var-200904-0808
Vulnerability from variot
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Xpdf is an open source viewer for Portable Document Format (PDF) files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: cups
Announcement ID: SUSE-SA:2009:024
Date: Wed, 22 Apr 2009 13:00:00 +0000
Affected Products: openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Server 10 SP2
SLE 11
Vulnerability Type: remote code execution
Severity (1-10): 8 (critical)
SUSE Default Package: yes
Cross-References: CVE-2009-0146, CVE-2009-0147, CVE-2009-0163
CVE-2009-0165, CVE-2009-0166, CVE-2009-0799
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180
CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
Content of This Advisory:
1) Security Vulnerability Resolved:
fixed remotely exploitable overflows
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp.
There were two security vulnerabilities fixed in cups.
The first one can be triggered by a specially crafted tiff file. This
file could lead to an integer overflow in the 'imagetops' filter which caused an heap overflow later. This bug is probably exploitable remotely by users having remote access to the CUPS server and allows the execution of arbitrary code with the privileges of the cupsd process. (CVE-2009-0163)
The second issue affects the JBIG2 decoding of the 'pdftops' filter.
The JBIG2 decoding routines are vulnerable to various software failure types like integer and buffer overflows and it is believed to be exploit- able remotely to execute arbitrary code with the privileges of the cupsd process. (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183)
2) Solution or Work-Around
none
3) Special Instructions and Notes
none
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm
openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm
openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm
Power PC Platform:
openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm
openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm
openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm
x86-64 Platform:
openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm
openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm
openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm
Sources:
openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm
openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm
openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
Open Enterprise Server http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
Novell Linux POS 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
Novell Linux Desktop 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
SUSE SLES 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
SUSE Linux Enterprise Server 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f
SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f
SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLE 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLES 11 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org.
===================================================================== SUSE's security contact is security@suse.com or security@suse.de. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSe8qrney5gA9JdPZAQI4aQf/e938Hr+O1QYi9y5cm9ycOcaFHWx0oZED yyOc4lUYZrb7qjmErPHfpoMR9c2XZlmESwKY0RZjddxe+vINDrOcMuI4nrp12ObP uYvSAAz3xgpXzVtW5B/90ihHJAqHAnwOsdO8adt6PtKCt7T2gMPuQV0RSz3BRy// qtBHDNyTBRPK7ex/YKUyQAbNENQUa3r9BaHpTHWjscfCoQch4Wz5hmLKv/n7eYdj CFetsr6zu3hn3isKD8EPTIMbkpaYBMxp53UnNiRmVRy0Gb7zlBz5ByYQaYY+YKf/ OZ+ZHRTuDsNbAT03QtkvML3yqr3Yobb39DFa+cSsH2c9xTdwWdzSAg== =ZnS5 -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . (CVE-2009-0165). (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609)
This update corrects the problems.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
Updated Packages:
Mandriva Linux 2009.0: 5afef470fbd90b1ba91bb3c4ba83d3d9 2009.0/i586/acl-2.2.47-4.1mdv2009.0.i586.rpm f6c458ac101765b7be2b03983f5053e9 2009.0/i586/cups-1.3.10-0.2mdv2009.0.i586.rpm 57e96e7061b8f648555171a54f4de57d 2009.0/i586/cups-common-1.3.10-0.2mdv2009.0.i586.rpm 9ceeca29ea654b5941ce9dc119d77915 2009.0/i586/cups-serial-1.3.10-0.2mdv2009.0.i586.rpm 3de9be03b7c47725cecce48a981623ec 2009.0/i586/libacl1-2.2.47-4.1mdv2009.0.i586.rpm ad812a8c58c3d07c98262df1f3e3f45b 2009.0/i586/libacl-devel-2.2.47-4.1mdv2009.0.i586.rpm 6fddee7c9701335f4b6505ba1a125417 2009.0/i586/libcups2-1.3.10-0.2mdv2009.0.i586.rpm 668ee622e663fef6d458cfc08ac345a3 2009.0/i586/libcups2-devel-1.3.10-0.2mdv2009.0.i586.rpm f02791fa357fd1b11d627184fe6023f9 2009.0/i586/libpoppler3-0.8.7-2.3mdv2009.0.i586.rpm 237284c6152a84eb858256a347250e31 2009.0/i586/libpoppler-devel-0.8.7-2.3mdv2009.0.i586.rpm e6008cb60171a0f2ddbc76a394b87c4b 2009.0/i586/libpoppler-glib3-0.8.7-2.3mdv2009.0.i586.rpm 24755af7d9d2f4dee1c90fc592e9f576 2009.0/i586/libpoppler-glib-devel-0.8.7-2.3mdv2009.0.i586.rpm d7e9ced5a0d7056a27ef2ca3df50188a 2009.0/i586/libpoppler-qt2-0.8.7-2.3mdv2009.0.i586.rpm ddafea6d6ff4be8996d681b50e71360d 2009.0/i586/libpoppler-qt4-3-0.8.7-2.3mdv2009.0.i586.rpm 6debb46b2e51bb9abae8ae224f8db0f1 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.3mdv2009.0.i586.rpm f0fbc61c0e1d631e97f22f6a4d278c70 2009.0/i586/libpoppler-qt-devel-0.8.7-2.3mdv2009.0.i586.rpm ca32c3f529c9a1e676ea8dacc3c6f888 2009.0/i586/php-cups-1.3.10-0.2mdv2009.0.i586.rpm ab5e168e0e4d8e473f45b7a44fb1c8f0 2009.0/i586/poppler-0.8.7-2.3mdv2009.0.i586.rpm 65c09a60591a58ae496b323e0e8fe86a 2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm 089453e069614cf9f4a9b0b81e93706e 2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm be5c0733d2cdd537ac1eea6c995a940f 2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: a76ac52d03f6f4dc3fe1506801e1e21b 2009.0/x86_64/acl-2.2.47-4.1mdv2009.0.x86_64.rpm 525c24a89bab12d3e15b51b4c97d1358 2009.0/x86_64/cups-1.3.10-0.2mdv2009.0.x86_64.rpm 3571d5eb4f123e668b5adf69e986372b 2009.0/x86_64/cups-common-1.3.10-0.2mdv2009.0.x86_64.rpm b39c9243e550ffc65de2237195bc26a4 2009.0/x86_64/cups-serial-1.3.10-0.2mdv2009.0.x86_64.rpm 2837588f649089d0821304b0805d340c 2009.0/x86_64/lib64acl1-2.2.47-4.1mdv2009.0.x86_64.rpm cdfca8cfad651d282f96d40fd75a4596 2009.0/x86_64/lib64acl-devel-2.2.47-4.1mdv2009.0.x86_64.rpm f6af0d4a008cfef6ee33d57e0d968833 2009.0/x86_64/lib64cups2-1.3.10-0.2mdv2009.0.x86_64.rpm 5b60fff9db65f33fef1e8b279d27297f 2009.0/x86_64/lib64cups2-devel-1.3.10-0.2mdv2009.0.x86_64.rpm aae343ba528a86feb7f4f4ea958e6830 2009.0/x86_64/lib64poppler3-0.8.7-2.3mdv2009.0.x86_64.rpm de8da0007d86c8331ab187f03f07f57b 2009.0/x86_64/lib64poppler-devel-0.8.7-2.3mdv2009.0.x86_64.rpm 3dde1055871d4ac1dad4a66017fd0b0a 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.3mdv2009.0.x86_64.rpm 8ccbbd75f41f86c803eb9ccdca254d4c 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdv2009.0.x86_64.rpm a1daabbf13cded9a785d62f088c76661 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.3mdv2009.0.x86_64.rpm a2d283827fd14321ab42c8eda701b7f2 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdv2009.0.x86_64.rpm 9e2f0f9b23c1365a0b1d49254aab3199 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdv2009.0.x86_64.rpm bb32350e6a9ee7a7be1b3562ed1282fc 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdv2009.0.x86_64.rpm cb750cc3313fdb7f045c85aa186735d5 2009.0/x86_64/php-cups-1.3.10-0.2mdv2009.0.x86_64.rpm 8882c7aef8572a7342db51dca0d0f444 2009.0/x86_64/poppler-0.8.7-2.3mdv2009.0.x86_64.rpm 65c09a60591a58ae496b323e0e8fe86a 2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm 089453e069614cf9f4a9b0b81e93706e 2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm be5c0733d2cdd537ac1eea6c995a940f 2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm
Mandriva Enterprise Server 5: 3d022011977e4a10551f4a56251ce5fa mes5/i586/acl-2.2.47-4.1mdvmes5.i586.rpm c29a689a2db186046756a9e5e2c0a8f3 mes5/i586/cups-1.3.10-0.2mdvmes5.i586.rpm 36e0bdd3bbf5e634b55d4694380c84dc mes5/i586/cups-common-1.3.10-0.2mdvmes5.i586.rpm 00c15febde2ad95d12d7635661d47945 mes5/i586/cups-serial-1.3.10-0.2mdvmes5.i586.rpm f4df21360fd911b246a12c1848e53581 mes5/i586/libacl1-2.2.47-4.1mdvmes5.i586.rpm 8aea7eac71eac4b9149d80b4218af3c2 mes5/i586/libacl-devel-2.2.47-4.1mdvmes5.i586.rpm 2e9611bb9cefdb97750fe45670996543 mes5/i586/libcups2-1.3.10-0.2mdvmes5.i586.rpm 1303d2339e5f85a9051385c6c1477e3b mes5/i586/libcups2-devel-1.3.10-0.2mdvmes5.i586.rpm 5ffb04e2aeb3d81c715d321ca7f6493d mes5/i586/libopenslp1-1.2.1-8.1mdvmes5.i586.rpm 5de6f8ac79499f879c2595c91233bbf3 mes5/i586/libopenslp1-devel-1.2.1-8.1mdvmes5.i586.rpm 8bb39d8ce2ad2d4709918445815208fc mes5/i586/libpoppler3-0.8.7-2.3mdvmes5.i586.rpm 0e8f25804f2159b90fdd8e7095131588 mes5/i586/libpoppler-devel-0.8.7-2.3mdvmes5.i586.rpm 9ebc1e0b9b3c82859d739493a858cae9 mes5/i586/libpoppler-glib3-0.8.7-2.3mdvmes5.i586.rpm 51e64a439af77b2312767f7d644a6a4f mes5/i586/libpoppler-glib-devel-0.8.7-2.3mdvmes5.i586.rpm 7c704efde4af7a2a210b5bccd2fedea2 mes5/i586/libpoppler-qt2-0.8.7-2.3mdvmes5.i586.rpm ebfbf333cc37cb01a069228b6f4239b9 mes5/i586/libpoppler-qt4-3-0.8.7-2.3mdvmes5.i586.rpm 308efdd8971843a2d2d62e5259deb313 mes5/i586/libpoppler-qt4-devel-0.8.7-2.3mdvmes5.i586.rpm b8ef53aed48f4495abbda78f967c6b03 mes5/i586/libpoppler-qt-devel-0.8.7-2.3mdvmes5.i586.rpm 41dbe03f2d9348e06e3ba8e3d1f26cc9 mes5/i586/openslp-1.2.1-8.1mdvmes5.i586.rpm 4a30887d3b5cfbe996f6216dfd2af9de mes5/i586/php-cups-1.3.10-0.2mdvmes5.i586.rpm e99f800df740a1104f2e55e454dba0e2 mes5/i586/poppler-0.8.7-2.3mdvmes5.i586.rpm 635e5f08f9bd9bcf938c7e6acc2bcd40 mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm 45443396fd1b86d7d305d203f058d4f6 mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm 3f7d68de39f4e1eed0c6095db6c69837 mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm 6b77ace4f59963baf78a0ba041070cfe mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: 3d95d16026af177290e0cea353da380c mes5/x86_64/acl-2.2.47-4.1mdvmes5.x86_64.rpm cb71f3f8b76b599d72fa15930ead4194 mes5/x86_64/cups-1.3.10-0.2mdvmes5.x86_64.rpm c3580a98d4248e4746d1021800916675 mes5/x86_64/cups-common-1.3.10-0.2mdvmes5.x86_64.rpm 39c78f07835385585189c4c984eeb86c mes5/x86_64/cups-serial-1.3.10-0.2mdvmes5.x86_64.rpm b78b05598b1ddd50a0d5ffc1e63a9d5f mes5/x86_64/lib64acl1-2.2.47-4.1mdvmes5.x86_64.rpm 10eb04184447f9a76052a4c57d99f7ab mes5/x86_64/lib64acl-devel-2.2.47-4.1mdvmes5.x86_64.rpm 0696874c98c99972866e26d90ee38d6f mes5/x86_64/lib64cups2-1.3.10-0.2mdvmes5.x86_64.rpm 4bd0ea0f775617400ce40b1c4f957603 mes5/x86_64/lib64cups2-devel-1.3.10-0.2mdvmes5.x86_64.rpm 7e545a67886d3a94f173b84531694cca mes5/x86_64/lib64openslp1-1.2.1-8.1mdvmes5.x86_64.rpm a084b392e3db81f7f7ba9886dc745a67 mes5/x86_64/lib64openslp1-devel-1.2.1-8.1mdvmes5.x86_64.rpm a91173c222b22c42775e545bcd728a74 mes5/x86_64/lib64poppler3-0.8.7-2.3mdvmes5.x86_64.rpm 8b3196f11e5acded6268e8a3e5e2a855 mes5/x86_64/lib64poppler-devel-0.8.7-2.3mdvmes5.x86_64.rpm d805bec2817b0479c45aa54fe36a4c06 mes5/x86_64/lib64poppler-glib3-0.8.7-2.3mdvmes5.x86_64.rpm a5385b959453bfe0cd9f86083866dc18 mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdvmes5.x86_64.rpm 36bd4a56b2e0e681433f37bd06a10a81 mes5/x86_64/lib64poppler-qt2-0.8.7-2.3mdvmes5.x86_64.rpm 237b15170b5066ac55f8a8b4327b80bb mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdvmes5.x86_64.rpm 06c3a86abdac6e1eeda86f916fe06026 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdvmes5.x86_64.rpm b5b086ecfbe4629ef2ab3d2d5472d655 mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdvmes5.x86_64.rpm 790c7f128775137459a5d406ddc05c8b mes5/x86_64/openslp-1.2.1-8.1mdvmes5.x86_64.rpm f21671c76a063dfd784ef9afa363777e mes5/x86_64/php-cups-1.3.10-0.2mdvmes5.x86_64.rpm 39d5d335a1564962ac7868c53a2cb2a5 mes5/x86_64/poppler-0.8.7-2.3mdvmes5.x86_64.rpm 635e5f08f9bd9bcf938c7e6acc2bcd40 mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm 45443396fd1b86d7d305d203f058d4f6 mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm 3f7d68de39f4e1eed0c6095db6c69837 mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm 6b77ace4f59963baf78a0ba041070cfe mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
Background
Poppler is a cross-platform PDF rendering library originally based on Xpdf. Please review the CVE identifiers referenced below for details. NOTE: some of these details are obtained from third party information (CVE-2010-0739). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-20
http://security.gentoo.org/
Severity: Normal Title: CUPS: Multiple vulnerabilities Date: April 23, 2009 Bugs: #263070 ID: 200904-20
Synopsis
Multiple errors in CUPS might allow for the remote execution of arbitrary code or DNS rebinding attacks.
Background
CUPS, the Common Unix Printing System, is a full-featured print server.
-
Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
-
Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler. Furthermore, the web interface could be used to conduct DNS rebinding attacks.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10"
References
[ 1 ] CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 [ 2 ] CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 [ 3 ] CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 [ 4 ] CVE-2009-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164 [ 5 ] CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200904-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0808",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.6-1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.2.11"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.23"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.5-1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.6"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.5-2"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.2.12"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.8"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.4"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.6"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "2.03"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.93"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.10"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.18"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.21"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.5a"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.80"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.93a"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.8"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.92a"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.3"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.92c"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.92"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.92b"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "1.00a"
},
{
"model": "cups",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.9"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "2.02"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.10"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.12"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.2"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "3.00"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.14"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.16"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.22"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.13"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.7"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.7a"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.17"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.91b"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "3.01"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.92e"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.9-1"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.6"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.93c"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.91a"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.0"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.6-2"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.3"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.15"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.0"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.92d"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.93b"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.8"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.10"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.10-1"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.91"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "1.00"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.9"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.11"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.6"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.9"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "1.01"
},
{
"model": "xpdf",
"scope": "eq",
"trust": 1.0,
"vendor": "foolabs",
"version": "0.91c"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.6-3"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "2.01"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.11"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "0.90"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "xpdfreader",
"scope": "lte",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "3.02"
},
{
"model": "xpdfreader",
"scope": "eq",
"trust": 1.0,
"vendor": "glyphandcog",
"version": "2.00"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva s a",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "poppler",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "research in motion rim",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xpdf",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Rad Pop Will Dormann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-0146",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "VU#196617",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-37592",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0146",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#196617",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-441",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-37592",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0146",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Xpdf is an open source viewer for Portable Document Format (PDF) files. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: cups\n Announcement ID: SUSE-SA:2009:024\n Date: Wed, 22 Apr 2009 13:00:00 +0000\n Affected Products: openSUSE 10.3\n openSUSE 11.0\n openSUSE 11.1\n SUSE SLES 9\n Novell Linux Desktop 9\n Open Enterprise Server\n Novell Linux POS 9\n SUSE Linux Enterprise Desktop 10 SP2\n SUSE Linux Enterprise Server 10 SP2\n SLE 11\n Vulnerability Type: remote code execution\n Severity (1-10): 8 (critical)\n SUSE Default Package: yes\n Cross-References: CVE-2009-0146, CVE-2009-0147, CVE-2009-0163\n CVE-2009-0165, CVE-2009-0166, CVE-2009-0799\n CVE-2009-0800, CVE-2009-1179, CVE-2009-1180\n CVE-2009-1181, CVE-2009-1182, CVE-2009-1183\n\n Content of This Advisory:\n 1) Security Vulnerability Resolved:\n fixed remotely exploitable overflows\n Problem Description\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n none\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n The Common Unix Printing System, CUPS, is a printing server for unix-like\n operating systems. It allows a local user to print documents as well as\n remote users via port 631/tcp. \n\n There were two security vulnerabilities fixed in cups. \n\n The first one can be triggered by a specially crafted tiff file. This \n file could lead to an integer overflow in the \u0027imagetops\u0027 filter which \n caused an heap overflow later. \n This bug is probably exploitable remotely by users having remote access\n to the CUPS server and allows the execution of arbitrary code with the\n privileges of the cupsd process. (CVE-2009-0163)\n\n The second issue affects the JBIG2 decoding of the \u0027pdftops\u0027 filter. \n The JBIG2 decoding routines are vulnerable to various software failure\n types like integer and buffer overflows and it is believed to be exploit-\n able remotely to execute arbitrary code with the privileges of the cupsd\n process. \n (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799,\n CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182,\n CVE-2009-1183)\n\n2) Solution or Work-Around\n\n none\n\n3) Special Instructions and Notes\n\n none\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n Online Update (YOU) tool. YOU detects which updates are required and\n automatically performs the necessary steps to verify and install them. \n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.1:\n http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm\n http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm\n http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm\n http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm\n http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm\n http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm\n \n openSUSE 11.0:\n http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm\n http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm\n http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm\n http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm\n http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm\n http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm\n \n openSUSE 10.3:\n http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm\n http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm\n http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm\n http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm\n \n Power PC Platform:\n \n openSUSE 11.1:\n http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm\n http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm\n \n openSUSE 11.0:\n http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm\n http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm\n \n openSUSE 10.3:\n http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm\n http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm\n http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm\n http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm\n http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm\n \n x86-64 Platform:\n \n openSUSE 11.1:\n http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm\n http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm\n \n openSUSE 11.0:\n http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm\n http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm\n \n openSUSE 10.3:\n http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm\n http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm\n http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm\n http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm\n http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm\n \n Sources:\n \n openSUSE 11.1:\n http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm\n \n openSUSE 11.0:\n http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm\n \n openSUSE 10.3:\n http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n Open Enterprise Server\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=403675f837530f047eb825dcb7428cf3\n \n Novell Linux POS 9\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=403675f837530f047eb825dcb7428cf3\n \n Novell Linux Desktop 9\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=403675f837530f047eb825dcb7428cf3\n \n SUSE SLES 9\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=403675f837530f047eb825dcb7428cf3\n \n SUSE Linux Enterprise Server 10 SP2\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=a777264f13a7d9d882a7d024d831be1f\n \n SUSE Linux Enterprise Desktop 10 SP2\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=a777264f13a7d9d882a7d024d831be1f\n \n SLES 11\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=22d7a0746f9c204f5ecc1395385739f7\n \n SLED 11\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=22d7a0746f9c204f5ecc1395385739f7\n \n SLE 11\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=22d7a0746f9c204f5ecc1395385739f7\n \n SLES 11 DEBUGINFO\n http://download.novell.com/index.jsp?search=Search\u0026set_restricted=true\u0026keywords=22d7a0746f9c204f5ecc1395385739f7\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n none\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n\n =====================================================================\n SUSE\u0027s security contact is \u003csecurity@suse.com\u003e or \u003csecurity@suse.de\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSe8qrney5gA9JdPZAQI4aQf/e938Hr+O1QYi9y5cm9ycOcaFHWx0oZED\nyyOc4lUYZrb7qjmErPHfpoMR9c2XZlmESwKY0RZjddxe+vINDrOcMuI4nrp12ObP\nuYvSAAz3xgpXzVtW5B/90ihHJAqHAnwOsdO8adt6PtKCt7T2gMPuQV0RSz3BRy//\nqtBHDNyTBRPK7ex/YKUyQAbNENQUa3r9BaHpTHWjscfCoQch4Wz5hmLKv/n7eYdj\nCFetsr6zu3hn3isKD8EPTIMbkpaYBMxp53UnNiRmVRy0Gb7zlBz5ByYQaYY+YKf/\nOZ+ZHRTuDsNbAT03QtkvML3yqr3Yobb39DFa+cSsH2c9xTdwWdzSAg==\n=ZnS5\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. (CVE-2009-0165). (CVE-2009-0163)\n \n Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,\n as used in Poppler and other products, when running on Mac OS X,\n has unspecified impact, related to g*allocn. NOTE:\n the JBIG2Stream.cxx vector may overlap CVE-2009-1179. An\n attacker could create a malicious PDF file that would cause pdftops\n to crash or, potentially, execute arbitrary code as the lp user if\n the file was printed. (CVE-2009-3608, CVE-2009-3609)\n \n This update corrects the problems. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 5afef470fbd90b1ba91bb3c4ba83d3d9 2009.0/i586/acl-2.2.47-4.1mdv2009.0.i586.rpm\n f6c458ac101765b7be2b03983f5053e9 2009.0/i586/cups-1.3.10-0.2mdv2009.0.i586.rpm\n 57e96e7061b8f648555171a54f4de57d 2009.0/i586/cups-common-1.3.10-0.2mdv2009.0.i586.rpm\n 9ceeca29ea654b5941ce9dc119d77915 2009.0/i586/cups-serial-1.3.10-0.2mdv2009.0.i586.rpm\n 3de9be03b7c47725cecce48a981623ec 2009.0/i586/libacl1-2.2.47-4.1mdv2009.0.i586.rpm\n ad812a8c58c3d07c98262df1f3e3f45b 2009.0/i586/libacl-devel-2.2.47-4.1mdv2009.0.i586.rpm\n 6fddee7c9701335f4b6505ba1a125417 2009.0/i586/libcups2-1.3.10-0.2mdv2009.0.i586.rpm\n 668ee622e663fef6d458cfc08ac345a3 2009.0/i586/libcups2-devel-1.3.10-0.2mdv2009.0.i586.rpm\n f02791fa357fd1b11d627184fe6023f9 2009.0/i586/libpoppler3-0.8.7-2.3mdv2009.0.i586.rpm\n 237284c6152a84eb858256a347250e31 2009.0/i586/libpoppler-devel-0.8.7-2.3mdv2009.0.i586.rpm\n e6008cb60171a0f2ddbc76a394b87c4b 2009.0/i586/libpoppler-glib3-0.8.7-2.3mdv2009.0.i586.rpm\n 24755af7d9d2f4dee1c90fc592e9f576 2009.0/i586/libpoppler-glib-devel-0.8.7-2.3mdv2009.0.i586.rpm\n d7e9ced5a0d7056a27ef2ca3df50188a 2009.0/i586/libpoppler-qt2-0.8.7-2.3mdv2009.0.i586.rpm\n ddafea6d6ff4be8996d681b50e71360d 2009.0/i586/libpoppler-qt4-3-0.8.7-2.3mdv2009.0.i586.rpm\n 6debb46b2e51bb9abae8ae224f8db0f1 2009.0/i586/libpoppler-qt4-devel-0.8.7-2.3mdv2009.0.i586.rpm\n f0fbc61c0e1d631e97f22f6a4d278c70 2009.0/i586/libpoppler-qt-devel-0.8.7-2.3mdv2009.0.i586.rpm\n ca32c3f529c9a1e676ea8dacc3c6f888 2009.0/i586/php-cups-1.3.10-0.2mdv2009.0.i586.rpm\n ab5e168e0e4d8e473f45b7a44fb1c8f0 2009.0/i586/poppler-0.8.7-2.3mdv2009.0.i586.rpm \n 65c09a60591a58ae496b323e0e8fe86a 2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm\n 089453e069614cf9f4a9b0b81e93706e 2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm\n be5c0733d2cdd537ac1eea6c995a940f 2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n a76ac52d03f6f4dc3fe1506801e1e21b 2009.0/x86_64/acl-2.2.47-4.1mdv2009.0.x86_64.rpm\n 525c24a89bab12d3e15b51b4c97d1358 2009.0/x86_64/cups-1.3.10-0.2mdv2009.0.x86_64.rpm\n 3571d5eb4f123e668b5adf69e986372b 2009.0/x86_64/cups-common-1.3.10-0.2mdv2009.0.x86_64.rpm\n b39c9243e550ffc65de2237195bc26a4 2009.0/x86_64/cups-serial-1.3.10-0.2mdv2009.0.x86_64.rpm\n 2837588f649089d0821304b0805d340c 2009.0/x86_64/lib64acl1-2.2.47-4.1mdv2009.0.x86_64.rpm\n cdfca8cfad651d282f96d40fd75a4596 2009.0/x86_64/lib64acl-devel-2.2.47-4.1mdv2009.0.x86_64.rpm\n f6af0d4a008cfef6ee33d57e0d968833 2009.0/x86_64/lib64cups2-1.3.10-0.2mdv2009.0.x86_64.rpm\n 5b60fff9db65f33fef1e8b279d27297f 2009.0/x86_64/lib64cups2-devel-1.3.10-0.2mdv2009.0.x86_64.rpm\n aae343ba528a86feb7f4f4ea958e6830 2009.0/x86_64/lib64poppler3-0.8.7-2.3mdv2009.0.x86_64.rpm\n de8da0007d86c8331ab187f03f07f57b 2009.0/x86_64/lib64poppler-devel-0.8.7-2.3mdv2009.0.x86_64.rpm\n 3dde1055871d4ac1dad4a66017fd0b0a 2009.0/x86_64/lib64poppler-glib3-0.8.7-2.3mdv2009.0.x86_64.rpm\n 8ccbbd75f41f86c803eb9ccdca254d4c 2009.0/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdv2009.0.x86_64.rpm\n a1daabbf13cded9a785d62f088c76661 2009.0/x86_64/lib64poppler-qt2-0.8.7-2.3mdv2009.0.x86_64.rpm\n a2d283827fd14321ab42c8eda701b7f2 2009.0/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdv2009.0.x86_64.rpm\n 9e2f0f9b23c1365a0b1d49254aab3199 2009.0/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdv2009.0.x86_64.rpm\n bb32350e6a9ee7a7be1b3562ed1282fc 2009.0/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdv2009.0.x86_64.rpm\n cb750cc3313fdb7f045c85aa186735d5 2009.0/x86_64/php-cups-1.3.10-0.2mdv2009.0.x86_64.rpm\n 8882c7aef8572a7342db51dca0d0f444 2009.0/x86_64/poppler-0.8.7-2.3mdv2009.0.x86_64.rpm \n 65c09a60591a58ae496b323e0e8fe86a 2009.0/SRPMS/acl-2.2.47-4.1mdv2009.0.src.rpm\n 089453e069614cf9f4a9b0b81e93706e 2009.0/SRPMS/cups-1.3.10-0.2mdv2009.0.src.rpm\n be5c0733d2cdd537ac1eea6c995a940f 2009.0/SRPMS/poppler-0.8.7-2.3mdv2009.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 3d022011977e4a10551f4a56251ce5fa mes5/i586/acl-2.2.47-4.1mdvmes5.i586.rpm\n c29a689a2db186046756a9e5e2c0a8f3 mes5/i586/cups-1.3.10-0.2mdvmes5.i586.rpm\n 36e0bdd3bbf5e634b55d4694380c84dc mes5/i586/cups-common-1.3.10-0.2mdvmes5.i586.rpm\n 00c15febde2ad95d12d7635661d47945 mes5/i586/cups-serial-1.3.10-0.2mdvmes5.i586.rpm\n f4df21360fd911b246a12c1848e53581 mes5/i586/libacl1-2.2.47-4.1mdvmes5.i586.rpm\n 8aea7eac71eac4b9149d80b4218af3c2 mes5/i586/libacl-devel-2.2.47-4.1mdvmes5.i586.rpm\n 2e9611bb9cefdb97750fe45670996543 mes5/i586/libcups2-1.3.10-0.2mdvmes5.i586.rpm\n 1303d2339e5f85a9051385c6c1477e3b mes5/i586/libcups2-devel-1.3.10-0.2mdvmes5.i586.rpm\n 5ffb04e2aeb3d81c715d321ca7f6493d mes5/i586/libopenslp1-1.2.1-8.1mdvmes5.i586.rpm\n 5de6f8ac79499f879c2595c91233bbf3 mes5/i586/libopenslp1-devel-1.2.1-8.1mdvmes5.i586.rpm\n 8bb39d8ce2ad2d4709918445815208fc mes5/i586/libpoppler3-0.8.7-2.3mdvmes5.i586.rpm\n 0e8f25804f2159b90fdd8e7095131588 mes5/i586/libpoppler-devel-0.8.7-2.3mdvmes5.i586.rpm\n 9ebc1e0b9b3c82859d739493a858cae9 mes5/i586/libpoppler-glib3-0.8.7-2.3mdvmes5.i586.rpm\n 51e64a439af77b2312767f7d644a6a4f mes5/i586/libpoppler-glib-devel-0.8.7-2.3mdvmes5.i586.rpm\n 7c704efde4af7a2a210b5bccd2fedea2 mes5/i586/libpoppler-qt2-0.8.7-2.3mdvmes5.i586.rpm\n ebfbf333cc37cb01a069228b6f4239b9 mes5/i586/libpoppler-qt4-3-0.8.7-2.3mdvmes5.i586.rpm\n 308efdd8971843a2d2d62e5259deb313 mes5/i586/libpoppler-qt4-devel-0.8.7-2.3mdvmes5.i586.rpm\n b8ef53aed48f4495abbda78f967c6b03 mes5/i586/libpoppler-qt-devel-0.8.7-2.3mdvmes5.i586.rpm\n 41dbe03f2d9348e06e3ba8e3d1f26cc9 mes5/i586/openslp-1.2.1-8.1mdvmes5.i586.rpm\n 4a30887d3b5cfbe996f6216dfd2af9de mes5/i586/php-cups-1.3.10-0.2mdvmes5.i586.rpm\n e99f800df740a1104f2e55e454dba0e2 mes5/i586/poppler-0.8.7-2.3mdvmes5.i586.rpm \n 635e5f08f9bd9bcf938c7e6acc2bcd40 mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm\n 45443396fd1b86d7d305d203f058d4f6 mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm\n 3f7d68de39f4e1eed0c6095db6c69837 mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm\n 6b77ace4f59963baf78a0ba041070cfe mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 3d95d16026af177290e0cea353da380c mes5/x86_64/acl-2.2.47-4.1mdvmes5.x86_64.rpm\n cb71f3f8b76b599d72fa15930ead4194 mes5/x86_64/cups-1.3.10-0.2mdvmes5.x86_64.rpm\n c3580a98d4248e4746d1021800916675 mes5/x86_64/cups-common-1.3.10-0.2mdvmes5.x86_64.rpm\n 39c78f07835385585189c4c984eeb86c mes5/x86_64/cups-serial-1.3.10-0.2mdvmes5.x86_64.rpm\n b78b05598b1ddd50a0d5ffc1e63a9d5f mes5/x86_64/lib64acl1-2.2.47-4.1mdvmes5.x86_64.rpm\n 10eb04184447f9a76052a4c57d99f7ab mes5/x86_64/lib64acl-devel-2.2.47-4.1mdvmes5.x86_64.rpm\n 0696874c98c99972866e26d90ee38d6f mes5/x86_64/lib64cups2-1.3.10-0.2mdvmes5.x86_64.rpm\n 4bd0ea0f775617400ce40b1c4f957603 mes5/x86_64/lib64cups2-devel-1.3.10-0.2mdvmes5.x86_64.rpm\n 7e545a67886d3a94f173b84531694cca mes5/x86_64/lib64openslp1-1.2.1-8.1mdvmes5.x86_64.rpm\n a084b392e3db81f7f7ba9886dc745a67 mes5/x86_64/lib64openslp1-devel-1.2.1-8.1mdvmes5.x86_64.rpm\n a91173c222b22c42775e545bcd728a74 mes5/x86_64/lib64poppler3-0.8.7-2.3mdvmes5.x86_64.rpm\n 8b3196f11e5acded6268e8a3e5e2a855 mes5/x86_64/lib64poppler-devel-0.8.7-2.3mdvmes5.x86_64.rpm\n d805bec2817b0479c45aa54fe36a4c06 mes5/x86_64/lib64poppler-glib3-0.8.7-2.3mdvmes5.x86_64.rpm\n a5385b959453bfe0cd9f86083866dc18 mes5/x86_64/lib64poppler-glib-devel-0.8.7-2.3mdvmes5.x86_64.rpm\n 36bd4a56b2e0e681433f37bd06a10a81 mes5/x86_64/lib64poppler-qt2-0.8.7-2.3mdvmes5.x86_64.rpm\n 237b15170b5066ac55f8a8b4327b80bb mes5/x86_64/lib64poppler-qt4-3-0.8.7-2.3mdvmes5.x86_64.rpm\n 06c3a86abdac6e1eeda86f916fe06026 mes5/x86_64/lib64poppler-qt4-devel-0.8.7-2.3mdvmes5.x86_64.rpm\n b5b086ecfbe4629ef2ab3d2d5472d655 mes5/x86_64/lib64poppler-qt-devel-0.8.7-2.3mdvmes5.x86_64.rpm\n 790c7f128775137459a5d406ddc05c8b mes5/x86_64/openslp-1.2.1-8.1mdvmes5.x86_64.rpm\n f21671c76a063dfd784ef9afa363777e mes5/x86_64/php-cups-1.3.10-0.2mdvmes5.x86_64.rpm\n 39d5d335a1564962ac7868c53a2cb2a5 mes5/x86_64/poppler-0.8.7-2.3mdvmes5.x86_64.rpm \n 635e5f08f9bd9bcf938c7e6acc2bcd40 mes5/SRPMS/acl-2.2.47-4.1mdvmes5.src.rpm\n 45443396fd1b86d7d305d203f058d4f6 mes5/SRPMS/cups-1.3.10-0.2mdvmes5.src.rpm\n 3f7d68de39f4e1eed0c6095db6c69837 mes5/SRPMS/openslp-1.2.1-8.1mdvmes5.src.rpm\n 6b77ace4f59963baf78a0ba041070cfe mes5/SRPMS/poppler-0.8.7-2.3mdvmes5.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nBackground\n==========\n\nPoppler is a cross-platform PDF rendering library originally based on\nXpdf. Please review\nthe CVE identifiers referenced below for details. NOTE: some of these details\n are obtained from third party information (CVE-2010-0739). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200904-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: CUPS: Multiple vulnerabilities\n Date: April 23, 2009\n Bugs: #263070\n ID: 200904-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple errors in CUPS might allow for the remote execution of\narbitrary code or DNS rebinding attacks. \n\nBackground\n==========\n\nCUPS, the Common Unix Printing System, is a full-featured print server. \n\n* Aaron Siegel of Apple Product Security reported that the CUPS web\n interface does not verify the content of the \"Host\" HTTP header\n properly (CVE-2009-0164). \n\n* Braden Thomas and Drew Yao of Apple Product Security reported that\n CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,\n found earlier in xpdf and poppler. Furthermore, the web\ninterface could be used to conduct DNS rebinding attacks. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-print/cups-1.3.10\"\n\nReferences\n==========\n\n [ 1 ] CVE-2009-0146\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\n [ 2 ] CVE-2009-0147\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\n [ 3 ] CVE-2009-0163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\n [ 4 ] CVE-2009-0164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164\n [ 5 ] CVE-2009-0166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200904-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0146"
},
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"db": "PACKETSTORM",
"id": "76918"
},
{
"db": "PACKETSTORM",
"id": "82086"
},
{
"db": "PACKETSTORM",
"id": "82088"
},
{
"db": "PACKETSTORM",
"id": "77104"
},
{
"db": "PACKETSTORM",
"id": "82087"
},
{
"db": "PACKETSTORM",
"id": "123523"
},
{
"db": "PACKETSTORM",
"id": "89656"
},
{
"db": "PACKETSTORM",
"id": "77000"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/196617",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-37592",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "34568",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "34291",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2009-0146",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "34481",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35618",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34756",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35074",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35065",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35685",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34963",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35037",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35064",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34852",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34959",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34991",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "34755",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1621",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1066",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1297",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1040",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1077",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1065",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1022073",
"trust": 1.8
},
{
"db": "USCERT",
"id": "TA09-133A",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1022072",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#196617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "82087",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "76918",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "77104",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82088",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "77000",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "123523",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82086",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89656",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89072",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76751",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84482",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-37592",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-0146",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"db": "PACKETSTORM",
"id": "76918"
},
{
"db": "PACKETSTORM",
"id": "82086"
},
{
"db": "PACKETSTORM",
"id": "82088"
},
{
"db": "PACKETSTORM",
"id": "77104"
},
{
"db": "PACKETSTORM",
"id": "82087"
},
{
"db": "PACKETSTORM",
"id": "123523"
},
{
"db": "PACKETSTORM",
"id": "89656"
},
{
"db": "PACKETSTORM",
"id": "77000"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"id": "VAR-200904-0808",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37592"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:29:31.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: xpdf security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20090430 - Security Advisory"
},
{
"title": "Red Hat: Important: cups security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20090429 - Security Advisory"
},
{
"title": "Red Hat: Important: kdegraphics security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20090431 - Security Advisory"
},
{
"title": "Red Hat: Important: gpdf security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20090458 - Security Advisory"
},
{
"title": "Red Hat: Important: poppler security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20090480 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: poppler vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-759-1"
},
{
"title": "Ubuntu Security Notice: koffice vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-973-1"
},
{
"title": "Debian CVElist Bug Report Logs: xpdf: multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=773868e24bff06cb90f9c91803114d93"
},
{
"title": "Debian CVElist Bug Report Logs: poppler: multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1ea2bd34c90a7e17e7b2d6fe49c98e66"
},
{
"title": "Debian Security Advisories: DSA-1790-1 xpdf -- multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6375d8b8a733e9a6329048ef00e50271"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0146"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"trust": 2.6,
"url": "http://support.apple.com/kb/ht3549"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/34568"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"trust": 1.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html"
},
{
"trust": 1.8,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3639"
},
{
"trust": 1.8,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0059"
},
{
"trust": 1.8,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0061"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"trust": 1.8,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-july/msg00567.html"
},
{
"trust": 1.8,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-june/msg01277.html"
},
{
"trust": 1.8,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-june/msg01291.html"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:101"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:087"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9632"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2009-0429.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2009-0430.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2009-0431.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2009-0458.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2009-0480.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1022073"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34291"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34481"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34755"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34756"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34852"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34959"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34963"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/34991"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35037"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35064"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35065"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35074"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35618"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35685"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"trust": 0.8,
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00"
},
{
"trust": 0.8,
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch"
},
{
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-759-1"
},
{
"trust": 0.8,
"url": "http://blackberry.com/btsc/kb17953"
},
{
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2009-0429.html"
},
{
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2009-0431.html"
},
{
"trust": 0.8,
"url": "http://www.mandriva.com/en/security/advisories?name=mdvsa-2009:101"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/34291/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2009/apr/1022072.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu196617/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0146"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0166"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0147"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0147"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0166"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0146"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1180"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1179"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1182"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0799"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0165"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0163"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0800"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1181"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1183"
},
{
"trust": 0.5,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.5,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3608"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0163"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3609"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3608"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0195"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0791"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3609"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0791"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0165"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0949"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0949"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1181"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0800"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0799"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1180"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1183"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1182"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0195"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1179"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.578477"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2009:0430"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/759-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18199"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.novell.com/index.jsp?search=search\u0026set_restricted=true\u0026keywords=22d7a0746f9c204f5ecc1395385739f7"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.novell.com/index.jsp?search=search\u0026set_restricted=true\u0026keywords=403675f837530f047eb825dcb7428cf3"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.novell.com/index.jsp?search=search\u0026set_restricted=true\u0026keywords=a777264f13a7d9d882a7d024d831be1f"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0800"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3609"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0166"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1790"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3604"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2142"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3703"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3604"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1788"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3704"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0146"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0799"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3603"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3703"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0147"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0827"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0829"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1284"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0829"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0739"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0164"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"db": "PACKETSTORM",
"id": "76918"
},
{
"db": "PACKETSTORM",
"id": "82086"
},
{
"db": "PACKETSTORM",
"id": "82088"
},
{
"db": "PACKETSTORM",
"id": "77104"
},
{
"db": "PACKETSTORM",
"id": "82087"
},
{
"db": "PACKETSTORM",
"id": "123523"
},
{
"db": "PACKETSTORM",
"id": "89656"
},
{
"db": "PACKETSTORM",
"id": "77000"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#196617"
},
{
"db": "VULHUB",
"id": "VHN-37592"
},
{
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"db": "PACKETSTORM",
"id": "76918"
},
{
"db": "PACKETSTORM",
"id": "82086"
},
{
"db": "PACKETSTORM",
"id": "82088"
},
{
"db": "PACKETSTORM",
"id": "77104"
},
{
"db": "PACKETSTORM",
"id": "82087"
},
{
"db": "PACKETSTORM",
"id": "123523"
},
{
"db": "PACKETSTORM",
"id": "89656"
},
{
"db": "PACKETSTORM",
"id": "77000"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-16T00:00:00",
"db": "CERT/CC",
"id": "VU#196617"
},
{
"date": "2009-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-37592"
},
{
"date": "2009-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"date": "2009-04-22T21:36:03",
"db": "PACKETSTORM",
"id": "76918"
},
{
"date": "2009-10-21T02:32:05",
"db": "PACKETSTORM",
"id": "82086"
},
{
"date": "2009-10-21T03:01:09",
"db": "PACKETSTORM",
"id": "82088"
},
{
"date": "2009-04-29T19:11:04",
"db": "PACKETSTORM",
"id": "77104"
},
{
"date": "2009-10-21T02:57:54",
"db": "PACKETSTORM",
"id": "82087"
},
{
"date": "2013-10-07T22:31:57",
"db": "PACKETSTORM",
"id": "123523"
},
{
"date": "2010-05-19T04:25:31",
"db": "PACKETSTORM",
"id": "89656"
},
{
"date": "2009-04-28T00:22:34",
"db": "PACKETSTORM",
"id": "77000"
},
{
"date": "2009-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"date": "2009-04-23T17:30:01.547000",
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#196617"
},
{
"date": "2019-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-37592"
},
{
"date": "2019-03-06T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0146"
},
{
"date": "2019-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-441"
},
{
"date": "2019-03-06T16:30:38.330000",
"db": "NVD",
"id": "CVE-2009-0146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "77000"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#196617"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-441"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.