Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2003.0112 -- Debian Security Advisory DSA 232-2
New CUPS packages fix wrong libPNG dependency
21 February 2003
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CUPS
Vendor: Debian
Operating System: Debian GNU/Linux 3.0
Linux
UNIX
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access Required: Remote
Ref: ESB-2003.0039
Comment: CVE Id: CAN-2002-1366, CAN-2002-1367, CAN-2002-1368,
CAN-2002-1369, CAN-2002-1371, CAN-2002-1372,
CAN-2002-1383, CAN-2002-1384
(http://www.cve.mitre.org)
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 232-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 20th, 2003 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : cupsys
Vulnerability : several
Problem-type : remote
Debian-specific: no
CVE Id : CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384
This update corrects a library dependency for the libcupsys2 package
which sneaked in with the last security update to CUPS for the stable
distribution (woody).
The original advisory DSA 232-1 stated:
Multiple vulnerabilities were discovered in the Common Unix
Printing System (CUPS). Several of these issues represent the
potential for a remote compromise or denial of service. The Common
Vulnerabilities and Exposures project identifies the problems
listed above.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.dsc
Size/MD5 checksum: 690 488a4f8ea7203fadde75d906e6cf64ea
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.diff.gz
Size/MD5 checksum: 35455 de07347fda86dad071c45e6d932c97f4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 1899888 49dc42a554de6d65a87b6ae2e8ff9bc2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 73878 3f2a05f77006279df5a72a5e10f2567a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 92524 d7e288183671c27fa8fa09626d699380
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 2445346 c317555525b3afae1f1900e48f73ccb6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 137394 c772d3cb006f8e44738b349e24a5984b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_alpha.deb
Size/MD5 checksum: 180182 a70ad0d886b74710d3b4106aabe55184
ARM architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_arm.deb
Size/MD5 checksum: 1821374 a6674c57f31308872e20499b17357c37
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_arm.deb
Size/MD5 checksum: 68006 ab978ff099fdd7b37550106971454059
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_arm.deb
Size/MD5 checksum: 85210 48f3e5ba501e1b38a1634a047d61d636
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_arm.deb
Size/MD5 checksum: 2345388 7a8ac6e933aa3824afea3a0a228bb0dc
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_arm.deb
Size/MD5 checksum: 112332 0d8f215879b74847ed5acf8e7fe7fff4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_arm.deb
Size/MD5 checksum: 149736 b08a2c3bfae9b364969fee4521f8a601
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_i386.deb
Size/MD5 checksum: 1788152 cc4758069a8aa1fa0e4958f131f0faa2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_i386.deb
Size/MD5 checksum: 67532 739cb994c54cd11154f13a99d36edffb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_i386.deb
Size/MD5 checksum: 83722 8f8fcd75c985a1e5f75d1170f21197c6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_i386.deb
Size/MD5 checksum: 2311516 09a23d49459ca3effd505921a2f8d434
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_i386.deb
Size/MD5 checksum: 110408 86ece906e4f6bf1607758894a217c9bd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_i386.deb
Size/MD5 checksum: 135864 50e2bd585535a49a53f518178dedaa12
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 2007920 a5789e5d38b90613aea9b5a458714b95
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 76944 18f4cf8775b1bf950b7db673f6be26d2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 96686 10d076494a77ebda207b3f4ccbb4d2fb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 2656320 898d58fa392cf145466c7c035eeb0126
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 155146 d472d99b98d3df5b9a88934fa1325449
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_ia64.deb
Size/MD5 checksum: 182086 f6b72a5972bddfa606e8369b1d6f4db0
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 1881350 c14a8d5cca984546202bff3b3a5cfbc8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 70332 737ad34c1337a351f850e5a09dd27173
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 89344 894cd4fe76e427b09ba7e30288a69394
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 2455558 56a4e578951ffbcf6c9c7be6234c5fb7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 126020 cfc0ba6b024a6bf627e2bc57aecf9dac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_hppa.deb
Size/MD5 checksum: 158844 ac79946225c6f83d2fa5f88e6c5b4fba
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 1755098 3c27c579b91cf890a47b98917461267f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 65798 48b9c5e7cea3e4f9c72a45cd925347d8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 80918 3fbdf5ad323a27d7cb3bfe73176c4afc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 2260938 85a91950c1bff5d447b51b8162d30d01
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 105630 b284987845a6eaa414f305756029a571
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_m68k.deb
Size/MD5 checksum: 128180 cf0c3ebf9d4b5c3b98079d1ca07f76d6
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mips.deb
Size/MD5 checksum: 1811460 8494a7da26a892605955b91e7aec2752
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mips.deb
Size/MD5 checksum: 67422 0146e8d156c0aa6b8813168e3d66feed
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mips.deb
Size/MD5 checksum: 80874 d097c0c61fc2e8f0904109d432a233ab
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mips.deb
Size/MD5 checksum: 2404196 41e947389ba9414f69a9c6cdbd5476a0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mips.deb
Size/MD5 checksum: 112190 b51437fa6dedb0b7cc8178b550e3a95c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mips.deb
Size/MD5 checksum: 150458 7007044bc2d13a922999ee4a0b2340fb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 1812312 9dbabaedf362d30cf0bfb8d5a6e1ac26
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 67416 0569cbc30da536cbca2639f0d5d1dcfc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 80902 8a0b296db80627b629711c87334ca13a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 2406512 3857a4490fca8ab736d5466c5a282fce
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 111910 119cb8711ce5c8d8198a5aa55047ea11
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mipsel.deb
Size/MD5 checksum: 150300 a82267043aff30d615e6412b1419920b
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 1800642 2e8e32a8ad80d6537bba0f53b5e5d614
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 67434 330355b0de8fbe9942c3b45c86b8833b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 83012 eb02960a180f9a7b2c20f3acd30b8ac4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 2359336 e106d470424730249bd78e3627cd982e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 116116 15ec4592d5d69df82ef0bfc13af38470
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_powerpc.deb
Size/MD5 checksum: 144438 6e07739403598c1fa4e547384027749e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_s390.deb
Size/MD5 checksum: 1795128 6d8293268c3b69e44c4b4fef02cdd41f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_s390.deb
Size/MD5 checksum: 68818 a945b56e02744f098ae98a8b529d9e13
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_s390.deb
Size/MD5 checksum: 85552 6569bf59c17d3bde8d723fd441060b5f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_s390.deb
Size/MD5 checksum: 2337158 444e722e99e0207ba45a4a2782372492
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_s390.deb
Size/MD5 checksum: 114702 766c671a3e0380d5ea79bd8908f222c4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_s390.deb
Size/MD5 checksum: 140224 4706d66dd339c0bee9429c710053a86d
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 1844716 3148ba840c107efb91e9ae7ec472b38a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 70380 43573608b4c8b2194eba8320d84a676d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 83818 f2d12acc706621476f04b03e31f47bc6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 2354226 07c0e47816a4abcc6b4798a75245f805
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 119844 36e6cdfa8ba20a339118184ec2a9e04e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_sparc.deb
Size/MD5 checksum: 146012 08ec4db24b3e696f4be77f56c9705eb7
These files will probably be moved into the stable distribution on
its next revision.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+UO2HW5ql+IAeqTIRAmXcAJ9L5o9g31DYY8FstIgtWD3PcM38mACeOqWL
wZuCvjvZ1dXZ1JEDG+aMe/U=
=D+06
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBPlZK5yh9+71yA2DNAQESiQP+I0KW7Hjg2SoBf+IGWGv/Z5mHHXue0D23
pf6AttXSiADzMZnH87wG9jKyHw+2tVxQ34xC1SBhPngynFRWlfSpZtjfstkCbs3X
EG7PBIVoqENn7+yBRr/oAG47+ue2xvLKOzMTkDSrhWPfQQagHdU90zfqr7kSdON6
WajJE8+s0zM=
=zhGv
-----END PGP SIGNATURE-----