LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Security Week: December 1st, 2008
Linux Advisory Watch: November 28th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated cups packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues. 
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:051
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cups
 Date    : February 26, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw was found in how CUPS handled the addition and removal of
 remote printers via IPP that could allow a remote attacker to send
 a malicious IPP packet to the UDP port causing CUPS to crash.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 0a7d158dea287d3fb02d562e66144f55  2007.0/i586/cups-1.2.4-1.7mdv2007.0.i586.rpm
 0f89e8283a7765359bf587aa1a49d537  2007.0/i586/cups-common-1.2.4-1.7mdv2007.0.i586.rpm
 80e246d3868f57bc052f9d0527161ed2  2007.0/i586/cups-serial-1.2.4-1.7mdv2007.0.i586.rpm
 11e435c39845560d06451300cee0ff78  2007.0/i586/libcups2-1.2.4-1.7mdv2007.0.i586.rpm
 82903c633dfe9b705976ac9cfea5fe13  2007.0/i586/libcups2-devel-1.2.4-1.7mdv2007.0.i586.rpm
 f688f9d5d9c80a1c4081ba897bda3b31  2007.0/i586/php-cups-1.2.4-1.7mdv2007.0.i586.rpm 
 9d8074c34c5471dd2ea7150747e9763d  2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 35030a4837fef0355a0353e552d56d45  2007.0/x86_64/cups-1.2.4-1.7mdv2007.0.x86_64.rpm
 6f91d3f1c641e623549ad9d102037205  2007.0/x86_64/cups-common-1.2.4-1.7mdv2007.0.x86_64.rpm
 5b974bae09a30c051fca184dbfc514a6  2007.0/x86_64/cups-serial-1.2.4-1.7mdv2007.0.x86_64.rpm
 d6a2095673a0e3093303bb98c2251fb8  2007.0/x86_64/lib64cups2-1.2.4-1.7mdv2007.0.x86_64.rpm
 d705ff9b705c54a3c842c25823c3c412  2007.0/x86_64/lib64cups2-devel-1.2.4-1.7mdv2007.0.x86_64.rpm
 64424352ee5b03cc16d6318d47681602  2007.0/x86_64/php-cups-1.2.4-1.7mdv2007.0.x86_64.rpm 
 9d8074c34c5471dd2ea7150747e9763d  2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 5105e804cdb43266919ef6a2d4d56172  2007.1/i586/cups-1.2.10-2.5mdv2007.1.i586.rpm
 bc59fa659d2a1198cb37e6a5e46147d7  2007.1/i586/cups-common-1.2.10-2.5mdv2007.1.i586.rpm
 b42d2a433bf01becc833f1f052117451  2007.1/i586/cups-serial-1.2.10-2.5mdv2007.1.i586.rpm
 ac1ab68a5b9d22eed8de1afcfc5244dc  2007.1/i586/libcups2-1.2.10-2.5mdv2007.1.i586.rpm
 08523fd668fd17454873aa3f6b62b339  2007.1/i586/libcups2-devel-1.2.10-2.5mdv2007.1.i586.rpm
 b0159435bf4e9cd5e69e7215bc936cfe  2007.1/i586/php-cups-1.2.10-2.5mdv2007.1.i586.rpm 
 f57d2c24cf4c2566019e6457c15a4314  2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 104867d41e5732b04cc19c4cb9cb9ecc  2007.1/x86_64/cups-1.2.10-2.5mdv2007.1.x86_64.rpm
 bc98f745c4fe6172926c7fae56421dbf  2007.1/x86_64/cups-common-1.2.10-2.5mdv2007.1.x86_64.rpm
 75f5cf947fbdf830b4c4ab7a5ab39be3  2007.1/x86_64/cups-serial-1.2.10-2.5mdv2007.1.x86_64.rpm
 b792523a1e6607731d428ee8ab750cdb  2007.1/x86_64/lib64cups2-1.2.10-2.5mdv2007.1.x86_64.rpm
 7d359e84eb335e0e73a45c3425ba16c7  2007.1/x86_64/lib64cups2-devel-1.2.10-2.5mdv2007.1.x86_64.rpm
 b1734f40a5a137d7b040e89f8f2c9cf4  2007.1/x86_64/php-cups-1.2.10-2.5mdv2007.1.x86_64.rpm 
 f57d2c24cf4c2566019e6457c15a4314  2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 41c457c0abf00c4cd12c68206d1ef19d  2008.0/i586/cups-1.3.0-3.5mdv2008.0.i586.rpm
 527208039efbae8c688e17222375cd25  2008.0/i586/cups-common-1.3.0-3.5mdv2008.0.i586.rpm
 77ff879a0416f557da2577e2cc0be520  2008.0/i586/cups-serial-1.3.0-3.5mdv2008.0.i586.rpm
 f2e416902352f08a433fa3b42125f069  2008.0/i586/libcups2-1.3.0-3.5mdv2008.0.i586.rpm
 464018750437eefcd27c64851dd3babf  2008.0/i586/libcups2-devel-1.3.0-3.5mdv2008.0.i586.rpm
 51c51c2d372c97a3bd67ec20a6e8ab1f  2008.0/i586/php-cups-1.3.0-3.5mdv2008.0.i586.rpm 
 59be42c190d902a00fff01c813933fab  2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 ae89deb6366ad290ffdad65c50536d05  2008.0/x86_64/cups-1.3.0-3.5mdv2008.0.x86_64.rpm
 3dedafa2f472ce3ac5147cb55208b505  2008.0/x86_64/cups-common-1.3.0-3.5mdv2008.0.x86_64.rpm
 ed1390e977087d00427082d74a982816  2008.0/x86_64/cups-serial-1.3.0-3.5mdv2008.0.x86_64.rpm
 361afea801db6537a050e40c47e52f28  2008.0/x86_64/lib64cups2-1.3.0-3.5mdv2008.0.x86_64.rpm
 7b2be918011c91cf5dc30a91ebe09ee4  2008.0/x86_64/lib64cups2-devel-1.3.0-3.5mdv2008.0.x86_64.rpm
 1f5dd9fa07b8e29c36fae8a3003b5743  2008.0/x86_64/php-cups-1.3.0-3.5mdv2008.0.x86_64.rpm 
 59be42c190d902a00fff01c813933fab  2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

 Corporate 4.0:
 bbee37ca52c8033ec89f3cc9205e0c05  corporate/4.0/i586/cups-1.2.4-0.7.20060mlcs4.i586.rpm
 e72747799613a53d88cea13ac52c1a74  corporate/4.0/i586/cups-common-1.2.4-0.7.20060mlcs4.i586.rpm
 548b48c8afa79a83971cb2adb20004a1  corporate/4.0/i586/cups-serial-1.2.4-0.7.20060mlcs4.i586.rpm
 df20bcab65ba98cb2587270be4562b97  corporate/4.0/i586/libcups2-1.2.4-0.7.20060mlcs4.i586.rpm
 108d380752eeccb01bd80f2d6a25479b  corporate/4.0/i586/libcups2-devel-1.2.4-0.7.20060mlcs4.i586.rpm
 2194a57725880ab610799790575f62ed  corporate/4.0/i586/php-cups-1.2.4-0.7.20060mlcs4.i586.rpm 
 e7131afcaa870e2f49d37224a7b6d6cf  corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7e0ab06ae666103857342dbf5189d3ea  corporate/4.0/x86_64/cups-1.2.4-0.7.20060mlcs4.x86_64.rpm
 e5f9340f4748c8ffa07c061444fb1bdf  corporate/4.0/x86_64/cups-common-1.2.4-0.7.20060mlcs4.x86_64.rpm
 46089fc8f48fd08bca263967e5fcb21f  corporate/4.0/x86_64/cups-serial-1.2.4-0.7.20060mlcs4.x86_64.rpm
 7fac230cf127e832c596f221524d2b8c  corporate/4.0/x86_64/lib64cups2-1.2.4-0.7.20060mlcs4.x86_64.rpm
 cca789f65894cbf299b280c3962e7f65  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.7.20060mlcs4.x86_64.rpm
 4eaaaeb37968a80b704c175d5f3019ae  corporate/4.0/x86_64/php-cups-1.2.4-0.7.20060mlcs4.x86_64.rpm 
 e7131afcaa870e2f49d37224a7b6d6cf  corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 
< Prev   Next >
    
Partner:

 
Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Linux Role in Botnets Studied
10 Mistakes New Linux Administrators Make

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.