SCIENTIFIC-LINUX-ERRATA Archives

November 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA for cups on SL4.x i386/x86_64
From:
Connie Sieh <[log in to unmask]>
Reply To:
Connie Sieh <[log in to unmask]>
Date:
Wed, 7 Nov 2007 17:08:08 -0600
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (42 lines) 
Synopsis:          Important: cups security update

CVE Names:         CVE-2007-4045
 		   CVE-2007-4351
                    CVE-2007-4352
                    CVE-2007-5392
                    CVE-2007-5393

Problem description:

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags.
A remote attacker who is able to connect to the IPP TCP port could send a
malicious request causing the CUPS daemon to crash. (CVE-2007-4351)

A flaw was found in the way CUPS handled SSL negotiation. A remote attacker
capable of connecting to the CUPS daemon could cause CUPS to crash.
(CVE-2007-4045)

SL4.x

SRPMS:
 	cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386:
 	cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
 	cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
 	cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

x86_64:
 	cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
 	cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
 	cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
 	cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2