[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JMrB1-00068Y-7o@artemis.annvix.ca>
Date: Wed, 06 Feb 2008 13:47:27 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:036 ] - Updated CUPS packages fix
SNMP vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:036
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : February 6, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Wei Wang found that the SNMP discovery backend in CUPS did not
correctly calculate the length of strings. If a user could be tricked
into scanning for printers, a remote attacker could send a specially
crafted packet and possibly execute arbitrary code (CVE-2007-5849).
As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another
denial of service regression within SSL handling (CVE-2007-4045).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
e7b60799c6564dab2fac51c4f141dbe5 2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm
4c32071aad3f9098ea2dd2f9a1b7cd49 2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm
63d9a864863267cf2f4fddc02e095e06 2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm
1f4920904c759ce0e9abb3bbc8cdd594 2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm
b1ec7aa06c2be308ff9c2a63da1c7731 2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm
f383e8d9d10ca981e447dd6a01ee851d 2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm
f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b7553d0c3fbc26b3701b141c9b83d4f3 2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm
4a38d3105789f691876915a408b14238 2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm
66f5f00ec62eda88ad3bcc4a7c1bb9f8 2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm
8cb823e9208e3318df6856d6f604e915 2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm
87a2ecc7dea1d4df9dc375aaa08706df 2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm
80f26c35b1a9df435722fda1cbbf73a3 2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm
f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm
Mandriva Linux 2007.1:
211c3ad187609d5b780ff3fa5b49e444 2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm
7d40f786123cf00358798508bb62d3d3 2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm
0e5804893b2a9246b0e868c31b32b06b 2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm
338d3dec619d84e87f51bd7cfd16d8d2 2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm
8db18206adc7d5e06791544156b055b3 2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm
62132f4112ac2b0a2d12774d29bec0cb 2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm
4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
8c149f4c10733c9a9111160ae59ad925 2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm
4b1daf55b41af95a1cd84bebe942d560 2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm
5c5ca12c2c1acc4d4dbabdd1a724c6b6 2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm
c3b6080be7e3f4705a8a2a49bcffd444 2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm
e0b59e5053778c2ffa2f54e0b45d2d39 2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm
f55015ed699bf755c426f543c1663c68 2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm
4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
5e6c08849a88b069afaa97a41e9e960e 2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm
9572d60e8afebae8af024b1fe7209fb3 2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm
3f289e765d786c9e10ea5cfc21f73f6b 2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm
c0fd3de781ef4d6ed0f9e13cae53d883 2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm
610b6e72c3c11c6015f8177701156351 2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm
fb6ef9cab451a3133be7f76ba840b012 2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm
188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
402aea771b06142b45b722bff80f091e 2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm
f2455232cc2a9573ecec47ef56cdc597 2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm
37a5555a41d6fb417b21939c805664f2 2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm
ce9c705103f3818d9c5795c9870fe8ff 2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm
69cbe40728e22cc75aec77357f1afd05 2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm
383988eb5c94bb74024fdf374cb3b2be 2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm
188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm
Corporate 3.0:
22d8969d906321fbee18c2bbc85588d3 corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm
36304afe8bedfa972b100864a155c631 corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm
c769d1450268709318ca831aa61fb0e1 corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm
add323f4e6d19502d1784d8170b56158 corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm
1795159898f7d56792ccb5d2fa94f01d corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm
862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm
Corporate 3.0/X86_64:
4cc49531ae7c6e30a6119a96fd6e2be7 corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm
d99c41a39764138480fd0498fc08dc86 corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm
1217f6489b62f4f97272266a36ad1dcf corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm
37b559193f8165d5fb94f3dfb0a17002 corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm
29f3155a705199ddc18d4f07151ee0e5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm
862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm
Corporate 4.0:
2ff282c107a464893dceecd702a49fbb corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm
d40e3334925c3dfeb4cf69c9a81279da corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm
c0cd1b083354931223532a3f66708796 corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm
2cbac22995a55e1f2a2775c9b2f993ef corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm
6e2f4b34178fea2cf9fbc6d2ef23bb10 corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm
7013f9f6c6820f411bbece64eef74338 corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm
af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5b7647d72d7c6717fc66511d99dfb85d corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
4e2885508967804e2036312408b887a6 corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm
c2c7dcc9fe085e0763bfdb492fb75efc corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm
8638a23ea946526c960840507933c835 corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm
856b172bc91bbd802a821a775d45b6c9 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm
f97300e6f09ef8b08d1a0563a5c324f1 corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9
nEhVEeHY+sACGciJMKbk5+I=
=Qgcw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists