FrSIRT - Mandriva Security Update Fixes Common UNIX Printing System Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes Common UNIX Printing System Issue

Title : Mandriva Security Update Fixes Common UNIX Printing System Issue
Advisory ID : FrSIRT/ADV-2005-1795
CVE ID : CVE-2004-2154
CWE ID : CWE-
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-20

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Mandriva has released updated packages to correct a vulnerability identified in Common UNIX Printing System (CUPS) [...]

Solution

Use MandrakeUpdate to apply patches :

Mandrakelinux 10.0:
57949999ec0803d9b3950ae663371c2e 10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm
ce7f1071f6c62590a1b6871ab9b17816 10.0/RPMS/cups-common-1.1.20-5.9.100mdk.i586.rpm
f8271f099e17e7fc2a8b8d3707fe4611 10.0/RPMS/cups-serial-1.1.20-5.9.100mdk.i586.rpm
8d0e92e091f01dbfa43c80abc1e5521b 10.0/RPMS/libcups2-1.1.20-5.9.100mdk.i586.rpm
4b7e237ef3ba38546873231937eeaf14 10.0/RPMS/libcups2-devel-1.1.20-5.9.100mdk.i586.rpm
02f0085442de9f53ed52c53372921c54 10.0/SRPMS/cups-1.1.20-5.9.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
c741e915ab4478906c4c0c9975a28199 amd64/10.0/RPMS/cups-1.1.20-5.9.100mdk.amd64.rpm
844f1025e5689bfa1270b46b18092604 amd64/10.0/RPMS/cups-common-1.1.20-5.9.100mdk.amd64.rpm
519d6d527ff35b8589c22a77d01bb89c amd64/10.0/RPMS/cups-serial-1.1.20-5.9.100mdk.amd64.rpm
1409f88c2e6c6b64d2bc98054ba88c56 amd64/10.0/RPMS/lib64cups2-1.1.20-5.9.100mdk.amd64.rpm
49478b1e66b17ed734036f0699a73ace amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.9.100mdk.amd64.rpm
8d0e92e091f01dbfa43c80abc1e5521b amd64/10.0/RPMS/libcups2-1.1.20-5.9.100mdk.i586.rpm
02f0085442de9f53ed52c53372921c54 amd64/10.0/SRPMS/cups-1.1.20-5.9.100mdk.src.rpm

Corporate Server 2.1:
b382582f3c83bab30c115774033543c6 corporate/2.1/RPMS/cups-1.1.18-2.11.C21mdk.i586.rpm
29c884dd71f8422db48e7d3831eeccb8 corporate/2.1/RPMS/cups-common-1.1.18-2.11.C21mdk.i586.rpm
22b2e3c9e34671ba4c84ec368c0219cb corporate/2.1/RPMS/cups-serial-1.1.18-2.11.C21mdk.i586.rpm
cdc9ca097da2cccf3c67cfe1a7e7d4ec corporate/2.1/RPMS/libcups1-1.1.18-2.11.C21mdk.i586.rpm
7e628218d90f639d24476cb635a64922 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.11.C21mdk.i586.rpm
7be4ece8ab5cba50791771a9065c78ed corporate/2.1/SRPMS/cups-1.1.18-2.11.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
8ebafcbc57a13198165a79082be2a78d x86_64/corporate/2.1/RPMS/cups-1.1.18-2.11.C21mdk.x86_64.rpm
56d85e620b01894f34660eba96d9ee40 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.11.C21mdk.x86_64.rpm
8a7fa44f47379d778a1657e5497c34b6 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.11.C21mdk.x86_64.rpm
8e9b8d6c247e091bd8dc38e1733f9c2f x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.11.C21mdk.x86_64.rpm
45cfd7747e040cee340fec0edf37be0d x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.11.C21mdk.x86_64.rpm
7be4ece8ab5cba50791771a9065c78ed x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.11.C21mdk.src.rpm

Corporate 3.0:
c0c6fa6731a99d3941ff0a2538b83d2c corporate/3.0/RPMS/cups-1.1.20-5.9.C30mdk.i586.rpm
ad7e66e80f1336beeaef65678dcd06c1 corporate/3.0/RPMS/cups-common-1.1.20-5.9.C30mdk.i586.rpm
715af6b604429210810cb1fcb2d88b11 corporate/3.0/RPMS/cups-serial-1.1.20-5.9.C30mdk.i586.rpm
36d71921d656bb291dfd129d63a2519a corporate/3.0/RPMS/libcups2-1.1.20-5.9.C30mdk.i586.rpm
a06251d040e615159758b548ee5da785 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.9.C30mdk.i586.rpm
7c02299537a6646f6664fc8253895d03 corporate/3.0/SRPMS/cups-1.1.20-5.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
7fd22a6928fcdce24fda3e8de71cf39a x86_64/corporate/3.0/RPMS/cups-1.1.20-5.9.C30mdk.x86_64.rpm
bb37ebd7097e663304baac02e394292a x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.9.C30mdk.x86_64.rpm
7c79a96dcbae50e6e0b27eb43fa249eb x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.9.C30mdk.x86_64.rpm
d013b48caa5339b855ec33d19bdb21db x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.9.C30mdk.x86_64.rpm
10a98e8e62085460bec857e516b7c577 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.9.C30mdk.x86_64.rpm
36d71921d656bb291dfd129d63a2519a x86_64/corporate/3.0/RPMS/libcups2-1.1.20-5.9.C30mdk.i586.rpm
7c02299537a6646f6664fc8253895d03 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.9.C30mdk.src.rpm

ChangeLog

2005-09-20 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities
	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities