[PLDSA 33-1] New gimp-print packages fix buffer overflow
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:42:20 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 33-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
05 March 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to gimp-print-4.2.2-1
Vulnerability : overflowing command line
Problem-Type : local
PLD-specific : no
Karol Wiesek and iDefense disovered vulnerability in in the escputil binary,
which has a buffer overflow in the parsing of the --printer-name command line
argument.
This is only possible when esputil is suid or sgid.
The above problems have been fixed in version 4.2.2-2 for the
current stable distribution (ra).
We recommend that you upgrade your gimp-print packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'gimp-print*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'gimp-print*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/gimp-print-4.2.2-2.src.rpm
MD5 checksum: a627e6b9439b5f2d7a6d27a49ec45b9b
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-4.2.2-2.i386.rpm
MD5 checksum: bd605bdd3f003b24c2820a5bbae76f13
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-cups-4.2.2-2.i386.rpm
MD5 checksum: 2fd0393c7d9a85538fea5e63663fb17a
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-devel-4.2.2-2.i386.rpm
MD5 checksum: 3ba027eeaab7cfbe3cc9864ce9336321
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-ijs-4.2.2-2.i386.rpm
MD5 checksum: 212cf81ba3ac6ca31d401fda0af3bf90
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-lib-4.2.2-2.i386.rpm
MD5 checksum: 2c6d1a3619ec989c95ae34e2518c9396
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-samples-4.2.2-2.i386.rpm
MD5 checksum: 97dd689ae37f6839bc8c212f46695fd0
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/gimp-print-static-4.2.2-2.i386.rpm
MD5 checksum: 1c90bc50f785263d86e015306f97b060
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-4.2.2-2.i586.rpm
MD5 checksum: 03088c8939e71c9f3c0ae4b16ccb5192
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-cups-4.2.2-2.i586.rpm
MD5 checksum: a69395296dd91f577ad6144aefd6b9fd
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-devel-4.2.2-2.i586.rpm
MD5 checksum: 087e3fe7e51592f8c995369a22344b06
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-ijs-4.2.2-2.i586.rpm
MD5 checksum: 5706e334ee71ee59477b6503a8079a7e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-lib-4.2.2-2.i586.rpm
MD5 checksum: 0d0865dc46c511336177b4b81d6d3145
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-samples-4.2.2-2.i586.rpm
MD5 checksum: 4bcbc0f94b492696ebed8a33c546094d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/gimp-print-static-4.2.2-2.i586.rpm
MD5 checksum: d79af9fa771ac1c803c640a3cd63ba6e
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-4.2.2-2.i686.rpm
MD5 checksum: f6ab63e83f9263a0f6532d3c1816d461
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-cups-4.2.2-2.i686.rpm
MD5 checksum: e5714e4edc6084a044c95be698f9d23d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-devel-4.2.2-2.i686.rpm
MD5 checksum: 4df5e6ae87ab5963235572ee62c1ee78
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-ijs-4.2.2-2.i686.rpm
MD5 checksum: b87af2e09967c10ebe4b60c05a4fc94b
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-lib-4.2.2-2.i686.rpm
MD5 checksum: 98f1309b0c58386e666eff31707a55b3
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-samples-4.2.2-2.i686.rpm
MD5 checksum: fb861af78a62590dc69453da11f61da6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/gimp-print-static-4.2.2-2.i686.rpm
MD5 checksum: c9474b93388f5ebc139c1290298adc10
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-4.2.2-2.ppc.rpm
MD5 checksum: 2ce54dcbf1588897b90436e44b9b418a
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-cups-4.2.2-2.ppc.rpm
MD5 checksum: 2e404c255c7602ffce4bf7d6ba6f9d0b
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-devel-4.2.2-2.ppc.rpm
MD5 checksum: 356670459bfdf345b3532233191f812c
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-ijs-4.2.2-2.ppc.rpm
MD5 checksum: 4c4b0605ea11fd72eaa2d9e421ab5999
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-lib-4.2.2-2.ppc.rpm
MD5 checksum: d424fb121b21e0248eb89081948ff67a
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-samples-4.2.2-2.ppc.rpm
MD5 checksum: f15166d4f871017d50e50d84f9051ca5
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/gimp-print-static-4.2.2-2.ppc.rpm
MD5 checksum: f588e3dcb028bf5780c82340f57cb4a3
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list