lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HdZkA-0005SZ-5X@artemis.annvix.ca>
Date: Mon, 16 Apr 2007 16:32:18 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:086 ] - Updated cups packages fix
	DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:086
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : April 16, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw was discovered in how CUPS handled SSL negotiation that could
 allow a remote attacker capable of connecting to the CUPS daemon to
 cause a DoS to other CUPS users.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 58148107fd3c3a3a58cf40893f210d19  2007.0/i586/cups-1.2.4-1.2mdv2007.0.i586.rpm
 facc569515fe2bfb4cd486c97933db38  2007.0/i586/cups-common-1.2.4-1.2mdv2007.0.i586.rpm
 4d098ae29c18349d340358a8dd34dd71  2007.0/i586/cups-serial-1.2.4-1.2mdv2007.0.i586.rpm
 170742c5f714668e61e86f8c81a8b4ed  2007.0/i586/libcups2-1.2.4-1.2mdv2007.0.i586.rpm
 5f0235cecf775ca3fe56ec84cc84d20f  2007.0/i586/libcups2-devel-1.2.4-1.2mdv2007.0.i586.rpm
 bd0b0eca41194be209e4241d719e1599  2007.0/i586/php-cups-1.2.4-1.2mdv2007.0.i586.rpm 
 dfee0796289f4931ce50315338a9039a  2007.0/SRPMS/cups-1.2.4-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 f6ff5e5b6974a5643e95d25064a0d376  2007.0/x86_64/cups-1.2.4-1.2mdv2007.0.x86_64.rpm
 000003ae00365d65f11d2ba66e23f497  2007.0/x86_64/cups-common-1.2.4-1.2mdv2007.0.x86_64.rpm
 abd32c1b9604f1b37a2aa2b0d388f815  2007.0/x86_64/cups-serial-1.2.4-1.2mdv2007.0.x86_64.rpm
 275f077df3d38e0d37c5c364dc213141  2007.0/x86_64/lib64cups2-1.2.4-1.2mdv2007.0.x86_64.rpm
 9a1fb3565074c9f4094e66085f00cdcf  2007.0/x86_64/lib64cups2-devel-1.2.4-1.2mdv2007.0.x86_64.rpm
 dd2efd3e7bd0fa76688331be58b41e61  2007.0/x86_64/php-cups-1.2.4-1.2mdv2007.0.x86_64.rpm 
 dfee0796289f4931ce50315338a9039a  2007.0/SRPMS/cups-1.2.4-1.2mdv2007.0.src.rpm

 Corporate 3.0:
 e1a992d26240a580991dac68aec96bff  corporate/3.0/i586/cups-1.1.20-5.11.C30mdk.i586.rpm
 098a0436371e4f2747f46739206c178f  corporate/3.0/i586/cups-common-1.1.20-5.11.C30mdk.i586.rpm
 03b7c186d7594edc6434851ee21f995a  corporate/3.0/i586/cups-serial-1.1.20-5.11.C30mdk.i586.rpm
 440f161baeb56539f78571be69ed70e2  corporate/3.0/i586/libcups2-1.1.20-5.11.C30mdk.i586.rpm
 fb5996ef6a12ab6f290a7594fa3a3cb0  corporate/3.0/i586/libcups2-devel-1.1.20-5.11.C30mdk.i586.rpm 
 3c8b04f6b0af669313979cb23feddb6d  corporate/3.0/SRPMS/cups-1.1.20-5.11.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 86852aacc829b9efcd03b544a55fdca0  corporate/3.0/x86_64/cups-1.1.20-5.11.C30mdk.x86_64.rpm
 ebd138190f39f88c1eace2aa522ea034  corporate/3.0/x86_64/cups-common-1.1.20-5.11.C30mdk.x86_64.rpm
 3fad1b6fa25230cd0dcf078b8edd24ad  corporate/3.0/x86_64/cups-serial-1.1.20-5.11.C30mdk.x86_64.rpm
 35a7e3c3dee5397c703d4ced6be57138  corporate/3.0/x86_64/lib64cups2-1.1.20-5.11.C30mdk.x86_64.rpm
 f1098a89091ab49d1a65c3827f222e45  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.11.C30mdk.x86_64.rpm 
 3c8b04f6b0af669313979cb23feddb6d  corporate/3.0/SRPMS/cups-1.1.20-5.11.C30mdk.src.rpm

 Corporate 4.0:
 73b593b17afd8c7d3e4df79e382c6bf9  corporate/4.0/i586/cups-1.2.4-0.2.20060mlcs4.i586.rpm
 287de87164fd603d9233ea5dd2460878  corporate/4.0/i586/cups-common-1.2.4-0.2.20060mlcs4.i586.rpm
 2f164f0d981a3f2cbfaedadc9b60ec82  corporate/4.0/i586/cups-serial-1.2.4-0.2.20060mlcs4.i586.rpm
 f84b48d2c09d77d8a4a038724f90c8ce  corporate/4.0/i586/libcups2-1.2.4-0.2.20060mlcs4.i586.rpm
 092cb69b720a81b2fc8f8374eefde9b5  corporate/4.0/i586/libcups2-devel-1.2.4-0.2.20060mlcs4.i586.rpm
 6fb17dd9e47a3f1fb081b0abeba74a21  corporate/4.0/i586/php-cups-1.2.4-0.2.20060mlcs4.i586.rpm 
 4aa9d021fb9ca6947ee0042842c0d9f7  corporate/4.0/SRPMS/cups-1.2.4-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6910e854380e4bdfd873f030e6cf56a1  corporate/4.0/x86_64/cups-1.2.4-0.2.20060mlcs4.x86_64.rpm
 3ea4c63c9a77d8853b31edc6b27cd947  corporate/4.0/x86_64/cups-common-1.2.4-0.2.20060mlcs4.x86_64.rpm
 202a71ab90bd78c62b49bcfdb8f87e6d  corporate/4.0/x86_64/cups-serial-1.2.4-0.2.20060mlcs4.x86_64.rpm
 adbd7e8c128a869f72eec99f8ab2675c  corporate/4.0/x86_64/lib64cups2-1.2.4-0.2.20060mlcs4.x86_64.rpm
 3511b5438cb8539645853e125ce633d2  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.2.20060mlcs4.x86_64.rpm
 8ac429c561e74613ad99a90ca81bf081  corporate/4.0/x86_64/php-cups-1.2.4-0.2.20060mlcs4.x86_64.rpm 
 4aa9d021fb9ca6947ee0042842c0d9f7  corporate/4.0/SRPMS/cups-1.2.4-0.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGI84amqjQ0CJFipgRAgYDAJsGtmc+dDF4MVXsbIZ4yf8B5riUXwCg4IFQ
CgJu6KFTY1qUujdG8UgYemI=
=gZF6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ