From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1810-1
[email protected] http://www.debian.org/security/ Nico Golde
June 2nd, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : cups, cupsys
Vulnerability : null ptr dereference
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0949
Anibal Sacco discovered that cups, a general printing system for UNIX
systems, suffers from null pointer dereference because of its handling
of two consecutive IPP packets with certain tag attributes that are
treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers
to perform denial of service attacks by crashing the cups daemon.
For the oldstable distribution (etch), this problem has been fixed in
version 1.2.7-4+etch8 of cupsys.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny6 of cups.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your cups/cupsys packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8.dsc
Size/MD5 checksum: 1094 42b2e4d0d1709d31270cbd0361ded3f4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8.diff.gz
Size/MD5 checksum: 109744 c73260161da939be7517c6ff0c5493cb
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch8_all.deb
Size/MD5 checksum: 921366 4cec0d4b82b768bd42c801e87831eec9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch8_all.deb
Size/MD5 checksum: 46424 bc032e7d1c4520843b540d3bb238d3a3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 72856 a2c626b3f8dd8e43cecc395c5cf9ef03
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 1614886 8286658ca407d05ecc87ea4cd2dc870a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 183730 f2c644de893bf0ca28868cfecefca04d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 85916 7233e6ec6bb857653d2829cd80012d41
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 1093518 e6544fc0edd973d09a1e00652991845b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 96030 23aca27ae72c081612fb247cfd9e33da
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 39332 a931e92b73c1004f4c8ed110c01ac728
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_alpha.deb
Size/MD5 checksum: 175552 8bb48e7fdb170d74a14e65aecee3b230
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 1087540 1e71685c6620845318d49cf1fcf5feb0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 87128 281a245270d6c2dcd7f0e1a6fc7d0b12
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 37572 c0491559f8465d610a0577cc23f00de5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 162892 42d1cf5ceaa5ed7a95f16b869e6df97f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 80862 511e522206e17f759cd7c56e934f08bd
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 1572040 e2582ab015e6e3a3858b713d6f159a34
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 53056 d4c82327123ddc2c0e48c804634603ae
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_amd64.deb
Size/MD5 checksum: 142418 d9314cb33230b9c6dbe571671b14adda
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_arm.deb
Size/MD5 checksum: 1023048 8b559f55ae312c59e22a113fd6928c5f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_arm.deb
Size/MD5 checksum: 36758 cb2e80f86795f10af3fc100aa4506def
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_arm.deb
Size/MD5 checksum: 1567912 776f4974949a31b3facd38b302b8097a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_arm.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)