Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting (1/5

From Steffen Joeris@1:229/2 to All on Tue Nov 10 03:50:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1933-1 [email protected] http://www.debian.org/security/ Steffen Joeris
November 10, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : cups
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-2820

Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks.

For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny7.

For the oldstable distribution (etch), this problem has been fixed in
version 1.2.7-4+etch9.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your cups packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz
Size/MD5 checksum: 112995 fe3566daa6615bcd625288ce98e9384f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc
Size/MD5 checksum: 1095 804241054cda1301d183492ea5969649

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_all.deb
Size/MD5 checksum: 917720 bc97c75dacbd345dfd07e9397c91c38f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch9_all.deb
Size/MD5 checksum: 46524 4f95c2485efda6dc7fc306162a5b1641

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 72990 bf27b53404f44fcea401f8ff88de8aa2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 1095268 d25ffb1cdb0d32cb3d80d6a551b355c7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 184818 00aa5f531b8c3a30c6c77b926be722d2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 175652 d52f9ee130bbf84d5436a71bb526f56c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 95922 8d80f7b83c755b59401fa7dd0b2ca81e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 1605614 26620cc74617e392217a198fbde74860
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 86404 5cebb372c4230f6ec95f89be9183293c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 39290 429780ee5c35d47504291877979b6a15

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 162858 1efc0ec7be9fc17ec25aab13eeb6e169
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 80712 2f639382f1e7767254a39358e7a79aed
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 1090142 e33720ca87a04a87fe9a23b281c1bac0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 86648 7eacddf27156689a52fe3b620392f734
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 1578128 1726cfeb573c14d325bd7d3c6ec29188
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 53050 342387c9d81a32530263493d8a11eb86
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 142540 66ff1c8c7c2bae7320d208e1ac6748c5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 36356 a752bf52d8c59b7e7b16a44e6265da78

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 78688 9ee5e250e8db317459cf64f0f4d2b9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 155024 2e0ba671643828c8a208647ffc267b64
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 85562 05a0e3e5bbcc37c3a22e5e5343bbc44d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 1569288 8871122b1793c0e6f24e10fb781e0cb9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 48948 9c51ba4c36e7fc6c4dbd2da98be31557
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 1024098 d942cccf63a8013a157f6cd8b8091a77
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 36760 f4f9b00a6516aaad65423afdb7cc15c3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 131680 8ae7ad06a988b72ec037bd8576a5401b

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:59:23
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,518

[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting (1/5

Who's Online

Recent Visitors

System Info