<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:036 ] - Updated CUPS packages fix SNMP vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:036
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : February 6, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Wei Wang found that the SNMP discovery backend in CUPS did not
 correctly calculate the length of strings.  If a user could be tricked
 into scanning for printers, a remote attacker could send a specially
 crafted packet and possibly execute arbitrary code (CVE-2007-5849).
 
 As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another
 denial of service regression within SSL handling (CVE-2007-4045).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e7b60799c6564dab2fac51c4f141dbe5  2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm
 4c32071aad3f9098ea2dd2f9a1b7cd49  
2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm
 63d9a864863267cf2f4fddc02e095e06  
2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm
 1f4920904c759ce0e9abb3bbc8cdd594  
2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm
 b1ec7aa06c2be308ff9c2a63da1c7731  
2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm
 f383e8d9d10ca981e447dd6a01ee851d  
2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm 
 f79a5dfe12eb0645f787ad1112c21df6  2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 b7553d0c3fbc26b3701b141c9b83d4f3  
2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm
 4a38d3105789f691876915a408b14238  
2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm
 66f5f00ec62eda88ad3bcc4a7c1bb9f8  
2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm
 8cb823e9208e3318df6856d6f604e915  
2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm
 87a2ecc7dea1d4df9dc375aaa08706df  
2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm
 80f26c35b1a9df435722fda1cbbf73a3  
2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm 
 f79a5dfe12eb0645f787ad1112c21df6  2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 211c3ad187609d5b780ff3fa5b49e444  2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm
 7d40f786123cf00358798508bb62d3d3  
2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm
 0e5804893b2a9246b0e868c31b32b06b  
2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm
 338d3dec619d84e87f51bd7cfd16d8d2  
2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm
 8db18206adc7d5e06791544156b055b3  
2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm
 62132f4112ac2b0a2d12774d29bec0cb  
2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm 
 4ba57d3741a92f13208328191a9a1778  2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8c149f4c10733c9a9111160ae59ad925  
2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm
 4b1daf55b41af95a1cd84bebe942d560  
2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm
 5c5ca12c2c1acc4d4dbabdd1a724c6b6  
2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm
 c3b6080be7e3f4705a8a2a49bcffd444  
2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm
 e0b59e5053778c2ffa2f54e0b45d2d39  
2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm
 f55015ed699bf755c426f543c1663c68  
2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm 
 4ba57d3741a92f13208328191a9a1778  2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 5e6c08849a88b069afaa97a41e9e960e  2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm
 9572d60e8afebae8af024b1fe7209fb3  
2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm
 3f289e765d786c9e10ea5cfc21f73f6b  
2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm
 c0fd3de781ef4d6ed0f9e13cae53d883  
2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm
 610b6e72c3c11c6015f8177701156351  
2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm
 fb6ef9cab451a3133be7f76ba840b012  
2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm 
 188a7ec8777c3b4b31750580117a870e  2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 402aea771b06142b45b722bff80f091e  
2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm
 f2455232cc2a9573ecec47ef56cdc597  
2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm
 37a5555a41d6fb417b21939c805664f2  
2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm
 ce9c705103f3818d9c5795c9870fe8ff  
2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm
 69cbe40728e22cc75aec77357f1afd05  
2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm
 383988eb5c94bb74024fdf374cb3b2be  
2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm 
 188a7ec8777c3b4b31750580117a870e  2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm

 Corporate 3.0:
 22d8969d906321fbee18c2bbc85588d3  
corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm
 36304afe8bedfa972b100864a155c631  
corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm
 c769d1450268709318ca831aa61fb0e1  
corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm
 add323f4e6d19502d1784d8170b56158  
corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm
 1795159898f7d56792ccb5d2fa94f01d  
corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm 
 862992a50ff8f3311bc1e6a57e916f44  
corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4cc49531ae7c6e30a6119a96fd6e2be7  
corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm
 d99c41a39764138480fd0498fc08dc86  
corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm
 1217f6489b62f4f97272266a36ad1dcf  
corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm
 37b559193f8165d5fb94f3dfb0a17002  
corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm
 29f3155a705199ddc18d4f07151ee0e5  
corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm 
 862992a50ff8f3311bc1e6a57e916f44  
corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm

 Corporate 4.0:
 2ff282c107a464893dceecd702a49fbb  
corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm
 d40e3334925c3dfeb4cf69c9a81279da  
corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm
 c0cd1b083354931223532a3f66708796  
corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm
 2cbac22995a55e1f2a2775c9b2f993ef  
corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm
 6e2f4b34178fea2cf9fbc6d2ef23bb10  
corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm
 7013f9f6c6820f411bbece64eef74338  
corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm 
 af983d1c74680e800bdc2cf9190a64d3  
corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5b7647d72d7c6717fc66511d99dfb85d  
corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
 4e2885508967804e2036312408b887a6  
corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm
 c2c7dcc9fe085e0763bfdb492fb75efc  
corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm
 8638a23ea946526c960840507933c835  
corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm
 856b172bc91bbd802a821a775d45b6c9  
corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm
 f97300e6f09ef8b08d1a0563a5c324f1  
corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm 
 af983d1c74680e800bdc2cf9190a64d3  
corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9
nEhVEeHY+sACGciJMKbk5+I=
=Qgcw
-----END PGP SIGNATURE-----