cups-1.4.2-67.1.0.1.AXS4
エラータID: AXSA:2015-156:01
リリース日:
2015/06/18 Thursday - 18:05
題名:
cups-1.4.2-67.1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CUPS の filter/raster.c の cupsRasterReadPixels 関数には整数アンダーフローが存在し,バッファーオーバーフローにつながる不正な圧縮されたラスタファイルによって,詳細不明な影響を与える脆弱性があります。(CVE-2014-9679)
- 現時点では CVE-2015-1158, CVE-2015-1159 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-9679
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.4.2-67.1.0.1.AXS4.src.rpm
MD5: 0d17627e7340b9cf0c5a8b360b6bdb24
SHA-256: 3647b63936f0394b96037babfa4d26f3cbb4b723781960e9020a7dc00ac1cf65
Size: 4.44 MB
Asianux Server 4 for x86
- cups-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: 5802da44b5f9a96aadf25975a4ca722f
SHA-256: c91a42b944316ab014789736b4b8fa6149e2e3566c063bc3c3dd1955f9eac485
Size: 2.29 MB - cups-devel-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: eab5dcfa6f4e22ae0175a1bcd4781b33
SHA-256: 258cc0b26ac83afe137239a774ec6b208d9c0ba6633e12411c88d0c557543e83
Size: 110.88 kB - cups-libs-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: b23b8ba0ab870adff06d6cbc9780cc36
SHA-256: 1c81ec0e98952377ac8a7fea28c8dcaf2eef17f7d68b84e6f69d84f4c3a7681f
Size: 329.31 kB - cups-lpd-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: dedde589dfc27018a5395916a379912c
SHA-256: 01fb9a2a609ed31935629d88a131308a691420ba92f50a9a8ae90cee61c7bd73
Size: 83.91 kB
Asianux Server 4 for x86_64
- cups-1.4.2-67.1.0.1.AXS4.x86_64.rpm
MD5: 6c60269093725f40e316abc8f93c940b
SHA-256: 7b123f215513f714dd263c95f3cc7015443f3994f1de158f434b2089780c2ac2
Size: 2.29 MB - cups-devel-1.4.2-67.1.0.1.AXS4.x86_64.rpm
MD5: 3f1774a1f663aac06c31cb3971a609d1
SHA-256: 6809db0c22a1b4685ec4e2f0de4422c6cd9704ab0d389c25aa03f4e8042cb2ca
Size: 110.50 kB - cups-libs-1.4.2-67.1.0.1.AXS4.x86_64.rpm
MD5: 89815fd8d0339511520d3b3d83b56b4b
SHA-256: e492aaa63a210601472672d9efcc334cbbf998b8d6133e5b9fb1ccac45d9b53d
Size: 319.09 kB - cups-lpd-1.4.2-67.1.0.1.AXS4.x86_64.rpm
MD5: 0f9d6cc2934ad64ad8c2ed2a50129ef2
SHA-256: 9b1d49c589b28f873dfa3a25c863f143ef5823b3ba4286e3f06837e3c57c7742
Size: 83.57 kB - cups-devel-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: eab5dcfa6f4e22ae0175a1bcd4781b33
SHA-256: 258cc0b26ac83afe137239a774ec6b208d9c0ba6633e12411c88d0c557543e83
Size: 110.88 kB - cups-libs-1.4.2-67.1.0.1.AXS4.i686.rpm
MD5: b23b8ba0ab870adff06d6cbc9780cc36
SHA-256: 1c81ec0e98952377ac8a7fea28c8dcaf2eef17f7d68b84e6f69d84f4c3a7681f
Size: 329.31 kB