<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:050
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : February 26, 2008
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Dave Camp at Critical Path Software discovered a buffer overflow
 in CUPS 1.1.23 and earlier could allow local admin users to execute
 arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848).
 
 The Red Hat Security Team also found two flaws in CUPS 1.1.x where
 a malicious user on the local subnet could send a set of carefully
 crafted IPP packets to the UDP port in such a way as to cause CUPS
 to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash
 (CVE-2008-0596).
 
 Finally, another flaw was found in how CUPS handled the addition and
 removal of remote printers via IPP that could allow a remote attacker
 to send a malicious IPP packet to the UDP port causing CUPS to crash
 (CVE-2008-0882).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 71c1bd1c9099440da3e9afcfe4636525  
corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm
 a73fba38dbcf62fd4c64590e5d754126  
corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm
 60b6e82788d5b0c51f68b0db44e31240  
corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm
 419d078e2df1396531c23cbbf2f2785d  
corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm
 064e5b42b27c90602bf8e7c47200bef8  
corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm 
 5c363b9a8573a4ae3da5e654da34bae5  
corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c33aff1c5bab9bce22f7a018f2fbfe7d  
corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm
 ba1cba41b479e332e8d43652af86756d  
corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm
 211561645f6743343a0a9189ecd8e24e  
corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm
 d1cb2198f9b73cfb5d2ae3d69bacf12c  
corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm
 104350956cda23c2e2f5bb05a22df9c7  
corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm 
 5c363b9a8573a4ae3da5e654da34bae5  
corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHxGl7mqjQ0CJFipgRAgVuAJ9rJyJ0ysTKDyXgzUhz1Yl5SEP38wCg9SSt
G00zNYjRErOH1eJ5lnnUNVs=
=sKtb
-----END PGP SIGNATURE-----