1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2176-1] cups security update

    From Moritz Muehlenhoff@1:229/2 to All on Wed Mar 2 00:40:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    March 02, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : cups
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941

    Several vulnerabilities have been discovered in the Common UNIX Printing System:

    CVE-2008-5183

    A null pointer dereference in RSS job completion notifications
    could lead to denial of service.

    CVE-2009-3553

    It was discovered that incorrect file descriptor handling
    could lead to denial of service.

    CVE-2010-0540

    A cross-site request forgery vulnerability was discovered in
    the web interface.

    CVE-2010-0542

    Incorrect memory management in the filter subsystem could lead
    to denial of service.

    CVE-2010-1748

    Information disclosure in the web interface.

    CVE-2010-2431

    Emmanuel Bouillon discovered a symlink vulnerability in handling
    of cache files.

    CVE-2010-2432

    Denial of service in the authentication code.

    CVE-2010-2941

    Incorrect memory management in the IPP code could lead to denial
    of service or the execution of arbitrary code.

    For the oldstable distribution (lenny), this problem has been fixed in
    version 1.3.8-1+lenny9.

    The stable distribution (squeeze) and the unstable distribution (sid)
    had already been fixed prior to the initial Squeeze release.

    We recommend that you upgrade your cups packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx
    =j7wC
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)