Date: Wed, 17 Nov 2004 13:56:09 +0000 From: Josef El-Rayes <josef@FreeBSD.org> To: Hilko Meyer <hilko.meyer@gmx.de> Cc: security@FreeBSD.org Subject: Re: Problem with cups/xpdf Message-ID: <20041117135609.GA3845@daemon.li> In-Reply-To: <8uvkp0t1u3h86hl2hjniukcl0b6rvf0ki0@4ax.com> References: <8uvkp0t1u3h86hl2hjniukcl0b6rvf0ki0@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_daemon.li-4188-1100699769-0001-2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hilko Meyer <hilko.meyer@gmx.de>: > Josef El-Rayes wrote > >Josef El-Rayes <josef at freebsd.org>: > >> Michael Nottebrock <michaelnottebrock at gmx.net>: > >> > > I am trying to upgrade my cups-port with an up-to-date ports-tree.= It fails > >> > > because of the xpdf-vulnurability. But my xpdf-port is the most re= cent one > >> > > and I think that the vulnurability was handelt in this version (if= I can > >> > > believ the cvs-comment). > >> > > > >> > > =3D=3D=3D> cups-base-1.1.22.0 has known vulnerabilities: > >> > > >> xpdf -- integer overflow vulnerabilities. > >> > > > >> > > Reference: > >> > > <http://www.FreeBSD.org/ports/portaudit/ad2f3337-26bf-11d9-9289-00= 0c41e2cda > >> > >d .html> > >> >=20 > >> > The vuxml entry is wrong, vid ad2f3337-26bf-11d9-9289-000c41e2cdad h= as=20 > >> > <range><ge>0</ge></range> but needs <range><lt>1.1.21</lt></range>. > > > >Okay I was a bit too fast, where did you find that the cups people fixed > >this issue in their new release? >=20 > Look at http://www.cups.org/relnotes.php > I think, that's this one: > | Changes in CUPS v1.1.22rc2: > | The pdftops filter didn't check the range of all integer attributes (ST= R #972) >=20 > STR #972 links to > http://www.cups.org/str.php?L972 > | Michael Sweet > | 14:10 Oct 20, 2004 The Xpdf-based pdftops filter has a range checking b= ug which could cause buffer overflows and/or denial-of-service problems. thanks, but then the range should be < 1.1.22. Also the entry of the trouble report for 1.1.22rc, so i guess this is not fixed in 1.1.21. I did not have the time to check into the code yet... greets, josef --=20 Josef El-Rayes (__) Email: josef@daemon.li \\\'',)=20 Web: http://daemon.li/ \/ \ ^ FreeBSD Security Team .\._/_) --=_daemon.li-4188-1100699769-0001-2 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iQEVAwUBQZtYeFnFItmnnbU8AQInDQgAoxNCorfl12ihBJ4itTX7sph5fCUQZpwR n+A/v6CdBboZUh4QbBYWMdbyxhHIigQC8hWyffKrSlA/R4tc639htT99cZAoxiKo lF+UKViOkjQV1l6czikSQ21LrUo5OVvR17lo6x6LYABncb1cZ25WXTbhc1CTVrFG ujYHomVbxxs7HktJk/hLoL6DCBwVpwFOR4b3kjwXQqF514pNGjFHbg8ZPxX2tpvx AJImV266kvb1Vy3xEPVoKfpVe7VDGxSk0z3jq+anjggf2LD5SF8v9JKFeHo5/dJK Gk/u9P1c6JZSR+s3EdoU7E0vygZkGCm2BkQBLVyTkYMMg+pkc83lqA== =ka9m -----END PGP SIGNATURE----- --=_daemon.li-4188-1100699769-0001-2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041117135609.GA3845>