e7ae8d18452e0d010d9f6dad68ab
amd64/9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.amd64.rpm
541fb6b621453eb2f2eb4cd3cc66bdb6
amd64/9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.amd64.rpm
120453007ef1d4e2201f47bc9b435b6f
amd64/9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.amd64.rpm
ba54c898100a7e8f8a648ab6be4dff4a
amd64/9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.amd64.rpm
0088c1cad9cb1c5a3dcdfec551d1b436
amd64/9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.amd64.rpm
ef2d193c0209974f5dc519824d4ce6ef
amd64/9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.amd64.rpm
7e9d6e3afd9e6f55f518693d00da089a
amd64/9.2/RPMS/lib64gimpprint1-4.2.5-30.1.92mdk.amd64.rpm
b76c616669975e31b4c207edad6a64e2
amd64/9.2/RPMS/lib64gimpprint1-devel-4.2.5-30.1.92mdk.amd64.rpm
f117b249358c122cd42c86ea0ba671f6
amd64/9.2/RPMS/lib64ijs0-0.34-56.1.92mdk.amd64.rpm
9ef6acb512d398a9e68fbc52436206ca
amd64/9.2/RPMS/lib64ijs0-devel-0.34-56.1.92mdk.amd64.rpm
3cf204dea9e41a3c421e30b632ff620e
amd64/9.2/RPMS/omni-0.7.2-32.1.92mdk.amd64.rpm
ee634dcbe58b639f6573f4b1f735ef94
amd64/9.2/RPMS/printer-filters-1.0-116.1.92mdk.amd64.rpm
a8ce95c71a3c7a1588168fe71c72aa3f
amd64/9.2/RPMS/printer-testpages-1.0-116.1.92mdk.amd64.rpm
1953aeb5c4e92e4e2c991ffabb27bbea
amd64/9.2/RPMS/printer-utils-1.0-116.1.92mdk.amd64.rpm
3ac289d0ad9ccbae59ffbbff1d0ef6d0
amd64/9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
Mandrakelinux Security Update Advisory
Package name: gdk-pixbuf
Advisory ID: MDKSA-2004:095
Date: September 15th, 2004
Affected versions: 10.0, 9.2
Problem Description:
A vulnerability was found in the gdk-pixbug bmp loader where a
bad BMP image could send the bmp loader into an infinite loop
(CAN-2004-0753).
Chris Evans found a heap-based overflow and a stack-based
overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and
CAN-2004-0783).
Chris Evans also discovered an integer overflow in the ico
loader of gdk-pixbuf (CAN-2004-0788).
All four problems have been corrected in these updated
packages.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788
Updated Packages:
Mandrakelinux 10.0:
f4ffbb227e070e7aace9ff3453c2a9e4
10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.1.100mdk.i586.rpm
840fb0f158f3b2aa31a0fffd32d61c95
10.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.1.100mdk.i586.rpm
a9d68383ba8d8a1ef6d268f5b1564b5e
10.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.1.100mdk.i586.rpm
cdae96796308a0bd13abb2326b6c7d78
10.0/RPMS/libgdk-pixbuf2-0.22.0-2.1.100mdk.i586.rpm
c0b067a672f8e5e0d0d8c3aec3c00c99
10.0/RPMS/libgdk-pixbuf2-devel-0.22.0-2.1.100mdk.i586.rpm
89c3c1a2fe969ccdfda42018375fc64b
10.0/SRPMS/gdk-pixbuf-0.22.0-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
bd4abe68b479da8b4bece492660ddd41
amd64/10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.1.100mdk.amd64.rpm
17eaa5527c3fe0686a3c4e438b619690
amd64/10.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.1.100mdk.amd64.rpm
0d70373e01871748ed0cab603d57b497
amd64/10.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.1.100mdk.amd64.rpm
0254d717bf8124dbd81cd8e0fa7c2c51
amd64/10.0/RPMS/lib64gdk-pixbuf2-0.22.0-2.1.100mdk.amd64.rpm
c4ec20acf29b206c818120cfadfc9d8d
amd64/10.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.1.100mdk.amd64.rpm
89c3c1a2fe969ccdfda42018375fc64b
amd64/10.0/SRPMS/gdk-pixbuf-0.22.0-2.1.100mdk.src.rpm
Mandrakelinux 9.2:
5b14a4d5b7926db20d436ddbc9991448
9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.1.92mdk.i586.rpm
aba9d39e7b5dfc2ef8dec18307358f6f
9.2/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.1.92mdk.i586.rpm
d80cbaf22163a248bd35c6d1b3fac2c3
9.2/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.1.92mdk.i586.rpm
bfe975ea60b0c7bf6556a4c174850676
9.2/RPMS/libgdk-pixbuf2-0.22.0-2.1.92mdk.i586.rpm
0521148ae973bffab1375da9cb91b1ea
9.2/RPMS/libgdk-pixbuf2-devel-0.22.0-2.1.92mdk.i586.rpm
dee3f2d2738f850c79c938df7ac7c8f8
9.2/SRPMS/gdk-pixbuf-0.22.0-2.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
1f1cb7ad69ba3dd98a517370430f74e7
amd64/9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.1.92mdk.amd64.rpm
59a41e35d449fc6ecc4d3bb061403d25
amd64/9.2/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.1.92mdk.amd64.rpm
76c038a1d28272b6341835dd723ccea2
amd64/9.2/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.1.92mdk.amd64.rpm
8a54916d945401bb5c57d6f1e6c525c1
amd64/9.2/RPMS/lib64gdk-pixbuf2-0.22.0-2.1.92mdk.amd64.rpm
48c50fca72679e4643df8ea0b4d0bf39
amd64/9.2/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.1.92mdk.amd64.rpm
dee3f2d2738f850c79c938df7ac7c8f8
amd64/9.2/SRPMS/gdk-pixbuf-0.22.0-2.1.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
Mandrakelinux Security Update Advisory
Package name: squid
Advisory ID: MDKSA-2004:093
Date: September 15th, 2004
Affected versions: 10.0, 9.2
Problem Description:
A vulnerability in the NTLM helpers in squid 2.5 could allow for
malformed NTLMSSP packets to crash squid, resulting in a DoS. The
provided packages have been patched to prevent this problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832
http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
Updated Packages:
Mandrakelinux 10.0:
a97e24902f95afb896e1387124be81cd
10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.i586.rpm
92bc96caf7e5ccaed6250833b8c4dcdc
10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
48a9ee3a6e7b427240fc35a04b569b06
amd64/10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.amd64.rpm
92bc96caf7e5ccaed6250833b8c4dcdc
amd64/10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm
Mandrakelinux 9.2:
ad5b562c41b764f1807bcfa4203b7f22
9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.i586.rpm
72d8e8215f7da363d28883f4a4a6d13b
9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ef8de99bad97ad623f584fcf4eaa3962
amd64/9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.amd64.rpm
72d8e8215f7da363d28883f4a4a6d13b
amd64/9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>