Date: 6 Nov 2003 03:01:08 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2003:104 - Updated CUPS packages fix denial of service vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrake Linux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2003:104
Date: November 5th, 2003
Affected versions: 9.0, Corporate Server 2.1
______________________________________________________________________
Problem Description:
A bug in versions of CUPS prior to 1.1.19 was reported by Paul
Mitcheson in the Internet Printing Protocol (IPP) implementation
would result in CUPS going into a busy loop, which could result in
a Denial of Service (DoS) condition. To be able to exploit this
problem, an attacker would need to be able to make a TCP connection
to the IPP port (port 631 by default).
The provided packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0788
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
584a05963995876e075e5ca9817cfadb corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.i586.rpm
7971d0e5ac93d322e6aa97677e815eef corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.i586.rpm
06320efce369f26e61c37f32eb16169f corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.i586.rpm
525bb92144b0b12c8ed04422cdc82d71 corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.i586.rpm
6d35d2b7a8cb4eb93292cf47f408a4fe corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.i586.rpm
b93777ca1fa1ef8b3471f5a3827c1e32 corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
32240f855fb4495a9041f06f595ab8e2 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.x86_64.rpm
77f573305193f54dd39d7f0418da466e x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.x86_64.rpm
5b68c85307ccbcb6dd7d8b4494781cf9 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.x86_64.rpm
bcc3fdf22ebc631bbd0560795413d312 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.x86_64.rpm
67d11d928cd59d3e734c90a9b1f02e05 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.x86_64.rpm
b93777ca1fa1ef8b3471f5a3827c1e32 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm
Mandrake Linux 9.0:
ef999ce7a7361856bde78493357c173c 9.0/RPMS/cups-1.1.18-2.2.90mdk.i586.rpm
23772861be6813682316071ac5142169 9.0/RPMS/cups-common-1.1.18-2.2.90mdk.i586.rpm
517a0a906e0f6135aacb31fc1dc98c1c 9.0/RPMS/cups-serial-1.1.18-2.2.90mdk.i586.rpm
e5ba8a833fab015d04743e61466adcb3 9.0/RPMS/libcups1-1.1.18-2.2.90mdk.i586.rpm
fce8efc7313816c9aaabaa6c9abf6201 9.0/RPMS/libcups1-devel-1.1.18-2.2.90mdk.i586.rpm
4357ea21f3bb199c65fc37c9eebd1066 9.0/SRPMS/cups-1.1.18-2.2.90mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/qbl0mqjQ0CJFipgRAgU6AJ98a4C4+wz2tysAQGwy2/WEN5K+NQCfQjBX
6X9Q3Opeh6oBY9pPaluq1ls=
=l25S
-----END PGP SIGNATURE-----