French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes CUPS Code Execution Vulnerabilities

Title : Mandriva Security Update Fixes CUPS Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-1086
CVE ID : CVE-2008-0047 - CVE-2008-0053 - CVE-2008-1373
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-04-03

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
4ecbfe664ba6820bf06dc406133e265c 2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm
6d51733a95884e36cca9570738537ff6 2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm
abe0591d8b2b390a82dffcd2fed43b14 2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm
91ffe19d342810de71e056e213056552 2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm
71fd9246da1e48b2dc6a60ceeae41e48 2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm
bd0f3b69fe5dc7bddd6c121200db014d 2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm
cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d9423a942f4f779959cfe489866b52f5 2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm
8b13ba591a7dc53c658876dae447ce17 2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm
9e434edde16c05fded1b706adaae859d 2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm
9733f3116c8488148471af3d5bdafd16 2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm
fbb5010088c23aa2cf635875179adc3c 2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm
00e05d49f33ef5d0067287ef1a27246c 2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm
cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm

Mandriva Linux 2007.1:
dc81f96bd48732eed770b0090b333695 2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm
3545d312400a8f5aad55e323d2ff3543 2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm
f4656b26df51f63813a49006415a783b 2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm
ab1869c8ddeda927fdfbc49c386756f1 2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm
5de192ed26380212896fcd376a1b3e23 2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm
a347c58fc3e76e064cabf8425d0245ab 2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm
15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
1faa57f00d0577f6d25cddf7fccd7edb 2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm
26a14fabfef38f2fd4ab88c6184d4e2f 2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm
b5a49bfbeb004af58e1e5f9c1660dece 2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm
6b81f4e888dec6e94231b01fd5d162bf 2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm
256313a9ac10203a7d59deb6ff0a3da0 2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm
41e268b0e9e8a5e256c9af6192dfcae0 2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm
15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm

Mandriva Linux 2008.0:
27ee99856a1c4448cdee618f2db8ae52 2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm
09a6026a683b1ea029b63b0480aa2d4b 2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm
7974c9c3a572a389fea83250cd57c8e1 2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm
a6432e417d401b7900113763255bf8c3 2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm
cfb0fd68a1d60f1dfa985da0bb79190f 2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm
aba1862f9db0e18f09d581ef0a95fde8 2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm
e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b18f356dc9fc5cda784e576e3f20a801 2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm
bccc98b2ad3205d2c301036ba9d28f61 2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm
1c1837c8a8eb04609daa405553ab7fe8 2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm
5748bf84c1239e2b4255446cbf6c8285 2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm
bd593d10e724d5fcb41a474ceb985996 2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm
f2db5dfbb8dc8327965a45a5d88e0b6d 2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm
e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm

Corporate 3.0:
21bb1e12de3ad442d1abcf6b748e4612 corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm
0b98a618d204f1cb5d93cfc8bc17ce04 corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm
b4d7d4823f4a052f1b88de95c15fdd35 corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm
15ff4fca1070bde09536ef5c152f93fa corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm
29a49e9cd1dab4afc7d4b45f756db2ec corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm
2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

Corporate 3.0/X86_64:
f977134efb9f309911bfc1b4850e82f0 corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm
36fff0b8424e4f651e6f055c70008521 corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm
696c4e4cc405b9ca56f22819fa2f818b corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm
942d626665fe5a05f879411e7ca80030 corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm
e191a6945b87e3b33617a3de06561d3e corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm
2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm

Corporate 4.0:
a091b07a3a414304cf24e76ab99d3afe corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm
4cabdbd655b65028ee5bdfb3452f4506 corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm
534437dd5a286f0484df0e2cdfd9e636 corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm
0dd449c47be977964034d699749738f7 corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm
6aad89786cfec35bc5e81eb3a1dc8cd4 corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm
fc46181aa746a4f637d66681fb975560 corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm
83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7c7624e35383c614691e4063215f8d65 corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm
17f29e8614a988900a09305adfd1c85b corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm
773484820406d7285608081cb7e262d2 corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm
a53e7a817a42ccc1ac5a5daa7602c4d8 corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm
ad933e76d237bbb83bf568071566ba37 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm
4c6d20646db4de2ab03907c9b6705067 corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm
83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm

ChangeLog

2008-04-03 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

IBM WebSphere Portal Remote Authentication Bypass Vulnerability

IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy