-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-47 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 25 Sep 2007 Last revised: 25 Sep 2007 Package: cups Summary: Integer overflow More information: The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. Integer overflow in the StreamPredictor::StreamPredictor function in gpdf. Impact: Remote attackers to execute arbitrary code via a crafted PDF file. Affected Products: - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server Source Packages Size: MD5 cups-1.1.23-13.src.rpm 9156131 1ba5cb1300b44cc4346eec7f55325593 Binary Packages Size: MD5 cups-1.1.23-13.i386.rpm 7492748 d5a6450e8fd1b8d66a754f4ad814f998 cups-libs-1.1.23-13.i386.rpm 80523 4373d771098fae7b0881135d4a458411 Source Packages Size: MD5 cups-1.1.20-17.src.rpm 4218841 7947c2c465d362de8f9abfaa8ab9aa6b Binary Packages Size: MD5 cups-1.1.20-17.i586.rpm 2510725 6f60450358ac7df1b47ad4317fb766fa cups-devel-1.1.20-17.i586.rpm 127679 bf99cbf466edf2fc9b480bc0e76235be cups-libs-1.1.20-17.i586.rpm 88335 87b25ac6592ac6108c22b2f52323705f Source Packages Size: MD5 cups-1.1.23-13.src.rpm 9156131 ed7ee6971f01efc4506cb403ba743e75 Binary Packages Size: MD5 cups-1.1.23-13.i686.rpm 8443610 eb34287254f34bd96e04b6d4ef38e083 cups-devel-1.1.23-13.i686.rpm 143617 79d7b52da8728699f07adc119d0742bf cups-libs-1.1.23-13.i686.rpm 96019 c31fef8ae97b3908ffa5ba19869595c9 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/cups-1.1.20-17.src.rpm 4218841 d2371ea85fb5158b7112f4ee10d4057e Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/cups-1.1.20-17.x86_64.rpm 2508630 0771961740f2b4eee4f68ab7c66a991a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/cups-devel-1.1.20-17.x86_64.rpm 126480 1a497994ba37c3be98d399dd548b9ac0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/cups-libs-1.1.20-17.x86_64.rpm 91074 7fbf9c25b59947eeb8f8fb4ccab6b5ea Source Packages Size: MD5 cups-1.1.20-17.src.rpm 4218841 0000d86e0214a17c685014e1438ad9f8 Binary Packages Size: MD5 cups-1.1.20-17.i586.rpm 2502190 ad4447dafb9b8d2c5b2e6666ed6b3ab7 cups-libs-1.1.20-17.i586.rpm 94155 6e0f1eab2d654cacfb2ad2eec12c6b6e Source Packages Size: MD5 cups-1.1.20-17.src.rpm 4218841 9230deb4df075ccb1c26729b5ce6d93e Binary Packages Size: MD5 cups-1.1.20-17.i586.rpm 2502729 74ea5462b607d1e562514651539ece60 cups-devel-1.1.20-17.i586.rpm 125255 93a9d9ca46a6679ebad65d49cb9c1e7a cups-libs-1.1.20-17.i586.rpm 94344 1f62831e0d3df505541357490cc91aa4 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/cups-1.1.20-17.src.rpm 4218841 7947c2c465d362de8f9abfaa8ab9aa6b Binary Packages Size: MD5 cups-1.1.20-17.i586.rpm 2510725 6f60450358ac7df1b47ad4317fb766fa cups-devel-1.1.20-17.i586.rpm 127679 bf99cbf466edf2fc9b480bc0e76235be cups-libs-1.1.20-17.i586.rpm 88335 87b25ac6592ac6108c22b2f52323705f Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cups-1.1.20-17.src.rpm 4218841 94d73a1b02c9080e6ed92fbd4c2a2787 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cups-1.1.20-17.i586.rpm 2519698 124154c202df1daaaae7b658d6e1c1c1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cups-devel-1.1.20-17.i586.rpm 127889 9ec96035fb88988ec542988bf34d1916 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cups-libs-1.1.20-17.i586.rpm 88555 b961e035ba26f95b6ab2d43befaa888f Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cups-1.1.20-17.src.rpm 4218841 04f883ae54c5efb022efd36c1684e2bf Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-1.1.20-17.i586.rpm 2502497 4403d9207fd35130388611ed7e90e6aa ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-devel-1.1.20-17.i586.rpm 125292 504680b72663debced40fc695159c726 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-libs-1.1.20-17.i586.rpm 94311 6af6c06a9e7641c16a35f51e9837e1b7 References: CVE [CVE-2007-3387] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3387 -------------------------------------------------------------------------- Revision History 25 Sep 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG+LoXK0LzjOqIJMwRAhDIAJ48GgYgRDa4halDQ+1vltJMFiDw3ACfVTY4 Lk85mS2p8YGgu9/+BFmLIiE= =31sx -----END PGP SIGNATURE-----