Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-645-1:D3384
HistoryJan 19, 2005 - 7:45 a.m.

[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution

2005-01-1907:45:43
lists.debian.org
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA 645-1 [email protected]
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq

Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0064

iDEFENSE has reported a buffer overflow in xpdf, the portable document
format (PDF) suite. Similar code is present in the PDF processing
part of CUPS. A maliciously crafted PDF file could exploit this
problem, resulting in the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.1.14-5woody12.

In the unstable distribution (sid) CUPSYS does not use its own xpdf
variant anymore but uses xpdf-utils.

We recommend that you upgrade your cups packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.dsc
  Size/MD5 checksum:      712 dba687dbc0a6992b0a3cdd8da496abdf
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.diff.gz
  Size/MD5 checksum:    40770 083cfc2f84280ebaee765ec1ba7a8f29
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
  Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:  1901080 80c9b14b52397228088eb278ef07d897
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:    74548 98b9ef57c0e574aadf0e804fb070ccff
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:    93196 ebe102c5982747fb36254898db73bdac
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:  2446048 e3509f813586e394fcaea652caeb979d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:   138216 c6c6beeff4bc077a290bb213ffafcd04
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_alpha.deb
  Size/MD5 checksum:   181162 c612bffce4b666c36e9709a3f1c3b916

ARM architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:  1821988 cae79abb7d1980e5cb983c51c23df200
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:    68682 2aef42b9bfa45d45a0b94f980cd75f0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:    85876 c998cf95bd9faa58bbc3618d92c69e3b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:  2346072 24d5e48e3e0319b948038c45b1219b4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:   113198 4ce263fe2f228ad505e6249869ede086
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_arm.deb
  Size/MD5 checksum:   150620 9644fdf3f4c6021a203b1a9811a14de8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:  1788840 4421966dabb586f81791d9d27eaf9ceb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:    68212 af70c5816c54edf896a22c24fe0568b8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:    84376 6178a9c61d805a70e3f787f9cec45d44
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:  2312208 53aaab028df004928720cf25e9912298
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:   111224 2a6caaceda4a9a617637ffec2e6b0888
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_i386.deb
  Size/MD5 checksum:   136782 70d5e60898bf4cb15ec009832f2914ff

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:  2008480 dbd5516b389032d32bed1b3f47157dd6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:    77618 c93fd0ad5ed158ece2b3bfe820f65c85
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:    97360 d5b475b30e5566ae84e4388a9c8b88ce
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:  2656984 7c862503822e4f2bf4758f7d2359ebc9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:   156234 67c450bec79adc3790e03933d59f3d37
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_ia64.deb
  Size/MD5 checksum:   183182 7f11c1e4644116c23db6b29c73427040

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:  1882020 9c4b419efcb6432c6470c3d1d55d2df4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:    71014 be0ebd451a3141b3962fe2bdcf6ec50f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:    90032 a7ba29d9e1c69af6b90f4007d5a74c6f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:  2456276 65d1e20bf5e1189467226ead52702708
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:   126706 b780b2343e1a4c1f7efbc2e31bf45a5f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_hppa.deb
  Size/MD5 checksum:   159768 aaac5dbdd82b5e781f088687f924a6db

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:  1755578 cba34fd3943f142f9f02349409e0a401
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:    66480 547ceec1de16cd3a30591e0a4d7d522c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:    81600 92628a29ad3a5c5fe612b5f878747bbb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:  2261580 76a36d1fbc58b906e9e2aaa3524f788d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:   106458 5e70c0f80644ae350edc1062877ced89
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_m68k.deb
  Size/MD5 checksum:   128992 8ff14878ace478af7a9f2827867a04d1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:  1811940 9ced9be894453681c8f256f67e337751
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:    68116 63e45c41ec22bc005663f008aa05ef0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:    81558 6300fb89191894457fa6672cad347bb4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:  2404826 f8d58e941201559799af19451002a284
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:   112996 a4b6ffee4e6cc6a3800c0ef8c20ff539
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_mips.deb
  Size/MD5 checksum:   151418 aaae3c74411b75b49dc14def7a9c32fe

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:  1812724 bbfee7ac7b15145c6f89d4a25c1db340
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:    68130 d2f7131ac7ea1d6ef729c112b54d5629
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:    81626 95b08b3d7979b620c77859d15550eaaa
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:  2407218 9332c2b46d7345b8b15403ca9b6dd028
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:   112790 45c5412dfdcdad3a59bbc0f2f45988a4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_mipsel.deb
  Size/MD5 checksum:   151276 16c064ce075bf6ce6201312a0843d008

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:  1800906 08a9bf6cc07cb65c0dd09d52de8f7f0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:    68124 698dbe8709ad4a0dc5de6fafaeb8f3eb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:    83694 407fc2c25633d9c2cf26d80bd5f5108c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:  2360024 08521680d27782d3e726784997c95566
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:   117006 9cb07b714e8ab87e79b2ee92dcc7e5d3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_powerpc.deb
  Size/MD5 checksum:   145440 070f2ffcddb4877843d4bc1a948fbe5c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:  1796000 2afd81c2c65e80af6152b6d2a0985ce3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:    69504 a48e8ed2967607f6d96e4c26999d8fec
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:    86236 3c51febfd61416b13d42c5c6ab975010
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:  2337874 b881b84f338e9cbf2e613f0d2a6453a0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:   115542 33c899990404f7dbd5e5a586b3fc8fa1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_s390.deb
  Size/MD5 checksum:   141064 325c19c262cdd47a35ffabf397b5da2a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:  1845728 2c1dcbfd9ff9fc25588f908e7ef84446
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:    71068 f687719bc73305a9128ae5707b482f2f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:    84512 4c0763a89d10e4f48ed35e8807bc2f69
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:  2354898 aafc71eb641ab4c0252b37a163d97f05
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:   120690 72969e3f647ecf37906772aebee2ad57
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_sparc.deb
  Size/MD5 checksum:   146974 aff816a314bda12eb5f6ac6bbc3d6816

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3mipselxpdf-reader< 1.00-3.4xpdf-reader_1.00-3.4_mipsel.deb
Debian3mipselcupsys< 1.1.14-5woody12cupsys_1.1.14-5woody12_mipsel.deb
Debian3mipsxpdf-utils< 1.00-3.4xpdf-utils_1.00-3.4_mips.deb
Debian3m68kxpdf-reader< 1.00-3.4xpdf-reader_1.00-3.4_m68k.deb
Debian3m68klibcupsys2< 1.1.14-5woody12libcupsys2_1.1.14-5woody12_m68k.deb
Debian3powerpccupsys< 1.1.14-5woody12cupsys_1.1.14-5woody12_powerpc.deb
Debian3mipslibcupsys2< 1.1.14-5woody12libcupsys2_1.1.14-5woody12_mips.deb
Debian3i386libcupsys2-dev< 1.1.14-5woody12libcupsys2-dev_1.1.14-5woody12_i386.deb
Debian3sparccupsys-client< 1.1.14-5woody12cupsys-client_1.1.14-5woody12_sparc.deb
Debian3sparccupsys-pstoraster< 1.1.14-5woody12cupsys-pstoraster_1.1.14-5woody12_sparc.deb
Rows per page:
1-10 of 911

Related

openvas 23
nessus 23
redhat 7
debian 3
gentoo 6
debiancve 1
osv 2
securityvulns 3
fedora 1
altlinux 1
freebsd 1
ubuntu 1
ubuntucve 1
cve 1
oraclelinux 1
cert 1
openvas
openvas
FreeBSD Ports: xpdf
2008-09-04 00:00:00
Debian Security Advisory DSA 648-1 (xpdf)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200501-30 (CUPS)
2008-09-24 00:00:00
nessus
nessus
GLSA-200501-28 : Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
2005-02-14 00:00:00
GLSA-200501-30 : CUPS: Stack overflow in included Xpdf code
2005-02-14 00:00:00
Mandrake Linux Security Advisory : koffice (MDKSA-2005:019)
2005-01-26 00:00:00
redhat
redhat
(RHSA-2005:059) xpdf security update
2005-01-26 00:00:00
(RHSA-2005:049) cups security update
2005-02-01 00:00:00
(RHSA-2005:026) tetex security update
2005-03-16 00:00:00
debian
debian
[SECURITY] [DSA 648-1] New xpdf packages fix arbitrary code execution
2005-01-19 13:40:49
[SECURITY] [DSA 648-1] New xpdf packages fix arbitrary code execution
2005-01-19 13:40:49
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution
2005-01-19 07:45:43
gentoo
gentoo
KPdf, KOffice: Stack overflow in included Xpdf code
2005-01-23 00:00:00
Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
2005-01-21 00:00:00
libextractor: Multiple overflow vulnerabilities
2005-06-09 00:00:00
debiancve
debiancve
CVE-2005-0064
2005-05-02 04:00:00
osv
osv
xpdf - buffer overflow
2005-01-19 00:00:00
cupsys - buffer overflow
2005-01-19 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
2005-01-19 00:00:00
[ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities
2005-06-10 00:00:00
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: cups-1.2.8-1.fc5
2007-03-14 20:14:24
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.00-alt5pl3
2005-01-19 00:00:00
freebsd
freebsd
xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-06 00:00:00
ubuntu
ubuntu
xpdf, CUPS vulnerabilities
2005-01-19 00:00:00
ubuntucve
ubuntucve
CVE-2005-0064
2005-05-02 00:00:00
cve
cve
CVE-2005-0064
2005-05-02 04:00:00
oraclelinux
oraclelinux
kdegraphics security update
2006-11-30 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-645-1:D3384
openvas23nessus23redhat7debian3gentoo6debiancve1osv2securityvulns3fedora1altlinux1freebsd1ubuntu1ubuntucve1cve1oraclelinux1cert1