ID

VAR-200712-0433

CVE

CVE-2007-5849

TITLE

CUPS of SNMP Backend program for integer overflow vulnerability

DESCRIPTION

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. Apple Common Unix Printing System (CUPS) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability when CUPS processes SNMP requests containing malformed data, and remote attackers may exploit this vulnerability to control the server. There is a symbol error in the asn1_get_string() function in the backend/snmp.c file of CUPS. =========================================================== Ubuntu Security Notice USN-563-1 January 09, 2008 cupsys vulnerabilities CVE-2007-5849, CVE-2007-6358 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.6 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.2 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.2 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.diff.gz Size/MD5: 96854 c42f659f650a9c0d81bdb4f8ba7004bf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.dsc Size/MD5: 1049 01c4bd2466a668f82bc852b2658e3f24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.6_all.deb Size/MD5: 996 b0b0b7b1a5b04ac737c6c1c506bf0a1d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 36242 0d64ba11e2e59e2f089fdb40efed1565 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 81910 3f9240a0ac855620f13662ecd48224d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 2285594 073223e345043bfa56f5d173393cbbfe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 6094 dcb63118059086cdf2fe9f66eab3c9ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 75942 d4483bb658545cbedcafa65e9a6ee045 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 25746 39cf872611b0f62f54b38953374b1c01 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 128784 dbf0ce78d28f3a62d2ef67074a04facb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 34776 16593bfabe944044a1c0c87fd006111b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 77984 67af7dd120fda3fabd5bf1bcde0ecaa0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 2253134 7d5f6f3d3343cf0f4873042947c3265f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 6096 2b68e82e024d376d649cd3b3c14cf378 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 75008 b9b5873df6f6e12ca694404e0ae1397a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 25742 3d4a30e76a7ab05dddc49967c5af6206 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 121008 75fa970f801c819ca2e37f42ccda165a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 40466 e078800e5e94fa64a451cdbb8414acc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 89536 b9a20806c2b91bd7370686ea3b8588da http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 2300252 9252b6866259c84e63ee4dba67083ed8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 6096 4d677d45da127c45c81ce3889a9256a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 77702 2e05e968244b734744f1fce8ebfafb33 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 25752 9f7ba4ffc1c72e78047d983554e32512 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 126772 8246a4b5933201f0f247f30ab5a97944 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 35396 9193306b04ba1d9bcf0d22225cc839e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 78730 bce8c7563b87f3327a134c451364ce21 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 2286800 833891fe2b553542324e93bb306c9da4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 6098 700ed2ed4032bae2bc5f7ad1b0938f65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 74964 84b65d7d0127cc488d2aed110b7d9086 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 25740 fa32e9fe9c0d429a1159e41b07d5964f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 122514 1e818d01773b5bc86b9f56e8022d6863 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.diff.gz Size/MD5: 110832 2971bd952368028e975fd00a20ce501b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.dsc Size/MD5: 1059 e98ea8935c9ceed519d111d32e552586 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.2_all.deb Size/MD5: 869636 834405f963c7a9ce3b3d69f09e1805fe amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 36710 d6b14470183b492c8a0695ae3cf5820d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 82508 1f22c18ad0618cae8fd9b161debe997c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 1480116 da71d67953ad08e275d92429aff51456 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 6122 869caee45ed45ef339c86eb51a114920 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 95102 8f5848eddffc362517e4ff676f835973 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 26142 8ec6a04b1c0389911e1f1dc9e5377536 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 171840 f8215cbe5fe52dd32a598cbc7f27a8a1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 36264 c1ce097acea2435d13a0773986769641 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 80106 cbc3b76611aaece014e555a170dca185 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 1463248 4d326335153bdf16670b4d6b23309adb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 6122 f3ee8c280dffbcb1be2e30087818fc12 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 94910 b56efddf07944953ee6c93a357392ab5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 26140 062e3f1216765e325ed4bbc0dff04df5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 168962 ff967163df3e0c10338ebccecf816fa2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 41804 90c6b755b81eac7f64cffdc410781637 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 91146 93b16b2504ca56ca57ca562ccd109a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 1497758 d713cc8d5962474285cfcb8f4d5c9387 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 6126 61c3a759bc71ed557194b123ee547425 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 97286 e4da8af1c90ae24bd767317aa8cfcf4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 26138 fcd8753ebf0b695dea0375e713a85ea2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 172252 27806a56e06673bd3fe961f650939193 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 36282 2b0888242ed98acf5f8214598a191ac4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 80234 819d971ba0a287fc39f8ffe60a8dea46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 1488822 33280b196dd0f5e372c01f679fa6b92a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 6128 36f672bc145cc881f6ed0d501532c889 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 94144 b270ae4767e5a5a4f664686c688e4c83 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 26142 e951c05414d91657af1774951ff0b49c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 168272 9c24a04995a400f1c868398d14b31740 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.diff.gz Size/MD5: 155988 d5eeee8bb5b1be8f20732ddc15a146b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.dsc Size/MD5: 1143 0669aaa760ed047edc4f9a942882f01d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.2_all.deb Size/MD5: 925994 663b23d61cc43e14a45a4079a1b53d14 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 37404 c857fcb86cf6fbc5a1fe7dcb93bcfc9c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 83234 cb15baea3370ad40ad903ecdd5c2a150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 1638028 f9e0e6d0ab30836134b18e68f515aa24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 56372 45a35748bebb147b1ece7fc2318fe5d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 103904 3ec48e9e35555d39718da7dfa12296e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 144844 d7a36d83f016f81978d77334df958abe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 181906 504d933b448fea5199083007de9def13 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 36728 a9d95dd94c95b39fba113bad0ba83d31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 80756 002c4adb90d4aeb46f22cf043c2a3c5d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 1620614 dfd8630f8aa3bfc7a3603ab89376bbdc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 55450 15f5048b3543a2506d1b65937c145c10 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 103602 621c142a15a018a53fb4e1c731dd6273 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 139324 45c10a2df595a6e2d911e2ff3ab4a405 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 178200 41745eaf4b7e638c6294c0c7d272e91b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 46770 7b7c32c212787825b4c8ce5f23f11e9f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 101104 8a64784b5b11dbd2633de705b6803702 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 1695072 a9a974ada7cab231ed81c03a91ddc6fa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 56224 859a93733a404b6336815740c704cb31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 109462 b57a9c49d5a186cb0a90ceff60fe3e0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 141176 03a25641a1d1f0cc3daaff277fc9a1fe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 187796 4f7930d31e79c8e80c3002305f628abb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 37776 4b82dbd83e2d0ab3b8a37a1819df2be0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 83754 ca7d3f04b938edf84d4495ee28401947 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 1658640 516e63f4be8670977ede42a5931f84d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 54742 c393dd034b59bdb312caa88e6e5a2518 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 103154 cca146d09d3d96060aae19ed28c9bad0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 141756 8ac1af17f52affe05290eda3f632a5c2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 177460 7a2e8e00865878da7823113b9c82fe96 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.diff.gz Size/MD5: 123551 3081910dc48c0bf26861c418898424e5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.dsc Size/MD5: 1218 31f9a51331fdef642f68181a96e48b90 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.3_all.deb Size/MD5: 1080422 55bbe3cc2879bf863ea481de00a87d38 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 37090 c208eccfeb8c01c9c9cf69d533e48875 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 89264 d75e34c37e473f37049e9b8d56da85f9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 2033330 19317bd0287cd2ffb107a79cb10221b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 59894 669b27a09c281c6627ac6f90cdaa9d6c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 46744 3bf6625d4362c0b737f8092a5ce5d8f2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 152012 918fb853dabc5e4f9b01d141a700cdd6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 185064 9ba4383cca2c676c115f0896c4d3f7ac i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 36386 a9cc51dd1d0bfb023a1723094b5dc8fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 86266 a5a5f183b0072355dc7f6d7da0cc6150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 2016958 1a403efd5824fdd4aabc01d6fd4be80d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 58630 05c449135359e5dff074bb09d35ab993 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 46096 190e2a501bcc471b47b19c0fab1e6faf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 145700 6bace8671d4aabfb12981f35bf90e3fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 181864 48bdde0f8e4419ed820aad223f04a78e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 46396 d418a342f7bcc3c62a00b6aaa91f6a55 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 107534 b5021ac12d34feaa894822833a80f96c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 2098076 ce2bbaac830121b2e332e1d6be7f2812 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 59338 a2e1ed47fc41b154279fa991d1b83b63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 51684 5dc5292ba6c5957c6906a1ec10425389 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 146958 ca1a231a2fead08a3a291a98016ad164 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 190810 df39b95fd46271a4102fa86991687d87 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 37476 ad024b3c304fddd547f73533c2af353e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 89402 d43d4d7730511ae01ada631e49a33386 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 2059212 5d8c784938e35c99434a9aeec756c7f0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 57890 c16d91ecc08a9f644a4702694f061948 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 45426 9b43f0207dc35329c6b68a00f9470b27 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 148480 6475be7a82a097f3d1e650f2e1b34e4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 180882 aa0f56882aee8a313019fd9806cb96e2 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 18, 2007 Bugs: #199195, #201042, #201570 ID: 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Background ========== CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). A local attacker could exploit the second vulnerability to overwrite arbitrary files with the privileges of the user running the CUPS spooler (usually lp) by using symlink attacks. A remote attacker could cause a Denial of Service condition via the third vulnerability when SSL is enabled in CUPS. Workaround ========== To disable SNMP support in CUPS, you have have to manually delete the file "/usr/libexec/cups/backend/snmp". Please note that the file is reinstalled if you merge CUPS again later. To disable the pdftops filter, delete all lines referencing "pdftops" in CUPS' "mime.convs" configuration file. To work around the third vulnerability, disable SSL support via the corresponding USE flag. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4" References ========== [ 1 ] CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 [ 2 ] CVE-2007-5849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 [ 3 ] CVE-2007-6358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358 [ 4 ] GLSA 200703-28 http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200712-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1437-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 26, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5849 CVE-2007-6358 Several local vulnerabilities have been discovered in the Common UNIX Printing System. This vulnerability is not exploitable in the default configuration. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch2. The old stable distribution (sarge) is not affected by CVE-2007-5849. The other issue doesn't warrant an update on it's own and has been postponed. For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1. We recommend that you upgrade your cupsys packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHclSzXm3vHE4uyloRAqN4AJ446Cy9X2qGSIJqCKirOI2pWmEseACgygi1 mLr61xygMrJtafqG+L6vzQw= =Kaoc -----END PGP SIGNATURE----- . The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: e7b60799c6564dab2fac51c4f141dbe5 2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm 4c32071aad3f9098ea2dd2f9a1b7cd49 2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm 63d9a864863267cf2f4fddc02e095e06 2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm 1f4920904c759ce0e9abb3bbc8cdd594 2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm b1ec7aa06c2be308ff9c2a63da1c7731 2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm f383e8d9d10ca981e447dd6a01ee851d 2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b7553d0c3fbc26b3701b141c9b83d4f3 2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm 4a38d3105789f691876915a408b14238 2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm 66f5f00ec62eda88ad3bcc4a7c1bb9f8 2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm 8cb823e9208e3318df6856d6f604e915 2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm 87a2ecc7dea1d4df9dc375aaa08706df 2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm 80f26c35b1a9df435722fda1cbbf73a3 2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.1: 211c3ad187609d5b780ff3fa5b49e444 2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm 7d40f786123cf00358798508bb62d3d3 2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm 0e5804893b2a9246b0e868c31b32b06b 2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm 338d3dec619d84e87f51bd7cfd16d8d2 2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm 8db18206adc7d5e06791544156b055b3 2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm 62132f4112ac2b0a2d12774d29bec0cb 2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8c149f4c10733c9a9111160ae59ad925 2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4b1daf55b41af95a1cd84bebe942d560 2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm 5c5ca12c2c1acc4d4dbabdd1a724c6b6 2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm c3b6080be7e3f4705a8a2a49bcffd444 2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm e0b59e5053778c2ffa2f54e0b45d2d39 2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm f55015ed699bf755c426f543c1663c68 2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2008.0: 5e6c08849a88b069afaa97a41e9e960e 2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm 9572d60e8afebae8af024b1fe7209fb3 2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm 3f289e765d786c9e10ea5cfc21f73f6b 2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm c0fd3de781ef4d6ed0f9e13cae53d883 2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm 610b6e72c3c11c6015f8177701156351 2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm fb6ef9cab451a3133be7f76ba840b012 2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 402aea771b06142b45b722bff80f091e 2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm f2455232cc2a9573ecec47ef56cdc597 2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm 37a5555a41d6fb417b21939c805664f2 2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm ce9c705103f3818d9c5795c9870fe8ff 2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm 69cbe40728e22cc75aec77357f1afd05 2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm 383988eb5c94bb74024fdf374cb3b2be 2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Corporate 3.0: 22d8969d906321fbee18c2bbc85588d3 corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm 36304afe8bedfa972b100864a155c631 corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm c769d1450268709318ca831aa61fb0e1 corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm add323f4e6d19502d1784d8170b56158 corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm 1795159898f7d56792ccb5d2fa94f01d corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 3.0/X86_64: 4cc49531ae7c6e30a6119a96fd6e2be7 corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm d99c41a39764138480fd0498fc08dc86 corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm 1217f6489b62f4f97272266a36ad1dcf corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm 37b559193f8165d5fb94f3dfb0a17002 corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm 29f3155a705199ddc18d4f07151ee0e5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 4.0: 2ff282c107a464893dceecd702a49fbb corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm d40e3334925c3dfeb4cf69c9a81279da corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm c0cd1b083354931223532a3f66708796 corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm 2cbac22995a55e1f2a2775c9b2f993ef corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm 6e2f4b34178fea2cf9fbc6d2ef23bb10 corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm 7013f9f6c6820f411bbece64eef74338 corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5b7647d72d7c6717fc66511d99dfb85d corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm 4e2885508967804e2036312408b887a6 corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm c2c7dcc9fe085e0763bfdb492fb75efc corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm 8638a23ea946526c960840507933c835 corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm 856b172bc91bbd802a821a775d45b6c9 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm f97300e6f09ef8b08d1a0563a5c324f1 corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9 nEhVEeHY+sACGciJMKbk5+I= =Qgcw -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Gentoo update for cups SECUNIA ADVISORY ID: SA24660 VERIFY ADVISORY: http://secunia.com/advisories/24660/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for cups. For more information: SA24517 SOLUTION: Update to "net-print/cups-1.2.9" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml OTHER REFERENCES: SA24517: http://secunia.com/advisories/24517/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Wei Wang wei_wang@mcafee.com

SOURCES

LAST UPDATE DATE

2024-11-23T20:13:55.327000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE