(Red Hat Issues Fix for CUPS) Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018915 |
|
SecurityTracker URL: http://securitytracker.com/id/1018915
|
|
CVE Reference:
CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
(Links to External Site)
|
Date: Nov 8 2007
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Several vulnerabilities were reported in Xpdf. A remote user can cause arbitrary code to be executed on the target user's system. CUPS is affected.
A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted Type 1 font filename can trigger a flaw in the t1lib library and cause code execution [CVE-2007-4033]
Specially crafted data can trigger a memory corruption error in the DCTStream::readProgressiveDataUnit() function in 'xpdf/Stream.cc' [CVE-2007-4352].
Specially crafted data can trigger an integer overflow in the DCTStream::reset() function in 'xpdf/Stream.cc' [CVE-2007-5392].
A specially crafted CCITTFaxDecode filter can trigger a heap overflow in the CCITTFaxStream::lookChar() function in 'xpdf/Stream.cc' [CVE-2007-5393].
The vendor was notified on October 17, 2007.
Alin Rad Pop of Secunia Research reported three of these vulnerabilities. r0ut3r discovered one of these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
Red Hat has released a fix for CVE-2007-4352, CVE-2007-5392, and CVE-2007-5393 for CUPS, which is affected by this vulnerability.
The Red Hat advisory is available at:
https://rhn.redhat.com/errata/RHSA-2007-1021.html
|
Cause:
Access control error, Boundary error
|
Underlying OS:
Linux (Red Hat Enterprise)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 7 Nov 2007 12:47:27 -0500
Subject: [RHSA-2007:1021-01] Important: cups security update
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: cups security update
Advisory ID: RHSA-2007:1021-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1021.html
Issue date: 2007-11-07
Updated on: 2007-11-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
- ---------------------------------------------------------------------
1. Summary:
Updated CUPS packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.
Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm
i386:
0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm
x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm
i386:
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
x86_64:
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm
i386:
0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm
ia64:
6d6d5b2c9bb192c0221fab51ca406e54 cups-1.2.4-11.14.el5_1.3.ia64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1fd9e56a67d23a794bfe4d6f92eb74ac cups-debuginfo-1.2.4-11.14.el5_1.3.ia64.rpm
f8993c91631e1cb221053970359a15c3 cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
b563493fa5c9938711246df30849740e cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm
fbeff7413bedcb74acd9691ffd34ec16 cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm
ppc:
568c33780523d8934fd44cb8b38572f7 cups-1.2.4-11.14.el5_1.3.ppc.rpm
89302dadc2de2e1fd067c1468244d9d4 cups-debuginfo-1.2.4-11.14.el5_1.3.ppc.rpm
b6eba796dede6c33f28887f142ec197b cups-debuginfo-1.2.4-11.14.el5_1.3.ppc64.rpm
8f47bde999fd4a20fdd95df19aa4d348 cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm
904299c55e793be74463ed447d4c7912 cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm
e510688e304707cdc2e69fbb690c105a cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm
a46a28e1dd83f550a8f90f76dd5de253 cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm
22240ec5fb56b681652830c602f6d3ac cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm
s390x:
0600130d9ffbc51fefefe5363161f809 cups-1.2.4-11.14.el5_1.3.s390x.rpm
747bc08e1347512b1250f2065f33ec82 cups-debuginfo-1.2.4-11.14.el5_1.3.s390.rpm
3e9253116a2fc0990fd7fb8df3330c0e cups-debuginfo-1.2.4-11.14.el5_1.3.s390x.rpm
205945b86014307d0351d958a3045bfd cups-devel-1.2.4-11.14.el5_1.3.s390.rpm
4494cce4dc572b50d825343ec9b2cfc1 cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm
f58cff49807950fe15a0431d9c0eb0a4 cups-libs-1.2.4-11.14.el5_1.3.s390.rpm
5b1a7f99fb9a376ac9dd6001bfc2400e cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm
8f41c8e4ad65b647974012e97e559050 cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm
x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHMfoZXlSAg2UNWIIRArocAJ4qfSAilKdPu6YvnbCb1h/QuxFdZACdFmeI
ypqsscJDPG7VSjjYrOsOTf8=
=lc2f
-----END PGP SIGNATURE-----
--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
