lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 16 Nov 2010 00:35:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:232 ] cups

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:232
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : November 15, 2010
 Affected: 2009.0, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in cups:
 
 Cross-site request forgery (CSRF) vulnerability in the web interface
 in CUPS, allows remote attackers to hijack the authentication of
 administrators for requests that change settings (CVE-2010-0540).
 
 The _WriteProlog function in texttops.c in texttops in the Text Filter
 subsystem in CUPS before 1.4.4 does not check the return values
 of certain calloc calls, which allows remote attackers to cause a
 denial of service (NULL pointer dereference or heap memory corruption)
 or possibly execute arbitrary code via a crafted file (CVE-2010-0542).
 
 The web interface in CUPS, reads uninitialized memory during handling
 of form variables, which allows context-dependent attackers to obtain
 sensitive information from cupsd process memory via unspecified vectors
 (CVE-2010-1748).
 
 The cupsFileOpen function in CUPS before 1.4.4 allows local users,
 with lp group membership, to overwrite arbitrary files via a
 symlink attack on the (1) /var/cache/cups/remote.cache or (2)
 /var/cache/cups/job.cache file (CVE-2010-2431).
 
 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate
 memory for attribute values with invalid string data types, which
 allows remote attackers to cause a denial of service (use-after-free
 and application crash) or possibly execute arbitrary code via a
 crafted IPP request (CVE-2010-2941).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 f659df34ee2b206427a38cefbca99cc2  2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm
 1b92d2762a23b983f0da6ed527c9cee8  2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm
 a0719dfedbcce4ca02b8f1d69250c67b  2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm
 130c8d5b44e513e52d6d40fc22974139  2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm
 06d0f7f3754246e67ff100ee3e15a6c2  2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm
 7179976e3a7490deced5374723453065  2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm 
 d457f260b56c65d119f3f4577a7dc90f  2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 109c1f41b21fbb8e2c97aaeafae1340a  2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm
 d0fca9c94c5269fec27a31086c399145  2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm
 4ff96778ae90f228ef99d94487d87f77  2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm
 3f0127d51b2cdc9bf661e9de91b52f39  2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm
 473bdbea1f1379fc46f0523ab5a91e92  2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm
 6d720a64deac48ca276266bb6895f72d  2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm 
 d457f260b56c65d119f3f4577a7dc90f  2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 b896bb55528f9b3f7329bdefbd06e907  2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm
 9915c592984b953fc97caeaff6adfd51  2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm
 9301ef3c2f510317064d543603ce2093  2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm
 30b760a74bfe1338139c810e727321c0  2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm
 d6bb4b1902321d01065f5523fe8b8bd1  2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm
 1e9b384c4ca7bfdd0a5294662e167cbb  2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm 
 a3ade5cdca9098f024c821f02e2497d1  2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 b85a2eb58e0321e8bbe9f0db0b67b270  2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm
 c3e5f2aaab48b3569af9adc0fe066e36  2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm
 8cae31ce49c4d45093a09aab4317c452  2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm
 330e6c0d2fb1c00c63ac3750b0e3044a  2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm
 bc7348bba4476c16c35e651b9826431c  2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm
 cc0081d5748a4e538b1154e110eb74ea  2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm 
 a3ade5cdca9098f024c821f02e2497d1  2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 27242832f57d843a6e96f7be948060f7  mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm
 c68061ebd7157579308ba9e3c0a0e988  mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm
 2a06820729e49c98883494971dbd839e  mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm
 f959dac3e1ce73a9c228a56956f50277  mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm
 eb7ab898a4c42c095cdd82a12527ce78  mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm
 64c94ac46b571cafb1610c49a6134031  mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm 
 e2adcd8eec6039164aa45738cec40586  mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 992e12cd8507d0d58fb6e72ca402429f  mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
 4528d0e4dccbc15507e8575c98255711  mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm
 3e840cbe6f1883706c14cbafc838478c  mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm
 a8cfe7e9c3e82ae1c61b7da0ba7daf26  mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm
 b377f64dff30db3b76cd7b651f796783  mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm
 d2b4d6a768bd6083c970d53744e4aeb1  mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 
 e2adcd8eec6039164aa45738cec40586  mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM4ZS/mqjQ0CJFipgRAkLgAKDsuTTFSuf1v6YWx2aUMr4QYOhe4ACeIs4l
YnRpY6l3fFFtKyMECvjx5ug=
=JE6O
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists