lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1C7d4V-000onXC__23497.8533968844$1095277522$gmane$org@finlandia.Infodrom.North.DE>
Date: Wed, 15 Sep 2004 18:55:55 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 545-1] New cupsys packages fix denial of service


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 545-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
September 15th, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0558

Alvaro Martinez Echevarria discovered a problem in CUPS, the Common
UNIX Printing System.  An attacker can easily disable browsing in CUPS
by sending a specially crafted UDP datagram to port 631 where cupsd is
running.

For the stable distribution (woody) this problem has been fixed in
version 1.1.14-5woody6.

For the unstable distribution (sid) this problem has been fixed in
version cupsys_1.1.20final+rc1-6.

We recommend that you upgrade your cups packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.dsc
      Size/MD5 checksum:      710 a07b12e56c064cc392408b4cd35297ec
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.diff.gz
      Size/MD5 checksum:    37466 a3a4e41f61264d96f454e90ba4b5f1b2
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
      Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:  1899360 f215d659dec85338570effe22d1ed2d6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:    74074 0768333965c953b7b4c4e753e5faf1f0
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:    92724 1cfaeb0a068ee8b746354c4c70a17241
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:  2445566 ffd962bb1528991357378aa3687723c0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:   137730 90376f68cf54ad34612d5684bccf22b3
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_alpha.deb
      Size/MD5 checksum:   180676 34a42174524a51bcd4f47f1d7fa8144f

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:  1821354 9075d071f37fc9f12c7c2e198bc4d11d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:    68208 3ef56fd8fa630f466135c031a7a92242
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:    85392 d7b701513b6625243a959a0fc642f500
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:  2345556 0adb9cd8ec0545e78a2b6e22ae6da85f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:   112704 b8015d9c950665b0c7e20473f5a5dded
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_arm.deb
      Size/MD5 checksum:   150136 a85d1577cccfa88d18eb3cc9925b158c

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:  1788040 ad9376585f934dd43ddd14a0efa24e38
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:    67712 f661bca82a2c3041ba8c264902d71da9
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:    83866 5650f15f66e3b4b1f7eb28d531be6655
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:  2311690 ade7b27e7a5ac5b447ea86d2a0f7da0b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:   110720 26daaa4bda276fc01ad1dec18a9e6246
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_i386.deb
      Size/MD5 checksum:   136290 89cdd3c3040084ddca0957cb358e7ee2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:  2007500 78ffbb37d23cc9a17b6d4f69a4ede6d2
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:    77106 2ec1eb32c757b287e7968fcd29e5f4f1
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:    96862 59534ee68008b087f7898569eecba0d6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:  2656502 6f4963047d424a11b1a753fa7f964e4e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:   155700 d014b6fa8a66598ac561ce3976f920a3
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_ia64.deb
      Size/MD5 checksum:   182670 bb59c120ec4da8bb805d76787a6649e4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:  1881226 fb118c844cfdb7f6dd9e8f0112c5aa93
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:    70512 4e989a1423e889292f12d3e224606516
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:    89532 e600d34e6f5899fea345ac3c6c583ff6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:  2455674 bf2076d60f3ff5275652a0e9c0c39264
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:   126338 a976066dd66a391db93ca10b26175a9d
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_hppa.deb
      Size/MD5 checksum:   159268 cbf07f66309b72985528a509a4deab73

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:  1754648 5c2029510c1fa709c47e7ff46d8de814
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:    65992 0cd2e5053aa6a299abe2d7afb6bfc2fb
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:    81098 7c19ade6475957b7b718380f8a58ee73
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:  2261102 3031b40b3d90f1b6a6a80c2b626013c5
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:   105946 79faaf339c0982baaba6848d736ac2fc
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_m68k.deb
      Size/MD5 checksum:   128508 304b48deb19c4975a39baf68d4108cfe

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:  1811166 63316c5c5216aaa4ff28962b479c374f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:    67630 323139073dce81bf159f41830023ccc6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:    81064 7c4feb7d5d27abe2688903eac8c22a79
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:  2404372 0db437ad25beaa39224f5466a704bb49
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:   112498 6fd8048438c21e99ebff7eb7ea6af835
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mips.deb
      Size/MD5 checksum:   150964 466cb076e1d06e1032143675171d4986

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:  1811650 7da825f32fb70cdb41a3f30da4f34e71
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:    67602 4571b05b1a7b6a1d3a0d8dbedc071c5c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:    81084 aba46d5e79fb1feb7808b864d4415a56
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:  2406732 d7c7674cb01f7dcaae94c30035a2395b
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:   112284 042425fa79583bd196a39bd18023c578
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mipsel.deb
      Size/MD5 checksum:   150744 91bb5b8993e1a1a7616d44e31ab6f7c8

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:  1800042 6bbbb0187ffa85235f79102fc57c14bb
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:    67616 f93ce6c4ff46c8ba0b0a9a23d7d0ae63
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:    83186 57dce89627c85210935171ae87a342ad
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:  2359516 cb59819be590ef13a3e2992b2cc45859
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:   116502 1b65cba959b9d238c12ae97f38617de0
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_powerpc.deb
      Size/MD5 checksum:   144954 c993a822fdcfbe1b8f7378c5af76b015

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:  1795432 bd0bac0bf25153570378024d0f8d3ba7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:    68996 e8a7d3f58145a295eb0d48940552269f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:    85726 d751455c2423b4ec6725fbdfac2b6204
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:  2337350 cd84ea419933e75ecba143cf704c96ca
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:   115024 5e88baead30a2b62355049fa62f72ff9
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_s390.deb
      Size/MD5 checksum:   140560 ca6c5e78433107fea3a0c78000a1a4eb

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:  1844846 a537c47a07f07eb40e37b5cb5a93e33c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:    70580 04163ae6f92eb9494a6778659f520d8d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:    84012 eb292bf575b623e1b98a33e01db6f0d6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:  2354384 d103635563e4a36830a91f46340fd14f
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:   120182 3e52cd974f9e51bc3013b565cf12ef35
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_sparc.deb
      Size/MD5 checksum:   146496 8ee6bbaa97c04825178bfe7e7504bc4b



  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBSHQbW5ql+IAeqTIRAqMfAJ9cUbj5sT8BPFP0SBQZAt8Mxqjm5gCgh2Yh
Tnp9twUBNSA5agvnNMXYnE4=
=CVAg
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ