From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-2007-1
[email protected] http://www.debian.org/security/ Nico Golde March 3rd, 2010
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : cups
Vulnerability : format string vulnerability
Problem type : local
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0393
Ronald Volgers discovered that the lppasswd component of the cups suite,
the Common UNIX Printing System, is vulnerable to format string attacks
due to insecure use of the LOCALEDIR environment variable. An attacker
can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny8.
For the testing distribution (squeeze) this problem will be fixed soon.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.2-9.1.
We recommend that you upgrade your cups packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.dsc
Size/MD5 checksum: 1837 a511bb4de5c768a4862a55d227a4ff70
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.diff.gz
Size/MD5 checksum: 189649 82c747daa3ed7bb71e10094a50a0cabd
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 1181030 11167383d8fa0f8518cb550e4946c109
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 15e639e1ac4d44042e5e5245d0670cb9
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 796f92741e989eac9ba214ede18630d8
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52406 2bce3838eaf23010ab40842e6cd15b64
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 57ee5c01a3a6b88e9dd73a5fae4052e6
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 a57e7e5775ef54f3b173aa78cb56925c
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52402 e558bca7e419849e9985fab5b253d541
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52382 6fb5db2ff939a66c82805069e2673122
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 445498 e4c86a6a0e2956a543432ea47d2b4e4d
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 119902 54fbde6934338f62546a3a9d63366e24
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 108236 b5585a98bb2ba4395aa8b995663eb449
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 39296 ba38fb23064f0265b08e634c5553680c
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 81528 586baf5c22624b387b17522f9336a62f
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 178786 855af4932cc8c4d8fa79615cfb9268d7
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 1149260 0655f89a290365b71040ad2ab6d5708e
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 2103240 eb83ee8de10a7bd58918742bd92afb26
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 2072340 d50623c5ddf4a13d88ad72c77b423b7f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 99958 c80b2253f2bd929eea5fa3e4d630007b
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 1195800 c8fe761855122b595442161dc215685f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 61016 bd0dbe1b2ea8cd4f4608684c8d175aeb
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 169070 a8cc5fcba2086f06cb475b363dae39d1
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 401586 d0c2f361b90a7d43a29c1267e41ac013
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 116782 535933bcbdf17abc8d11d66d6059f398
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)