FrSIRT - Fedora Security Update Fixes CUPS Memory Corruption Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes CUPS Memory Corruption Vulnerability

Title : Fedora Security Update Fixes CUPS Memory Corruption Vulnerability
Advisory ID : FrSIRT/ADV-2007-3735
CVE ID : CVE-2007-4351
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-06

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

9e6f32773660c79d86ebd8ee1ae59eb181ac8ea5 SRPMS/cups-1.2.12-5.fc6.src.rpm
9e6f32773660c79d86ebd8ee1ae59eb181ac8ea5 noarch/cups-1.2.12-5.fc6.src.rpm
93a0dd8a7205b36b5b7831be4045e68fd7b80266 ppc/cups-lpd-1.2.12-5.fc6.ppc.rpm
4957e7e6a53ca2140e6da84aeea0bd632f84b49a ppc/cups-libs-1.2.12-5.fc6.ppc.rpm
539ab707b6e83c84e35939a69c5d5fc8297e5f20 ppc/cups-1.2.12-5.fc6.ppc.rpm
b7937af02c30e26f79eb4761cd8dcc2547a9d002 ppc/debug/cups-debuginfo-1.2.12-5.fc6.ppc.rpm
eb6728cfeb19c473021b1f5ebf813d3a73f064ba ppc/cups-devel-1.2.12-5.fc6.ppc.rpm
735cac3f1ef81900231b5851d1f4dfb5158c58e8 x86_64/cups-lpd-1.2.12-5.fc6.x86_64.rpm
90fd9073b2a16bd7f8cb66b862ce81009bd91603 x86_64/cups-1.2.12-5.fc6.x86_64.rpm
288c861b1e13fb3efd952dca19b686411e706cff x86_64/debug/cups-debuginfo-1.2.12-5.fc6.x86_64.rpm
afbf837f605155c623aab457a6b01e5667bf0905 x86_64/cups-libs-1.2.12-5.fc6.x86_64.rpm
4ddea3119f1d8151babd7fe33527859e17386dab x86_64/cups-devel-1.2.12-5.fc6.x86_64.rpm
ec254328f04fdeff4fd089564617ef474c579b62 i386/cups-libs-1.2.12-5.fc6.i386.rpm
ccf75f4f49aea67c533e8189b31dd2507d358c72 i386/cups-1.2.12-5.fc6.i386.rpm
ba243759ef3dbff8ce93880ca3b7407b5a5e3a79 i386/debug/cups-debuginfo-1.2.12-5.fc6.i386.rpm
3b45fe18c43ccfccf327f6ee6358943b577cefa0 i386/cups-lpd-1.2.12-5.fc6.i386.rpm
6bfd08a274e13fe16c1ad0c5b3bd3eb56bed5b56 i386/cups-devel-1.2.12-5.fc6.i386.rpm

ChangeLog

2007-11-06 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability

	Microsoft Windows Kernel Local Integer Overflow Vulnerability
	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities