MDVSA-2008:036

Nom du paquet

cups

Date

2008-02-06

Advisory ID

MDVSA-2008:036

Affected versions

CS4.0 i586 , CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

Wei Wang found that the SNMP discovery backend in CUPS did not
correctly calculate the length of strings. If a user could be tricked
into scanning for printers, a remote attacker could send a specially
crafted packet and possibly execute arbitrary code (CVE-2007-5849).

As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another
denial of service regression within SSL handling (CVE-2007-4045).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 i586

 2ff282c107a464893dceecd702a49fbb  corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm
 d40e3334925c3dfeb4cf69c9a81279da  corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm
 c0cd1b083354931223532a3f66708796  corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm
 2cbac22995a55e1f2a2775c9b2f993ef  corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm
 6e2f4b34178fea2cf9fbc6d2ef23bb10  corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm
 7013f9f6c6820f411bbece64eef74338  corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm 
 af983d1c74680e800bdc2cf9190a64d3  corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm

CS4.0 x86_64

 5b7647d72d7c6717fc66511d99dfb85d  corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm
 4e2885508967804e2036312408b887a6  corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm
 c2c7dcc9fe085e0763bfdb492fb75efc  corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm
 8638a23ea946526c960840507933c835  corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm
 856b172bc91bbd802a821a775d45b6c9  corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm
 f97300e6f09ef8b08d1a0563a5c324f1  corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm 
 af983d1c74680e800bdc2cf9190a64d3  corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm

2007.0 x86_64

 b7553d0c3fbc26b3701b141c9b83d4f3  2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm
 4a38d3105789f691876915a408b14238  2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm
 66f5f00ec62eda88ad3bcc4a7c1bb9f8  2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm
 8cb823e9208e3318df6856d6f604e915  2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm
 87a2ecc7dea1d4df9dc375aaa08706df  2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm
 80f26c35b1a9df435722fda1cbbf73a3  2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm 
 f79a5dfe12eb0645f787ad1112c21df6  2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm

2007.1 i586

 211c3ad187609d5b780ff3fa5b49e444  2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm
 7d40f786123cf00358798508bb62d3d3  2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm
 0e5804893b2a9246b0e868c31b32b06b  2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm
 338d3dec619d84e87f51bd7cfd16d8d2  2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm
 8db18206adc7d5e06791544156b055b3  2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm
 62132f4112ac2b0a2d12774d29bec0cb  2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm 
 4ba57d3741a92f13208328191a9a1778  2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm

2007.0 i586

 e7b60799c6564dab2fac51c4f141dbe5  2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm
 4c32071aad3f9098ea2dd2f9a1b7cd49  2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm
 63d9a864863267cf2f4fddc02e095e06  2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm
 1f4920904c759ce0e9abb3bbc8cdd594  2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm
 b1ec7aa06c2be308ff9c2a63da1c7731  2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm
 f383e8d9d10ca981e447dd6a01ee851d  2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm 
 f79a5dfe12eb0645f787ad1112c21df6  2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm

CS3.0 x86_64

 4cc49531ae7c6e30a6119a96fd6e2be7  corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm
 d99c41a39764138480fd0498fc08dc86  corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm
 1217f6489b62f4f97272266a36ad1dcf  corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm
 37b559193f8165d5fb94f3dfb0a17002  corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm
 29f3155a705199ddc18d4f07151ee0e5  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm 
 862992a50ff8f3311bc1e6a57e916f44  corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm

2008.0 x86_64

 402aea771b06142b45b722bff80f091e  2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm
 f2455232cc2a9573ecec47ef56cdc597  2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm
 37a5555a41d6fb417b21939c805664f2  2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm
 ce9c705103f3818d9c5795c9870fe8ff  2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm
 69cbe40728e22cc75aec77357f1afd05  2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm
 383988eb5c94bb74024fdf374cb3b2be  2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm 
 188a7ec8777c3b4b31750580117a870e  2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm

CS3.0 i586

 22d8969d906321fbee18c2bbc85588d3  corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm
 36304afe8bedfa972b100864a155c631  corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm
 c769d1450268709318ca831aa61fb0e1  corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm
 add323f4e6d19502d1784d8170b56158  corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm
 1795159898f7d56792ccb5d2fa94f01d  corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm 
 862992a50ff8f3311bc1e6a57e916f44  corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm

2008.0 i586

 5e6c08849a88b069afaa97a41e9e960e  2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm
 9572d60e8afebae8af024b1fe7209fb3  2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm
 3f289e765d786c9e10ea5cfc21f73f6b  2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm
 c0fd3de781ef4d6ed0f9e13cae53d883  2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm
 610b6e72c3c11c6015f8177701156351  2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm
 fb6ef9cab451a3133be7f76ba840b012  2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm 
 188a7ec8777c3b4b31750580117a870e  2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm

2007.1 x86_64

 8c149f4c10733c9a9111160ae59ad925  2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm
 4b1daf55b41af95a1cd84bebe942d560  2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm
 5c5ca12c2c1acc4d4dbabdd1a724c6b6  2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm
 c3b6080be7e3f4705a8a2a49bcffd444  2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm
 e0b59e5053778c2ffa2f54e0b45d2d39  2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm
 f55015ed699bf755c426f543c1663c68  2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm 
 4ba57d3741a92f13208328191a9a1778  2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849