LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

June 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA June 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: cups on SL3.x, SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 24 Jun 2010 06:50:19 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

Synopsis:	Important: cups security update
Issue date:	2010-06-17
CVE Names:	CVE-2010-0540 CVE-2010-0542 CVE-2010-1748

A missing memory allocation failure check flaw, leading to a NULL 
pointer dereference, was found in the CUPS "texttops" filter. An 
attacker could create a malicious text file that would cause "texttops" 
to crash or, potentially, execute arbitrary code as the "lp" user if the 
file was printed. (CVE-2010-0542)

A Cross-Site Request Forgery (CSRF) issue was found in the CUPS web
interface. If a remote attacker could trick a user, who is logged into 
the CUPS web interface as an administrator, into visiting a 
specially-crafted website, the attacker could reconfigure and disable 
CUPS, and gain access to print jobs and system files. (CVE-2010-0540)

Note: As a result of the fix for CVE-2010-0540, cookies must now be 
enabled in your web browser to use the CUPS web interface.

An uninitialized memory read issue was found in the CUPS web interface. 
If an attacker had access to the CUPS web interface, they could use a
specially-crafted URL to leverage this flaw to read a limited amount of
memory from the cupsd process, possibly obtaining sensitive information.
(CVE-2010-1748)

After installing this update, the cupsd daemon will be restarted 
automatically.


SL 3.0.x

       SRPMS:
cups-1.1.17-13.3.65.src.rpm
       i386:
cups-1.1.17-13.3.65.i386.rpm
cups-devel-1.1.17-13.3.65.i386.rpm
cups-libs-1.1.17-13.3.65.i386.rpm
       x86_64:
cups-1.1.17-13.3.65.x86_64.rpm
cups-devel-1.1.17-13.3.65.x86_64.rpm
cups-libs-1.1.17-13.3.65.i386.rpm
cups-libs-1.1.17-13.3.65.x86_64.rpm

SL 4.x

       SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.6.src.rpm
       i386:
cups-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
       x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm

SL 5.x

       SRPMS:
cups-1.3.7-18.el5_5.4.src.rpm
       i386:
cups-1.3.7-18.el5_5.4.i386.rpm
cups-devel-1.3.7-18.el5_5.4.i386.rpm
cups-libs-1.3.7-18.el5_5.4.i386.rpm
cups-lpd-1.3.7-18.el5_5.4.i386.rpm
       x86_64:
cups-1.3.7-18.el5_5.4.x86_64.rpm
cups-devel-1.3.7-18.el5_5.4.i386.rpm
cups-devel-1.3.7-18.el5_5.4.x86_64.rpm
cups-libs-1.3.7-18.el5_5.4.i386.rpm
cups-libs-1.3.7-18.el5_5.4.x86_64.rpm
cups-lpd-1.3.7-18.el5_5.4.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV