cups-1.3.7-8.4.1AXS3

エラータID: AXSA:2009-44:01

Release date: 
Tuesday, April 28, 2009 - 15:50
Subject: 
cups-1.3.7-8.4.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
Bugs fixed:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0163
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-0799
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2009-0800
Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1179
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1180
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
CVE-2009-1181
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

Solution: 

Update packages.

CVEs: 
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
CVE-2009-0163
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-0799
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2009-0800
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1179
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1180
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
CVE-2009-1181
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Additional Info: 

N/A

Download: 

SRPMS
  1. cups-1.3.7-8.4.1AXS3.src.rpm
    MD5: 739a0acdb608bd84b38b5be0fd19a90d
    SHA-256: f7dceb1a89c43bb0a7f5cb975a43c50e2886cfa8c3b9058c017d02425ef6cc8c
    Size: 4.16 MB

Asianux Server 3 for x86
  1. cups-1.3.7-8.4.1AXS3.i386.rpm
    MD5: 7d96a917789d0b165a59e48b86bbb546
    SHA-256: e2308e6f40ac384328b7add43831abd856eaf74e981cd7476922cc8cda5529b2
    Size: 3.85 MB
  2. cups-devel-1.3.7-8.4.1AXS3.i386.rpm
    MD5: 820ebdbc3268488bbc78d3729637bf2e
    SHA-256: b50987bb28b72c6c8d15ef48a479c7697900d496197be528d599c60b0ac15915
    Size: 73.78 kB
  3. cups-libs-1.3.7-8.4.1AXS3.i386.rpm
    MD5: f6ccaea3721c0a14cbf0915b9400dc93
    SHA-256: 1a48110b7dad9528c0ebe4f7f7260106dfbd86b54f6cd909284186d94ab17516
    Size: 194.44 kB

Asianux Server 3 for x86_64
  1. cups-1.3.7-8.4.1AXS3.x86_64.rpm
    MD5: 8058d09c767fbcfab404b0325cafdcfc
    SHA-256: 7ddae116227f8bf99c4bd2a01ce7fdc70de950c835f7fc1c874f0cc6f85b8a43
    Size: 3.88 MB
  2. cups-devel-1.3.7-8.4.1AXS3.x86_64.rpm
    MD5: 9ecd8be12f352e9d3787b694c5730db6
    SHA-256: e5e2a8a121af07cd78a68ed7c8baaa75d866bb428d8125d430163429bac8c8d2
    Size: 73.66 kB
  3. cups-libs-1.3.7-8.4.1AXS3.x86_64.rpm
    MD5: 2f3466e239a103fe6a1f2e7469bbeae5
    SHA-256: 8aa4e23dc9e4b05fd8111f7b8ce9f34fea1d2605fe542a98d0a52d8e4a412bb0
    Size: 189.85 kB