FrSIRT - Fedora Security Update Fixes CUPS Memory Corruption Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes CUPS Memory Corruption Vulnerability

Title : Fedora Security Update Fixes CUPS Memory Corruption Vulnerability
Advisory ID : FrSIRT/ADV-2007-3688
CVE ID : CVE-2007-4351
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-02

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

b0c3575602c14bfb0f7457674ff4c41c06dc1afe cups-libs-1.2.12-6.fc7.ppc64.rpm
61a2ac729477965167d50e9bc7d5f6fff1da4791 cups-1.2.12-6.fc7.ppc64.rpm
c4e7a65e6de8572d30f1c3813adc8eb97372e1c1 cups-devel-1.2.12-6.fc7.ppc64.rpm
980ae77e6e878c6723333a9fa91570e2ac88bb19 cups-debuginfo-1.2.12-6.fc7.ppc64.rpm
efdfd7beb1ad7ccf69300f0383567bfd66c58663 cups-lpd-1.2.12-6.fc7.ppc64.rpm
5f6f59cf769d62929792d70ed0d90a2f3b78ab5b cups-libs-1.2.12-6.fc7.i386.rpm
f2f92edf6f133d450b6cd92504f1e0e2463fdd58 cups-1.2.12-6.fc7.i386.rpm
b9e76b2efec9e36bbb77647c245fee17b0643a55 cups-debuginfo-1.2.12-6.fc7.i386.rpm
5b8e62c0c2fa433b3b6c4f864cb0efbbceacec7e cups-lpd-1.2.12-6.fc7.i386.rpm
243a80caff1553f94a25d883cd5339dc1a1682d8 cups-devel-1.2.12-6.fc7.i386.rpm
d1c2350124ec5f4e1adc46a02ae56a330ab5fd4a cups-debuginfo-1.2.12-6.fc7.x86_64.rpm
341659fc96f5c96e8719d470bb3505bacfe1ab56 cups-lpd-1.2.12-6.fc7.x86_64.rpm
3a226517dd4ef5a688f18bd2ae61c8436c355ece cups-1.2.12-6.fc7.x86_64.rpm
e8ea66f3e6081ec019ee61390fd83c2310e07685 cups-devel-1.2.12-6.fc7.x86_64.rpm
db8bcf2a45c9407663a6f3e4de2af3720f636fff cups-libs-1.2.12-6.fc7.x86_64.rpm
09f6754808e4bf585ae56a20bae4ce9e2eef2bb6 cups-libs-1.2.12-6.fc7.ppc.rpm
4c46afab9161663196a0cb6279654c53fabe1df3 cups-1.2.12-6.fc7.ppc.rpm
3ac6fba6fd8c6525211e1bf34491cef8ba285c20 cups-debuginfo-1.2.12-6.fc7.ppc.rpm
ef22a38297681508f7f83590dcd174a211f6b2bb cups-devel-1.2.12-6.fc7.ppc.rpm
ba8e17973711b9907683a55c95fcb5a7e41d992f cups-lpd-1.2.12-6.fc7.ppc.rpm
3398d5e36765e7862403dc573ba190558008d366 cups-1.2.12-6.fc7.src.rpm

ChangeLog

2007-11-02 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability