cups-1.3.7-8.4.1AXS3
エラータID: AXSA:2009-44:01
リリース日:
2009/04/28 Tuesday - 15:50
題名:
cups-1.3.7-8.4.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- cupsの JBIG2 デコーダには複数のバッファオーバーフロー、複数の整数オーバーフロー、ヒープベースバッファオーバーフローが存在し、リモートの攻撃者が巧妙に作られた PDFファイルによってサービス拒否 (クラッシュ)を引き起こす脆弱性があります。(CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-1179)
- cupsの TIFF イメージデコーディングルーチンには整数オーバーフローの問題が存在し、巧妙に作られた TIFF ファイルによってリモートの攻撃者がサービス拒否 (デーモンのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-0163)
- cupsの JBIG2 デコーダにはリモートの攻撃者が巧妙に作られた PDFファイルによってサービス拒否 (クラッシュ)を引き起こす脆弱性があります。(CVE-2009-0799)
- cups の JBIG2 デコーダには入力検証に複数の問題があり、巧妙に作られたPDF ファイルによって任意のコードを実行される脆弱性があります。(CVE-2009-0800)
- cupsの JBIG2 デコーダには巧妙に作られた PDFファイルによってリモートの攻撃者が任意のコードを実行したり、サービス拒否 (クラッシュ) を引き起こす脆弱性があります。(CVE-2009-1180, CVE-2009-1181)
- cups の JBIG2 MMR デコーダには巧妙に作られた PDF ファイルによって、リモートの攻撃者が任意のコードを実行したり、サービス拒否 (無限ループやハングアップ) を引き起こす脆弱性があります。(CVE-2009-1182, CVE-2009-1183)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
CVE-2009-0163
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-0799
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2009-0800
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1179
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1180
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
CVE-2009-1181
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.3.7-8.4.1AXS3.src.rpm
MD5: 739a0acdb608bd84b38b5be0fd19a90d
SHA-256: f7dceb1a89c43bb0a7f5cb975a43c50e2886cfa8c3b9058c017d02425ef6cc8c
Size: 4.16 MB
Asianux Server 3 for x86
- cups-1.3.7-8.4.1AXS3.i386.rpm
MD5: 7d96a917789d0b165a59e48b86bbb546
SHA-256: e2308e6f40ac384328b7add43831abd856eaf74e981cd7476922cc8cda5529b2
Size: 3.85 MB - cups-devel-1.3.7-8.4.1AXS3.i386.rpm
MD5: 820ebdbc3268488bbc78d3729637bf2e
SHA-256: b50987bb28b72c6c8d15ef48a479c7697900d496197be528d599c60b0ac15915
Size: 73.78 kB - cups-libs-1.3.7-8.4.1AXS3.i386.rpm
MD5: f6ccaea3721c0a14cbf0915b9400dc93
SHA-256: 1a48110b7dad9528c0ebe4f7f7260106dfbd86b54f6cd909284186d94ab17516
Size: 194.44 kB
Asianux Server 3 for x86_64
- cups-1.3.7-8.4.1AXS3.x86_64.rpm
MD5: 8058d09c767fbcfab404b0325cafdcfc
SHA-256: 7ddae116227f8bf99c4bd2a01ce7fdc70de950c835f7fc1c874f0cc6f85b8a43
Size: 3.88 MB - cups-devel-1.3.7-8.4.1AXS3.x86_64.rpm
MD5: 9ecd8be12f352e9d3787b694c5730db6
SHA-256: e5e2a8a121af07cd78a68ed7c8baaa75d866bb428d8125d430163429bac8c8d2
Size: 73.66 kB - cups-libs-1.3.7-8.4.1AXS3.x86_64.rpm
MD5: 2f3466e239a103fe6a1f2e7469bbeae5
SHA-256: 8aa4e23dc9e4b05fd8111f7b8ce9f34fea1d2605fe542a98d0a52d8e4a412bb0
Size: 189.85 kB