lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1EHlAK-0002zX-9m@mercury.mandriva.com>
Date: Tue, 20 Sep 2005 10:40:20 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:165 - Updated cups packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           cups
 Advisory ID:            MDKSA-2005:165
 Date:                   September 15th, 2005

 Affected versions:	 10.0, Corporate 3.0, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in CUPS would treat a Location directive in cupsd.conf
 as case-sensitive, allowing attackers to bypass intended ACLs via a
 printer name containing uppercase or lowecase letters that are
 different from that which was specified in the Location directive.
 This issue only affects versions of CUPS prior to 1.1.21rc1.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 57949999ec0803d9b3950ae663371c2e  10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm
 ce7f1071f6c62590a1b6871ab9b17816  10.0/RPMS/cups-common-1.1.20-5.9.100mdk.i586.rpm
 f8271f099e17e7fc2a8b8d3707fe4611  10.0/RPMS/cups-serial-1.1.20-5.9.100mdk.i586.rpm
 8d0e92e091f01dbfa43c80abc1e5521b  10.0/RPMS/libcups2-1.1.20-5.9.100mdk.i586.rpm
 4b7e237ef3ba38546873231937eeaf14  10.0/RPMS/libcups2-devel-1.1.20-5.9.100mdk.i586.rpm
 02f0085442de9f53ed52c53372921c54  10.0/SRPMS/cups-1.1.20-5.9.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 c741e915ab4478906c4c0c9975a28199  amd64/10.0/RPMS/cups-1.1.20-5.9.100mdk.amd64.rpm
 844f1025e5689bfa1270b46b18092604  amd64/10.0/RPMS/cups-common-1.1.20-5.9.100mdk.amd64.rpm
 519d6d527ff35b8589c22a77d01bb89c  amd64/10.0/RPMS/cups-serial-1.1.20-5.9.100mdk.amd64.rpm
 1409f88c2e6c6b64d2bc98054ba88c56  amd64/10.0/RPMS/lib64cups2-1.1.20-5.9.100mdk.amd64.rpm
 49478b1e66b17ed734036f0699a73ace  amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.9.100mdk.amd64.rpm
 8d0e92e091f01dbfa43c80abc1e5521b  amd64/10.0/RPMS/libcups2-1.1.20-5.9.100mdk.i586.rpm
 02f0085442de9f53ed52c53372921c54  amd64/10.0/SRPMS/cups-1.1.20-5.9.100mdk.src.rpm

 Corporate Server 2.1:
 b382582f3c83bab30c115774033543c6  corporate/2.1/RPMS/cups-1.1.18-2.11.C21mdk.i586.rpm
 29c884dd71f8422db48e7d3831eeccb8  corporate/2.1/RPMS/cups-common-1.1.18-2.11.C21mdk.i586.rpm
 22b2e3c9e34671ba4c84ec368c0219cb  corporate/2.1/RPMS/cups-serial-1.1.18-2.11.C21mdk.i586.rpm
 cdc9ca097da2cccf3c67cfe1a7e7d4ec  corporate/2.1/RPMS/libcups1-1.1.18-2.11.C21mdk.i586.rpm
 7e628218d90f639d24476cb635a64922  corporate/2.1/RPMS/libcups1-devel-1.1.18-2.11.C21mdk.i586.rpm
 7be4ece8ab5cba50791771a9065c78ed  corporate/2.1/SRPMS/cups-1.1.18-2.11.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 8ebafcbc57a13198165a79082be2a78d  x86_64/corporate/2.1/RPMS/cups-1.1.18-2.11.C21mdk.x86_64.rpm
 56d85e620b01894f34660eba96d9ee40  x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.11.C21mdk.x86_64.rpm
 8a7fa44f47379d778a1657e5497c34b6  x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.11.C21mdk.x86_64.rpm
 8e9b8d6c247e091bd8dc38e1733f9c2f  x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.11.C21mdk.x86_64.rpm
 45cfd7747e040cee340fec0edf37be0d  x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.11.C21mdk.x86_64.rpm
 7be4ece8ab5cba50791771a9065c78ed  x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.11.C21mdk.src.rpm

 Corporate 3.0:
 c0c6fa6731a99d3941ff0a2538b83d2c  corporate/3.0/RPMS/cups-1.1.20-5.9.C30mdk.i586.rpm
 ad7e66e80f1336beeaef65678dcd06c1  corporate/3.0/RPMS/cups-common-1.1.20-5.9.C30mdk.i586.rpm
 715af6b604429210810cb1fcb2d88b11  corporate/3.0/RPMS/cups-serial-1.1.20-5.9.C30mdk.i586.rpm
 36d71921d656bb291dfd129d63a2519a  corporate/3.0/RPMS/libcups2-1.1.20-5.9.C30mdk.i586.rpm
 a06251d040e615159758b548ee5da785  corporate/3.0/RPMS/libcups2-devel-1.1.20-5.9.C30mdk.i586.rpm
 7c02299537a6646f6664fc8253895d03  corporate/3.0/SRPMS/cups-1.1.20-5.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 7fd22a6928fcdce24fda3e8de71cf39a  x86_64/corporate/3.0/RPMS/cups-1.1.20-5.9.C30mdk.x86_64.rpm
 bb37ebd7097e663304baac02e394292a  x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.9.C30mdk.x86_64.rpm
 7c79a96dcbae50e6e0b27eb43fa249eb  x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.9.C30mdk.x86_64.rpm
 d013b48caa5339b855ec33d19bdb21db  x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.9.C30mdk.x86_64.rpm
 10a98e8e62085460bec857e516b7c577  x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.9.C30mdk.x86_64.rpm
 36d71921d656bb291dfd129d63a2519a  x86_64/corporate/3.0/RPMS/libcups2-1.1.20-5.9.C30mdk.i586.rpm
 7c02299537a6646f6664fc8253895d03  x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.9.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDMDt0mqjQ0CJFipgRAvtJAKC6udC6bEZqfHCT/noECHqUCQ8k/gCfV2jb
Cjs7UW5/MI0n/H3/xewhT58=
=A8ev
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ