From security@linux-mandrake.com Sun Sep 19 04:51:54 2004 From: Mandrake Linux Security Team To: bugtraq@securityfocus.com Date: 15 Sep 2004 18:55:15 -0000 Subject: MDKSA-2004:097 - Updated cups packages fix DoS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: cups Advisory ID: MDKSA-2004:097 Date: September 15th, 2004 Affected versions: 10.0, 9.2, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated packages are patched to protect against this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558 http://www.cups.org/str.php?L863 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 6f786e3ec36e246d7370f492e53e8071 10.0/RPMS/cups-1.1.20-5.1.100mdk.i586.rpm 3b648685e2d6daca32c19f0c911c2a2d 10.0/RPMS/cups-common-1.1.20-5.1.100mdk.i586.rpm c38951a854429442227c08493ce95b10 10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.i586.rpm 68d867e3151cc40be946f7e6585718b3 10.0/RPMS/libcups2-1.1.20-5.1.100mdk.i586.rpm 73a61738b404f9ffe2f5d33d999c58d8 10.0/RPMS/libcups2-devel-1.1.20-5.1.100mdk.i586.rpm dbf32babe26d1b9bf922839fd4f64409 10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 9dd4e92fa6761ce6414583f3673dab6b amd64/10.0/RPMS/cups-1.1.20-5.1.100mdk.amd64.rpm e49fdc4df0ab800ad48c24a87117a63f amd64/10.0/RPMS/cups-common-1.1.20-5.1.100mdk.amd64.rpm ccc5ae05b07c3a56eb30cfe3a95e2aea amd64/10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.amd64.rpm a816a4ad33164d23d0a5425b900d9ce0 amd64/10.0/RPMS/lib64cups2-1.1.20-5.1.100mdk.amd64.rpm feeed14726902046368619d8e5f680c4 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.1.100mdk.amd64.rpm dbf32babe26d1b9bf922839fd4f64409 amd64/10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm Corporate Server 2.1: 142f95c8680e081dfbfb53e586de0758 corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.i586.rpm 13510fb948f686e81cb0e43ed199a5c9 corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.i586.rpm fe7759d16276087aea078a4666d27264 corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.i586.rpm d5a3ad2d14a730b633153bc486f8d043 corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.i586.rpm b1ac7b51317da42444ea35e5e3e1def3 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.i586.rpm 0cfaa49e8d722afad7886998121a8ef2 corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm Corporate Server 2.1/x86_64: 53d838ecedc3d39880e43476cdba933d x86_64/corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.x86_64.rpm 71df87e1abeb7cbf1dff2d206476f149 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.x86_64.rpm 93d9708fbbc34f7ea44b40f193a35bf1 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.x86_64.rpm 4a2d2ace8e2ddf9e29061fff3b0b2e72 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.x86_64.rpm 7edc440141df40c2dbfb814c7221e511 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.x86_64.rpm 0cfaa49e8d722afad7886998121a8ef2 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm Mandrakelinux 9.2: b46e23e49906b9837f8ff8a2f1551a1a 9.2/RPMS/cups-1.1.19-10.1.92mdk.i586.rpm 41882610ebe7ef19c62d0466a3b856bd 9.2/RPMS/cups-common-1.1.19-10.1.92mdk.i586.rpm 80285eaf595e788bf83cb06c3be6399b 9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.i586.rpm eeb50273236cab134566e4ba9aa19de7 9.2/RPMS/libcups2-1.1.19-10.1.92mdk.i586.rpm 9eebdc74a019cbf01a36e91cb0f2da38 9.2/RPMS/libcups2-devel-1.1.19-10.1.92mdk.i586.rpm b2badd330ea284850e42f9107bb178cf 9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: bd01da75ac66983321eca2394853eb56 amd64/9.2/RPMS/cups-1.1.19-10.1.92mdk.amd64.rpm 865443156fd350d0b06c1696f923d413 amd64/9.2/RPMS/cups-common-1.1.19-10.1.92mdk.amd64.rpm 78ed4c034ee5fa27b85dd89d909a1a3c amd64/9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.amd64.rpm 7e868f59baa290fbef9f933ac76156ce amd64/9.2/RPMS/lib64cups2-1.1.19-10.1.92mdk.amd64.rpm db3266a647e39805f0b9f36fa87dcac1 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.1.92mdk.amd64.rpm b2badd330ea284850e42f9107bb178cf amd64/9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBSJATmqjQ0CJFipgRAgi4AJ4hX3e+0849lql7lwNX37B6Wk3I8gCfceiU lMl3gN7n7Pvj20zxNFqdGtM= =5r+U -----END PGP SIGNATURE-----