LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Trustix alert TSLSA-2005-0043 (kernel)



From:
    	      Trustix Security Advisor <tsl@trustix.org>


To:
    	      tsl-announce@lists.trustix.org


Subject:
    	      TSLSA-2005-0043 - multi


Date:
    	      Thu, 1 Sep 2005 18:49:51 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0043

Package names:	   cups, kernel  
Summary:           Multiple vulnerabilities
Date:              2005-08-19
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  cups
  The Common UNIX Printing System provides a portable printing layer for
  UNIX(R) operating systems. It has been developed by Easy Software Products
  to promote a standard printing solution for all UNIX vendors and users.
  CUPS provides the System V and Berkeley command-line interfaces.

  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.
  
Problem description:
  cups
  - SECURITY Fix: xpdf Temporary File Writing Denial of Service. 
    When processing a PDF file, bounds checking was not correctly performed on
    some fields.  This could cause the pdftops filter (running as user "lp") to
    crash.

    The Common Vulnerabilities and Exposures project has assigned the
    name CAN-2005-2097 to this issue.

  kernel
  - SECURITY Fix: Error during attempt to join key management session can leave
    semaphore pinned (CAN-2005-2098)
  - Destruction of failed keyring oopses (CAN-2005-2099)
  - Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459)

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/>> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0043/>>


MD5sums of the packages:
- --------------------------------------------------------------------------
86c311222d6415b81a704d71e4de4c1c  3.0/rpms/cups-1.1.23-9tr.i586.rpm
5009ea671dafb6f29c7c1ef0e150212a  3.0/rpms/cups-devel-1.1.23-9tr.i586.rpm
e8c600d7dd27adda99700c86531384ac  3.0/rpms/cups-libs-1.1.23-9tr.i586.rpm
f75dd773b5a79457b9eceaa69f681e7e  3.0/rpms/cups-samba-1.1.23-9tr.i586.rpm
90c58fd786752af76b1106d43e77da32  3.0/rpms/kernel-2.6.12.6-1tr.i586.rpm
c857377889fe2a751984bd8fa043ccc2  3.0/rpms/kernel-doc-2.6.12.6-1tr.i586.rpm
08e72c5764cbbafea16b9e8e2bf4512b  3.0/rpms/kernel-headers-2.6.12.6-1tr.i586.rpm
b7024dd4610bdee27e2a2f81073e3a31  3.0/rpms/kernel-smp-2.6.12.6-1tr.i586.rpm
ed99eefa73ea15f415297dede33d9639  3.0/rpms/kernel-smp-headers-2.6.12.6-1tr.i586.rpm
584305146de1a13abea5b97c4e8b3fb5  3.0/rpms/kernel-source-2.6.12.6-1tr.i586.rpm
076694cd848f58d328ae9d58c3d89f68  3.0/rpms/kernel-utils-2.6.12.6-1tr.i586.rpm

496b1a2161925d286c498d73042e919d  2.2/rpms/cups-1.1.23-4tr.i586.rpm
f567d4a84b389a886c59ede64a9a45aa  2.2/rpms/cups-devel-1.1.23-4tr.i586.rpm
8e415a4c9fa114e1e8a4370e0e37497d  2.2/rpms/cups-libs-1.1.23-4tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFzBSi8CEzsK9IksRAsNlAJ9qSInBNyGS8h5W32yySSL4hZjpTACgkj+f
q1LLRk9HoqaPEDhe27BsjEg=
=vtYi
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds