---

Mandrakelinux Advisories: squid, wxGTK2, kdegraphics, gaim, cups, gpdf, xpdf


Mandrakelinux Security Update Advisory


Package name: squid
Advisory ID: MDKSA-2004:112
Date: October 21st, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network
Firewall 8.2


Problem Description:

iDEFENSE discovered a Denial of Service vulnerability in squid
version 2.5.STABLE6 and previous. The problem is due to an ASN1
parsing error where certain header length combinations can slip
through the validations performed by the ASN1 parser, leading to
the server assuming there is heap corruption or some other
exceptional condition, and closing all current connections then
restarting.

Squid 2.5.STABLE7 has been released to address this issue; the
provided packages are patched to fix the issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918


http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities


Updated Packages:

Mandrakelinux 10.0:
73fa6afb48cd0c9985ff1ca0fe4502e6
10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.i586.rpm
6c927aa442c77b743f7861b05930cf9d
10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
197673fc1350ee72516f28a1bced5125
amd64/10.0/RPMS/squid-2.5.STABLE4-2.2.100mdk.amd64.rpm
6c927aa442c77b743f7861b05930cf9d
amd64/10.0/SRPMS/squid-2.5.STABLE4-2.2.100mdk.src.rpm

Corporate Server 2.1:
d430ee037aea1e66b1bcc488e2e502ca
corporate/2.1/RPMS/squid-2.4.STABLE7-2.2.C21mdk.i586.rpm
ad5d5630905720f6e2b358430d5d366a
corporate/2.1/SRPMS/squid-2.4.STABLE7-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
4ba0032bb54a30c1d2cb221b128f9f22
x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.2.C21mdk.x86_64.rpm

ad5d5630905720f6e2b358430d5d366a
x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.2.C21mdk.src.rpm

Mandrakelinux 9.2:
a026dc8229fddb9072b9029f2cf9c0e9
9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.i586.rpm
a09fa332b5f211305012012ca24e59d2
9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
52a4d17751414ac7a5f3c091ef4b1c48
amd64/9.2/RPMS/squid-2.5.STABLE3-3.4.92mdk.amd64.rpm
a09fa332b5f211305012012ca24e59d2
amd64/9.2/SRPMS/squid-2.5.STABLE3-3.4.92mdk.src.rpm

Multi Network Firewall 8.2:
95fc106c9cd480a933b4aefab1ab2ae8
mnf8.2/RPMS/squid-2.4.STABLE7-1.3.M82mdk.i586.rpm
0895cefcfe0e7bb183502a19c37b4814
mnf8.2/SRPMS/squid-2.4.STABLE7-1.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: wxGTK2
Advisory ID: MDKSA-2004:111
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Several vulnerabilities have been discovered in the libtiff
package; wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities:

Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.
(CAN-2004-0803)

Matthias Clasen discovered a division by zero through an integer
overflow. (CAN-2004-0804)

Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption. (CAN-2004-0886)


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886


Updated Packages:

Mandrakelinux 10.0:
89c1cb672d4c3b10f82028015bc70561
10.0/RPMS/libwxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
cfce0a6e9ee754001a23ffd3c50c11db
10.0/RPMS/libwxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm

dd3cb6919ca0611c97c462acdb67b799
10.0/RPMS/libwxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
162cbe607fe645bd9cbc65d5ef7095ef
10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
757b3b2aca258ecaedef0f16a8ea85da
10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0a871df7bb36c375d779304c453f521c
amd64/10.0/RPMS/lib64wxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm

696c530bbd3fc68174a75231e68d2cee
amd64/10.0/RPMS/lib64wxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm

ae7d9e51d3a93ba6581db43b26e6b626
amd64/10.0/RPMS/lib64wxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm

f93e1b508deaa09b4ea82a272a691371
amd64/10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm

757b3b2aca258ecaedef0f16a8ea85da
amd64/10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: kdegraphics
Advisory ID: MDKSA-2004:115
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code, such
as kpdf:

Multiple integer overflow issues affecting xpdf-2.0 and
xpdf-3.0. Also programs like kpdf which have embedded versions of
xpdf. These can result in writing an arbitrary byte to an attacker
controlled location which probably could lead to arbitrary code
execution.

The updated packages are patched to protect against these
vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888


Updated Packages:

Mandrakelinux 10.0:
54d34901667194a884990df8fceda44c
10.0/RPMS/kdegraphics-3.2-15.2.100mdk.i586.rpm
c4393b2bef8977690eccc8ed51a8efca
10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.i586.rpm
edbbe2c21d81f8677f16c2956a06009c
10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.i586.rpm
b69407bdd8d350da7173f517f2f7d51e
10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.i586.rpm
cd077849e2865034b3610c9235d53819
10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.i586.rpm
3de0a548d73689a892d48a85406b8367
10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.i586.rpm
1d4eaaa7b4a47343b05004d4fc023988
10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.i586.rpm
60f70cd8d5980f74ca000903a1d71771
10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.i586.rpm
7176f1ebb79391b5fcc3d68941dccb35
10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.i586.rpm
2133d2d63704206192910570b6bc742d
10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.i586.rpm
6b21f6fea34206888c47b89d5a0536af
10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.i586.rpm
86612aea584598abec93481389525095
10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.i586.rpm
1f87a0f8ee2de982a58ad24491fc6b1e
10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.i586.rpm
e09d7392164b04b3209f6ef5f197325e
10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.i586.rpm
0681dd5bd8be3c6eaef7d26bbfd338aa
10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.i586.rpm
cc6e2ea22232cd78ac6563e636ba2b22
10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.i586.rpm
cb5026e54d040308243b9644dff42bae
10.0/RPMS/libkdegraphics0-common-3.2-15.2.100mdk.i586.rpm
6bec482da4b14188d860853db62228b5
10.0/RPMS/libkdegraphics0-common-devel-3.2-15.2.100mdk.i586.rpm
73cc1c8d2165273320375df5dc29e7c2
10.0/RPMS/libkdegraphics0-kooka-3.2-15.2.100mdk.i586.rpm
c64f9cd73ab00e9e52338e03b29cb2f4
10.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.2.100mdk.i586.rpm
425f38c7c3cc3fab66ff43d4f554c7d2
10.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.2.100mdk.i586.rpm
c33cf1d0feb1d82cc196e677a5efc758
10.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.i586.rpm

a8c9c5d367d4f85cd4f9fcc61a8a0d2d
10.0/RPMS/libkdegraphics0-ksvg-3.2-15.2.100mdk.i586.rpm
974b2c6f93cdc7dfd06ea67ff9f02164
10.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.2.100mdk.i586.rpm
c5977ef7a743dfd00240bbc3043d8e56
10.0/RPMS/libkdegraphics0-kuickshow-3.2-15.2.100mdk.i586.rpm
e820d02b9fb85f24ac1a6fda9de70661
10.0/RPMS/libkdegraphics0-kview-3.2-15.2.100mdk.i586.rpm
fb591c6cfe29caf42f8ae5a224138f3a
10.0/RPMS/libkdegraphics0-kview-devel-3.2-15.2.100mdk.i586.rpm
f430452370cab160119df86eb2b2b63e
10.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.2.100mdk.i586.rpm
3f22b2bdc5c9e388f8d2e264722b7d2a
10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ee02e1458dcf080047edabfdd7047e3c
amd64/10.0/RPMS/kdegraphics-3.2-15.2.100mdk.amd64.rpm
65c92d7d9c5288662bdba996bf3f6d2f
amd64/10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.amd64.rpm
64d471c8e414f14fa16d74f251fc3584
amd64/10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.amd64.rpm
b5749f135d53171d3eb100f0052198c4
amd64/10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.amd64.rpm
9b392ea47cf0f9aa4c2a7eb04289e0fe
amd64/10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.amd64.rpm

31eed9dd801faa37e97ec9e5a9e71992
amd64/10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.amd64.rpm
11653b00fe1fea148bb07bb1675fc01d
amd64/10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.amd64.rpm
870d1f006b04602c41a816355c9769eb
amd64/10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.amd64.rpm
99b640d366d4f629ee18cd55df4ba37f
amd64/10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.amd64.rpm
87b282af64223971d10f003c8c717714
amd64/10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.amd64.rpm

d6e2df5e9cbe67781712cc3220db4d14
amd64/10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.amd64.rpm
f68a79ffd407b44a75b3d8c83448d8c3
amd64/10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.amd64.rpm
ab67b16558cbd39eb2f6ce960f55aac8
amd64/10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.amd64.rpm
df749af5048d222370e41c91aff26353
amd64/10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.amd64.rpm
a63255ee573e2f414c8bdc8a6ea7dbc4
amd64/10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.amd64.rpm
e025d51bea713a40a0d227094bb7392f
amd64/10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.amd64.rpm

8d49246916b1f89ddf1af50f804c7ee9
amd64/10.0/RPMS/lib64kdegraphics0-common-3.2-15.2.100mdk.amd64.rpm

f3ff0d16d3c9a9af87cb5c67c8888e01
amd64/10.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.2.100mdk.amd64.rpm

f240739fdae68158779b796773e9c503
amd64/10.0/RPMS/lib64kdegraphics0-kooka-3.2-15.2.100mdk.amd64.rpm

fa4378e2fa62fdc3ccb14c8c8e24f267
amd64/10.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.2.100mdk.amd64.rpm

9c6b2a5890ca2b0c16b1821b31bf612f
amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.2.100mdk.amd64.rpm

7b6306d97f7e36baa7099e02682f3730
amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.amd64.rpm

2e762585ccef621055d509fa353e1e7d
amd64/10.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.2.100mdk.amd64.rpm

4fec49765fbc8f6d88dd6c1960f2a2aa
amd64/10.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.2.100mdk.amd64.rpm

bea91129fe97457e6585b3e83c28319f
amd64/10.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.2.100mdk.amd64.rpm

0ccafa6f2645f8a1a1df72432150d49a
amd64/10.0/RPMS/lib64kdegraphics0-kview-3.2-15.2.100mdk.amd64.rpm

b9ae2f1ec754c18dac81ed546a47b2f7
amd64/10.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.2.100mdk.amd64.rpm

b97aacf4697f053d74003e058783dc88
amd64/10.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.2.100mdk.amd64.rpm

3f22b2bdc5c9e388f8d2e264722b7d2a
amd64/10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: gaim
Advisory ID: MDKSA-2004:110
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

More vulnerabilities have been discovered in the gaim instant
messenger client. The vulnerabilities pertinent to version 0.75,
which is the version shipped with Mandrakelinux 10.0, are:
installing smiley themes could allow remote attackers to execute
arbitrary commands via shell metacharacters in the filename of the
tar file that is dragged to the smiley selector. There is also a
buffer overflow in the way gaim handles receiving very long
URLs.

The provided packages have been patched to fix these problems.
These issues, amongst others, have been fixed upstream in version
0.82.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785


Updated Packages:

Mandrakelinux 10.0:
fb5e0402f4debc556bbd9415d96f9638
10.0/RPMS/gaim-0.75-5.3.100mdk.i586.rpm
9b398cc925dabbf3cdc5f2dd412d09cb
10.0/RPMS/gaim-encrypt-0.75-5.3.100mdk.i586.rpm
d27addd1e3d0392f1076cb26ff274af3
10.0/RPMS/gaim-festival-0.75-5.3.100mdk.i586.rpm
2076ce789cfd20e8a09963d7966846d6
10.0/RPMS/gaim-perl-0.75-5.3.100mdk.i586.rpm
e9bb68490f6e66f8f53602c646bfe6e8
10.0/RPMS/libgaim-remote0-0.75-5.3.100mdk.i586.rpm
1fc1fb4b90b3772b315b84c35c9a91c1
10.0/RPMS/libgaim-remote0-devel-0.75-5.3.100mdk.i586.rpm
949b9d4232202401c724cb01fc220e1e
10.0/SRPMS/gaim-0.75-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
63f64fdf9a464f06a6626b27ca7a523c
amd64/10.0/RPMS/gaim-0.75-5.3.100mdk.amd64.rpm
163af8675953560f0ffc38650971fd54
amd64/10.0/RPMS/gaim-encrypt-0.75-5.3.100mdk.amd64.rpm
8361be40fdbb0ed37be46fdf99885554
amd64/10.0/RPMS/gaim-festival-0.75-5.3.100mdk.amd64.rpm
7e618514ba49b043dce5e295240f7ef9
amd64/10.0/RPMS/gaim-perl-0.75-5.3.100mdk.amd64.rpm
2d21ba0e9402576f374a710946e7eae1
amd64/10.0/RPMS/lib64gaim-remote0-0.75-5.3.100mdk.amd64.rpm
4ae450fd3b03c6efd96ea2f62d9ab0d5
amd64/10.0/RPMS/lib64gaim-remote0-devel-0.75-5.3.100mdk.amd64.rpm

949b9d4232202401c724cb01fc220e1e
amd64/10.0/SRPMS/gaim-0.75-5.3.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2004:116
Date: October 21st, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network
Firewall 8.2


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code:

Multiple integer overflow issues affecting xpdf-2.0 and
xpdf-3.0. Also programs like cups which have embedded versions of
xpdf. These can result in writing an arbitrary byte to an attacker
controlled location which probably could lead to arbitrary code
execution. (CAN-2004-0888)

Also, when CUPS debugging is enabled, device URIs containing
username and password end up in error_log. This information is also
visible via “ps”. (CAN-2004-0923)

The updated packages are patched to protect against these
vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923

http://www.cups.org/str.php?L920


Updated Packages:

Mandrakelinux 10.0:
404f47bf2e48e0fe5e6351fb0a51e482
10.0/RPMS/cups-1.1.20-5.3.100mdk.i586.rpm
7b4b06f845f94a076c7a5e86ac1ebd0f
10.0/RPMS/cups-common-1.1.20-5.3.100mdk.i586.rpm
86c01887240c7dc25eaa0584f6f286e0
10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.i586.rpm
0817ea1f56f41c96361723bd010f08dd
10.0/RPMS/libcups2-1.1.20-5.3.100mdk.i586.rpm
604d96d4fc8d5590310b0dfdaf95c9da
10.0/RPMS/libcups2-devel-1.1.20-5.3.100mdk.i586.rpm
f56a2a9b631ff34c6a2e1a8eb01f3690
10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e8e41e0ad06ea13c49aa4097778ef251
amd64/10.0/RPMS/cups-1.1.20-5.3.100mdk.amd64.rpm
2c76ce0c7f6985fd6cedd2b0f6ba0f67
amd64/10.0/RPMS/cups-common-1.1.20-5.3.100mdk.amd64.rpm
0f993cd224e36539c1c9938877850385
amd64/10.0/RPMS/cups-serial-1.1.20-5.3.100mdk.amd64.rpm
ff9d25d91c01c44760aac8d1f7f36f79
amd64/10.0/RPMS/lib64cups2-1.1.20-5.3.100mdk.amd64.rpm
e72d698c6ac954e51aa05f746bbe9365
amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.3.100mdk.amd64.rpm
f56a2a9b631ff34c6a2e1a8eb01f3690
amd64/10.0/SRPMS/cups-1.1.20-5.3.100mdk.src.rpm

Corporate Server 2.1:
93ff5afeb1743f9e72ab3307b392b534
corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.i586.rpm
b29b8d51b7c0dcca6dc45143d7903cb3
corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.i586.rpm
5e3c5468ea0ab2fae1aec809daa894de
corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.i586.rpm
8faf77a298ac1421bcf6c95c618303ab
corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.i586.rpm
c7ac9f8314bccd7bc4b1104af279e0f1
corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.i586.rpm
39b6eb02f3df6a8ac7b6ec1d9a0642a4
corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
067a8b88cf8c1377c9c6412136fc7d6b
x86_64/corporate/2.1/RPMS/cups-1.1.18-2.5.C21mdk.x86_64.rpm
51a15362e5f756aff3211ad343588487
x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.5.C21mdk.x86_64.rpm

525f0dc8a7ef4db2ffcbe9b7d2a7d677
x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.5.C21mdk.x86_64.rpm

72375896902c44ee2d5d3b3297ff8909
x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.5.C21mdk.x86_64.rpm
58dd73863448021e52fbd9bf2536e4c1
x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.5.C21mdk.x86_64.rpm

39b6eb02f3df6a8ac7b6ec1d9a0642a4
x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.5.C21mdk.src.rpm

Mandrakelinux 9.2:
73897a45c5474c390adc09c32c52073e
9.2/RPMS/cups-1.1.19-10.3.92mdk.i586.rpm
35ab026be5795ef537d996dd50b3ec59
9.2/RPMS/cups-common-1.1.19-10.3.92mdk.i586.rpm
34bd630f0656b7eefa331001ebe46d07
9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.i586.rpm
dd362e1edc0774593cbb564d2fcedffb
9.2/RPMS/libcups2-1.1.19-10.3.92mdk.i586.rpm
04119307b9e5e37f36f502f3e299880c
9.2/RPMS/libcups2-devel-1.1.19-10.3.92mdk.i586.rpm
264f7c4310ff0c0bf1166374d49f5ea3
9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
a5a6317fc35c0c7ec51da2074ea59cdb
amd64/9.2/RPMS/cups-1.1.19-10.3.92mdk.amd64.rpm
2de8b565958236a4cf299967187aaad1
amd64/9.2/RPMS/cups-common-1.1.19-10.3.92mdk.amd64.rpm
944995579621ce5a986459a47924370c
amd64/9.2/RPMS/cups-serial-1.1.19-10.3.92mdk.amd64.rpm
82c5aed6ab6c81a8fab48b0bd2997eb7
amd64/9.2/RPMS/lib64cups2-1.1.19-10.3.92mdk.amd64.rpm
0b99ed51e2b24aac0747334044a5730e
amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.3.92mdk.amd64.rpm
264f7c4310ff0c0bf1166374d49f5ea3
amd64/9.2/SRPMS/cups-1.1.19-10.3.92mdk.src.rpm

Multi Network Firewall 8.2:
8bfd1913756558cac4e58e7e22f2d67f
mnf8.2/RPMS/libcups1-1.1.18-2.3.M82mdk.i586.rpm
a47dcb23ef45908945eff6977b4387e2
mnf8.2/SRPMS/cups-1.1.18-2.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: gpdf
Advisory ID: MDKSA-2004:114
Date: October 21st, 2004
Affected versions: 10.0


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code, such
as gpdf:

Multiple integer overflow issues affecting xpdf-2.0 and
xpdf-3.0. Also programs like gpdf which have embedded versions of
xpdf. These can result in writing an arbitrary byte to an attacker
controlled location which probably could lead to arbitrary code
execution.

The updated packages are patched to protect against these
vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888


Updated Packages:

Mandrakelinux 10.0:
133d3df8bdbbb8853ed5540df8587608
10.0/RPMS/gpdf-0.112-2.2.100mdk.i586.rpm
53052a1b9209ff77cf38aa15a7210e7c
10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
a83ab4bcbff0b4ddef26af27d4aa79a4
amd64/10.0/RPMS/gpdf-0.112-2.2.100mdk.amd64.rpm
53052a1b9209ff77cf38aa15a7210e7c
amd64/10.0/SRPMS/gpdf-0.112-2.2.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: xpdf
Advisory ID: MDKSA-2004:113
Date: October 21st, 2004
Affected versions: 10.0, Corporate Server 2.1


Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf
package:

Multiple integer overflow issues affecting xpdf-2.0 and
xpdf-3.0. Also programs like cups which have embedded versions of
xpdf. These can result in writing an arbitrary byte to an attacker
controlled location which probably could lead to arbitrary code
execution. (CAN-2004-0888)

Multiple integer overflow issues affecting xpdf-3.0 only. These
can result in DoS or possibly arbitrary code execution.
(CAN-2004-0889)

Chris also discovered issues with infinite loop logic error
affecting xpdf-3.0 only.

The updated packages are patched to deal with these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889


Updated Packages:

Mandrakelinux 10.0:
9b41364f41bb8ef2b655607bc60ab9a8
10.0/RPMS/xpdf-3.00-5.2.100mdk.i586.rpm
9c8a5aa2e170428d0afc3f8e5cbf092a
10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ff780c91545babd148b1c4b4761e822d
amd64/10.0/RPMS/xpdf-3.00-5.2.100mdk.amd64.rpm
9c8a5aa2e170428d0afc3f8e5cbf092a
amd64/10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm

Corporate Server 2.1:
12939cf7ca98085acc4f6ba5d741a8c6
corporate/2.1/RPMS/xpdf-1.01-4.3mdk.i586.rpm
730ddc5b8c381c0ff92844dd5fe99a72
corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
5f22b8c7e2a03f4ad1d452b23348c967
x86_64/corporate/2.1/RPMS/xpdf-1.01-4.3mdk.x86_64.rpm
730ddc5b8c381c0ff92844dd5fe99a72
x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>