French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes CUPS Denial of Service Vulnerabilities

Title : Mandriva Security Update Fixes CUPS Denial of Service Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0689
CVE ID : CVE-2007-5848 - CVE-2008-0596 - CVE-2008-0597
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-02-27

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
0a7d158dea287d3fb02d562e66144f55 2007.0/i586/cups-1.2.4-1.7mdv2007.0.i586.rpm
0f89e8283a7765359bf587aa1a49d537 2007.0/i586/cups-common-1.2.4-1.7mdv2007.0.i586.rpm
80e246d3868f57bc052f9d0527161ed2 2007.0/i586/cups-serial-1.2.4-1.7mdv2007.0.i586.rpm
11e435c39845560d06451300cee0ff78 2007.0/i586/libcups2-1.2.4-1.7mdv2007.0.i586.rpm
82903c633dfe9b705976ac9cfea5fe13 2007.0/i586/libcups2-devel-1.2.4-1.7mdv2007.0.i586.rpm
f688f9d5d9c80a1c4081ba897bda3b31 2007.0/i586/php-cups-1.2.4-1.7mdv2007.0.i586.rpm
9d8074c34c5471dd2ea7150747e9763d 2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
35030a4837fef0355a0353e552d56d45 2007.0/x86_64/cups-1.2.4-1.7mdv2007.0.x86_64.rpm
6f91d3f1c641e623549ad9d102037205 2007.0/x86_64/cups-common-1.2.4-1.7mdv2007.0.x86_64.rpm
5b974bae09a30c051fca184dbfc514a6 2007.0/x86_64/cups-serial-1.2.4-1.7mdv2007.0.x86_64.rpm
d6a2095673a0e3093303bb98c2251fb8 2007.0/x86_64/lib64cups2-1.2.4-1.7mdv2007.0.x86_64.rpm
d705ff9b705c54a3c842c25823c3c412 2007.0/x86_64/lib64cups2-devel-1.2.4-1.7mdv2007.0.x86_64.rpm
64424352ee5b03cc16d6318d47681602 2007.0/x86_64/php-cups-1.2.4-1.7mdv2007.0.x86_64.rpm
9d8074c34c5471dd2ea7150747e9763d 2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm

Mandriva Linux 2007.1:
5105e804cdb43266919ef6a2d4d56172 2007.1/i586/cups-1.2.10-2.5mdv2007.1.i586.rpm
bc59fa659d2a1198cb37e6a5e46147d7 2007.1/i586/cups-common-1.2.10-2.5mdv2007.1.i586.rpm
b42d2a433bf01becc833f1f052117451 2007.1/i586/cups-serial-1.2.10-2.5mdv2007.1.i586.rpm
ac1ab68a5b9d22eed8de1afcfc5244dc 2007.1/i586/libcups2-1.2.10-2.5mdv2007.1.i586.rpm
08523fd668fd17454873aa3f6b62b339 2007.1/i586/libcups2-devel-1.2.10-2.5mdv2007.1.i586.rpm
b0159435bf4e9cd5e69e7215bc936cfe 2007.1/i586/php-cups-1.2.10-2.5mdv2007.1.i586.rpm
f57d2c24cf4c2566019e6457c15a4314 2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
104867d41e5732b04cc19c4cb9cb9ecc 2007.1/x86_64/cups-1.2.10-2.5mdv2007.1.x86_64.rpm
bc98f745c4fe6172926c7fae56421dbf 2007.1/x86_64/cups-common-1.2.10-2.5mdv2007.1.x86_64.rpm
75f5cf947fbdf830b4c4ab7a5ab39be3 2007.1/x86_64/cups-serial-1.2.10-2.5mdv2007.1.x86_64.rpm
b792523a1e6607731d428ee8ab750cdb 2007.1/x86_64/lib64cups2-1.2.10-2.5mdv2007.1.x86_64.rpm
7d359e84eb335e0e73a45c3425ba16c7 2007.1/x86_64/lib64cups2-devel-1.2.10-2.5mdv2007.1.x86_64.rpm
b1734f40a5a137d7b040e89f8f2c9cf4 2007.1/x86_64/php-cups-1.2.10-2.5mdv2007.1.x86_64.rpm
f57d2c24cf4c2566019e6457c15a4314 2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm

Mandriva Linux 2008.0:
41c457c0abf00c4cd12c68206d1ef19d 2008.0/i586/cups-1.3.0-3.5mdv2008.0.i586.rpm
527208039efbae8c688e17222375cd25 2008.0/i586/cups-common-1.3.0-3.5mdv2008.0.i586.rpm
77ff879a0416f557da2577e2cc0be520 2008.0/i586/cups-serial-1.3.0-3.5mdv2008.0.i586.rpm
f2e416902352f08a433fa3b42125f069 2008.0/i586/libcups2-1.3.0-3.5mdv2008.0.i586.rpm
464018750437eefcd27c64851dd3babf 2008.0/i586/libcups2-devel-1.3.0-3.5mdv2008.0.i586.rpm
51c51c2d372c97a3bd67ec20a6e8ab1f 2008.0/i586/php-cups-1.3.0-3.5mdv2008.0.i586.rpm
59be42c190d902a00fff01c813933fab 2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
ae89deb6366ad290ffdad65c50536d05 2008.0/x86_64/cups-1.3.0-3.5mdv2008.0.x86_64.rpm
3dedafa2f472ce3ac5147cb55208b505 2008.0/x86_64/cups-common-1.3.0-3.5mdv2008.0.x86_64.rpm
ed1390e977087d00427082d74a982816 2008.0/x86_64/cups-serial-1.3.0-3.5mdv2008.0.x86_64.rpm
361afea801db6537a050e40c47e52f28 2008.0/x86_64/lib64cups2-1.3.0-3.5mdv2008.0.x86_64.rpm
7b2be918011c91cf5dc30a91ebe09ee4 2008.0/x86_64/lib64cups2-devel-1.3.0-3.5mdv2008.0.x86_64.rpm
1f5dd9fa07b8e29c36fae8a3003b5743 2008.0/x86_64/php-cups-1.3.0-3.5mdv2008.0.x86_64.rpm
59be42c190d902a00fff01c813933fab 2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm

Corporate 4.0:
bbee37ca52c8033ec89f3cc9205e0c05 corporate/4.0/i586/cups-1.2.4-0.7.20060mlcs4.i586.rpm
e72747799613a53d88cea13ac52c1a74 corporate/4.0/i586/cups-common-1.2.4-0.7.20060mlcs4.i586.rpm
548b48c8afa79a83971cb2adb20004a1 corporate/4.0/i586/cups-serial-1.2.4-0.7.20060mlcs4.i586.rpm
df20bcab65ba98cb2587270be4562b97 corporate/4.0/i586/libcups2-1.2.4-0.7.20060mlcs4.i586.rpm
108d380752eeccb01bd80f2d6a25479b corporate/4.0/i586/libcups2-devel-1.2.4-0.7.20060mlcs4.i586.rpm
2194a57725880ab610799790575f62ed corporate/4.0/i586/php-cups-1.2.4-0.7.20060mlcs4.i586.rpm
e7131afcaa870e2f49d37224a7b6d6cf corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7e0ab06ae666103857342dbf5189d3ea corporate/4.0/x86_64/cups-1.2.4-0.7.20060mlcs4.x86_64.rpm
e5f9340f4748c8ffa07c061444fb1bdf corporate/4.0/x86_64/cups-common-1.2.4-0.7.20060mlcs4.x86_64.rpm
46089fc8f48fd08bca263967e5fcb21f corporate/4.0/x86_64/cups-serial-1.2.4-0.7.20060mlcs4.x86_64.rpm
7fac230cf127e832c596f221524d2b8c corporate/4.0/x86_64/lib64cups2-1.2.4-0.7.20060mlcs4.x86_64.rpm
cca789f65894cbf299b280c3962e7f65 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.7.20060mlcs4.x86_64.rpm
4eaaaeb37968a80b704c175d5f3019ae corporate/4.0/x86_64/php-cups-1.2.4-0.7.20060mlcs4.x86_64.rpm
e7131afcaa870e2f49d37224a7b6d6cf corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm

Corporate 3.0:
71c1bd1c9099440da3e9afcfe4636525 corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm
a73fba38dbcf62fd4c64590e5d754126 corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm
60b6e82788d5b0c51f68b0db44e31240 corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm
419d078e2df1396531c23cbbf2f2785d corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm
064e5b42b27c90602bf8e7c47200bef8 corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm
5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm

Corporate 3.0/X86_64:
c33aff1c5bab9bce22f7a018f2fbfe7d corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm
ba1cba41b479e332e8d43652af86756d corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm
211561645f6743343a0a9189ecd8e24e corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm
d1cb2198f9b73cfb5d2ae3d69bacf12c corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm
104350956cda23c2e2f5bb05a22df9c7 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm
5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm

ChangeLog

2008-02-27 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Windows Kernel Local Integer Overflow Vulnerability

Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability

Microsoft Office OneNote URL Code Execution (MS08-055)

Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM DB2 Universal Database Multiple Denial of Service

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy