[ MDVSA-2008:051 ] - Updated cups packages fix vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2008:051 ] - Updated cups packages fix vulnerabilities
From: security@xxxxxxxxxxxx
Date: Tue, 26 Feb 2008 15:45:10 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: xsecurity@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:051
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : February 26, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw was found in how CUPS handled the addition and removal of
 remote printers via IPP that could allow a remote attacker to send
 a malicious IPP packet to the UDP port causing CUPS to crash.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 0a7d158dea287d3fb02d562e66144f55  2007.0/i586/cups-1.2.4-1.7mdv2007.0.i586.rpm
 0f89e8283a7765359bf587aa1a49d537  
2007.0/i586/cups-common-1.2.4-1.7mdv2007.0.i586.rpm
 80e246d3868f57bc052f9d0527161ed2  
2007.0/i586/cups-serial-1.2.4-1.7mdv2007.0.i586.rpm
 11e435c39845560d06451300cee0ff78  
2007.0/i586/libcups2-1.2.4-1.7mdv2007.0.i586.rpm
 82903c633dfe9b705976ac9cfea5fe13  
2007.0/i586/libcups2-devel-1.2.4-1.7mdv2007.0.i586.rpm
 f688f9d5d9c80a1c4081ba897bda3b31  
2007.0/i586/php-cups-1.2.4-1.7mdv2007.0.i586.rpm 
 9d8074c34c5471dd2ea7150747e9763d  2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 35030a4837fef0355a0353e552d56d45  
2007.0/x86_64/cups-1.2.4-1.7mdv2007.0.x86_64.rpm
 6f91d3f1c641e623549ad9d102037205  
2007.0/x86_64/cups-common-1.2.4-1.7mdv2007.0.x86_64.rpm
 5b974bae09a30c051fca184dbfc514a6  
2007.0/x86_64/cups-serial-1.2.4-1.7mdv2007.0.x86_64.rpm
 d6a2095673a0e3093303bb98c2251fb8  
2007.0/x86_64/lib64cups2-1.2.4-1.7mdv2007.0.x86_64.rpm
 d705ff9b705c54a3c842c25823c3c412  
2007.0/x86_64/lib64cups2-devel-1.2.4-1.7mdv2007.0.x86_64.rpm
 64424352ee5b03cc16d6318d47681602  
2007.0/x86_64/php-cups-1.2.4-1.7mdv2007.0.x86_64.rpm 
 9d8074c34c5471dd2ea7150747e9763d  2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 5105e804cdb43266919ef6a2d4d56172  2007.1/i586/cups-1.2.10-2.5mdv2007.1.i586.rpm
 bc59fa659d2a1198cb37e6a5e46147d7  
2007.1/i586/cups-common-1.2.10-2.5mdv2007.1.i586.rpm
 b42d2a433bf01becc833f1f052117451  
2007.1/i586/cups-serial-1.2.10-2.5mdv2007.1.i586.rpm
 ac1ab68a5b9d22eed8de1afcfc5244dc  
2007.1/i586/libcups2-1.2.10-2.5mdv2007.1.i586.rpm
 08523fd668fd17454873aa3f6b62b339  
2007.1/i586/libcups2-devel-1.2.10-2.5mdv2007.1.i586.rpm
 b0159435bf4e9cd5e69e7215bc936cfe  
2007.1/i586/php-cups-1.2.10-2.5mdv2007.1.i586.rpm 
 f57d2c24cf4c2566019e6457c15a4314  2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 104867d41e5732b04cc19c4cb9cb9ecc  
2007.1/x86_64/cups-1.2.10-2.5mdv2007.1.x86_64.rpm
 bc98f745c4fe6172926c7fae56421dbf  
2007.1/x86_64/cups-common-1.2.10-2.5mdv2007.1.x86_64.rpm
 75f5cf947fbdf830b4c4ab7a5ab39be3  
2007.1/x86_64/cups-serial-1.2.10-2.5mdv2007.1.x86_64.rpm
 b792523a1e6607731d428ee8ab750cdb  
2007.1/x86_64/lib64cups2-1.2.10-2.5mdv2007.1.x86_64.rpm
 7d359e84eb335e0e73a45c3425ba16c7  
2007.1/x86_64/lib64cups2-devel-1.2.10-2.5mdv2007.1.x86_64.rpm
 b1734f40a5a137d7b040e89f8f2c9cf4  
2007.1/x86_64/php-cups-1.2.10-2.5mdv2007.1.x86_64.rpm 
 f57d2c24cf4c2566019e6457c15a4314  2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 41c457c0abf00c4cd12c68206d1ef19d  2008.0/i586/cups-1.3.0-3.5mdv2008.0.i586.rpm
 527208039efbae8c688e17222375cd25  
2008.0/i586/cups-common-1.3.0-3.5mdv2008.0.i586.rpm
 77ff879a0416f557da2577e2cc0be520  
2008.0/i586/cups-serial-1.3.0-3.5mdv2008.0.i586.rpm
 f2e416902352f08a433fa3b42125f069  
2008.0/i586/libcups2-1.3.0-3.5mdv2008.0.i586.rpm
 464018750437eefcd27c64851dd3babf  
2008.0/i586/libcups2-devel-1.3.0-3.5mdv2008.0.i586.rpm
 51c51c2d372c97a3bd67ec20a6e8ab1f  
2008.0/i586/php-cups-1.3.0-3.5mdv2008.0.i586.rpm 
 59be42c190d902a00fff01c813933fab  2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 ae89deb6366ad290ffdad65c50536d05  
2008.0/x86_64/cups-1.3.0-3.5mdv2008.0.x86_64.rpm
 3dedafa2f472ce3ac5147cb55208b505  
2008.0/x86_64/cups-common-1.3.0-3.5mdv2008.0.x86_64.rpm
 ed1390e977087d00427082d74a982816  
2008.0/x86_64/cups-serial-1.3.0-3.5mdv2008.0.x86_64.rpm
 361afea801db6537a050e40c47e52f28  
2008.0/x86_64/lib64cups2-1.3.0-3.5mdv2008.0.x86_64.rpm
 7b2be918011c91cf5dc30a91ebe09ee4  
2008.0/x86_64/lib64cups2-devel-1.3.0-3.5mdv2008.0.x86_64.rpm
 1f5dd9fa07b8e29c36fae8a3003b5743  
2008.0/x86_64/php-cups-1.3.0-3.5mdv2008.0.x86_64.rpm 
 59be42c190d902a00fff01c813933fab  2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

 Corporate 4.0:
 bbee37ca52c8033ec89f3cc9205e0c05  
corporate/4.0/i586/cups-1.2.4-0.7.20060mlcs4.i586.rpm
 e72747799613a53d88cea13ac52c1a74  
corporate/4.0/i586/cups-common-1.2.4-0.7.20060mlcs4.i586.rpm
 548b48c8afa79a83971cb2adb20004a1  
corporate/4.0/i586/cups-serial-1.2.4-0.7.20060mlcs4.i586.rpm
 df20bcab65ba98cb2587270be4562b97  
corporate/4.0/i586/libcups2-1.2.4-0.7.20060mlcs4.i586.rpm
 108d380752eeccb01bd80f2d6a25479b  
corporate/4.0/i586/libcups2-devel-1.2.4-0.7.20060mlcs4.i586.rpm
 2194a57725880ab610799790575f62ed  
corporate/4.0/i586/php-cups-1.2.4-0.7.20060mlcs4.i586.rpm 
 e7131afcaa870e2f49d37224a7b6d6cf  
corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7e0ab06ae666103857342dbf5189d3ea  
corporate/4.0/x86_64/cups-1.2.4-0.7.20060mlcs4.x86_64.rpm
 e5f9340f4748c8ffa07c061444fb1bdf  
corporate/4.0/x86_64/cups-common-1.2.4-0.7.20060mlcs4.x86_64.rpm
 46089fc8f48fd08bca263967e5fcb21f  
corporate/4.0/x86_64/cups-serial-1.2.4-0.7.20060mlcs4.x86_64.rpm
 7fac230cf127e832c596f221524d2b8c  
corporate/4.0/x86_64/lib64cups2-1.2.4-0.7.20060mlcs4.x86_64.rpm
 cca789f65894cbf299b280c3962e7f65  
corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.7.20060mlcs4.x86_64.rpm
 4eaaaeb37968a80b704c175d5f3019ae  
corporate/4.0/x86_64/php-cups-1.2.4-0.7.20060mlcs4.x86_64.rpm 
 e7131afcaa870e2f49d37224a7b6d6cf  
corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHxGspmqjQ0CJFipgRAnf/AJ9PEVZ9dqHhbIf/l0ahyAI0X7TSFwCeNPN1
TjNDlFJ7JJuDeIoNPHdWbco=
=UfLp
-----END PGP SIGNATURE-----

Prev by Date: [ GLSA 200802-11 ] Asterisk: Multiple vulnerabilities
Next by Date: iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
Previous by thread: [ GLSA 200802-11 ] Asterisk: Multiple vulnerabilities
Next by thread: iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
Index(es):
- Date
- Thread