Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0112 -- Debian Security Advisory DSA 232-2 New CUPS packages fix wrong libPNG dependency 21 February 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CUPS Vendor: Debian Operating System: Debian GNU/Linux 3.0 Linux UNIX Impact: Execute Arbitrary Code/Commands Denial of Service Access Required: Remote Ref: ESB-2003.0039 Comment: CVE Id: CAN-2002-1366, CAN-2002-1367, CAN-2002-1368, CAN-2002-1369, CAN-2002-1371, CAN-2002-1372, CAN-2002-1383, CAN-2002-1384 (http://www.cve.mitre.org) - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 232-2 security@debian.org http://www.debian.org/security/ Martin Schulze February 20th, 2003 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : cupsys Vulnerability : several Problem-type : remote Debian-specific: no CVE Id : CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384 This update corrects a library dependency for the libcupsys2 package which sneaked in with the last security update to CUPS for the stable distribution (woody). The original advisory DSA 232-1 stated: Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the problems listed above. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.dsc Size/MD5 checksum: 690 488a4f8ea7203fadde75d906e6cf64ea http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.diff.gz Size/MD5 checksum: 35455 de07347fda86dad071c45e6d932c97f4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_alpha.deb Size/MD5 checksum: 1899888 49dc42a554de6d65a87b6ae2e8ff9bc2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_alpha.deb Size/MD5 checksum: 73878 3f2a05f77006279df5a72a5e10f2567a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_alpha.deb Size/MD5 checksum: 92524 d7e288183671c27fa8fa09626d699380 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_alpha.deb Size/MD5 checksum: 2445346 c317555525b3afae1f1900e48f73ccb6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_alpha.deb Size/MD5 checksum: 137394 c772d3cb006f8e44738b349e24a5984b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_alpha.deb Size/MD5 checksum: 180182 a70ad0d886b74710d3b4106aabe55184 ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_arm.deb Size/MD5 checksum: 1821374 a6674c57f31308872e20499b17357c37 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_arm.deb Size/MD5 checksum: 68006 ab978ff099fdd7b37550106971454059 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_arm.deb Size/MD5 checksum: 85210 48f3e5ba501e1b38a1634a047d61d636 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_arm.deb Size/MD5 checksum: 2345388 7a8ac6e933aa3824afea3a0a228bb0dc http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_arm.deb Size/MD5 checksum: 112332 0d8f215879b74847ed5acf8e7fe7fff4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_arm.deb Size/MD5 checksum: 149736 b08a2c3bfae9b364969fee4521f8a601 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_i386.deb Size/MD5 checksum: 1788152 cc4758069a8aa1fa0e4958f131f0faa2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_i386.deb Size/MD5 checksum: 67532 739cb994c54cd11154f13a99d36edffb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_i386.deb Size/MD5 checksum: 83722 8f8fcd75c985a1e5f75d1170f21197c6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_i386.deb Size/MD5 checksum: 2311516 09a23d49459ca3effd505921a2f8d434 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_i386.deb Size/MD5 checksum: 110408 86ece906e4f6bf1607758894a217c9bd http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_i386.deb Size/MD5 checksum: 135864 50e2bd585535a49a53f518178dedaa12 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_ia64.deb Size/MD5 checksum: 2007920 a5789e5d38b90613aea9b5a458714b95 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_ia64.deb Size/MD5 checksum: 76944 18f4cf8775b1bf950b7db673f6be26d2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_ia64.deb Size/MD5 checksum: 96686 10d076494a77ebda207b3f4ccbb4d2fb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_ia64.deb Size/MD5 checksum: 2656320 898d58fa392cf145466c7c035eeb0126 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_ia64.deb Size/MD5 checksum: 155146 d472d99b98d3df5b9a88934fa1325449 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_ia64.deb Size/MD5 checksum: 182086 f6b72a5972bddfa606e8369b1d6f4db0 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_hppa.deb Size/MD5 checksum: 1881350 c14a8d5cca984546202bff3b3a5cfbc8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_hppa.deb Size/MD5 checksum: 70332 737ad34c1337a351f850e5a09dd27173 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_hppa.deb Size/MD5 checksum: 89344 894cd4fe76e427b09ba7e30288a69394 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_hppa.deb Size/MD5 checksum: 2455558 56a4e578951ffbcf6c9c7be6234c5fb7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_hppa.deb Size/MD5 checksum: 126020 cfc0ba6b024a6bf627e2bc57aecf9dac http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_hppa.deb Size/MD5 checksum: 158844 ac79946225c6f83d2fa5f88e6c5b4fba Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_m68k.deb Size/MD5 checksum: 1755098 3c27c579b91cf890a47b98917461267f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_m68k.deb Size/MD5 checksum: 65798 48b9c5e7cea3e4f9c72a45cd925347d8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_m68k.deb Size/MD5 checksum: 80918 3fbdf5ad323a27d7cb3bfe73176c4afc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_m68k.deb Size/MD5 checksum: 2260938 85a91950c1bff5d447b51b8162d30d01 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_m68k.deb Size/MD5 checksum: 105630 b284987845a6eaa414f305756029a571 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_m68k.deb Size/MD5 checksum: 128180 cf0c3ebf9d4b5c3b98079d1ca07f76d6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mips.deb Size/MD5 checksum: 1811460 8494a7da26a892605955b91e7aec2752 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mips.deb Size/MD5 checksum: 67422 0146e8d156c0aa6b8813168e3d66feed http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mips.deb Size/MD5 checksum: 80874 d097c0c61fc2e8f0904109d432a233ab http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mips.deb Size/MD5 checksum: 2404196 41e947389ba9414f69a9c6cdbd5476a0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mips.deb Size/MD5 checksum: 112190 b51437fa6dedb0b7cc8178b550e3a95c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mips.deb Size/MD5 checksum: 150458 7007044bc2d13a922999ee4a0b2340fb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 1812312 9dbabaedf362d30cf0bfb8d5a6e1ac26 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 67416 0569cbc30da536cbca2639f0d5d1dcfc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 80902 8a0b296db80627b629711c87334ca13a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 2406512 3857a4490fca8ab736d5466c5a282fce http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 111910 119cb8711ce5c8d8198a5aa55047ea11 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 150300 a82267043aff30d615e6412b1419920b PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 1800642 2e8e32a8ad80d6537bba0f53b5e5d614 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 67434 330355b0de8fbe9942c3b45c86b8833b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 83012 eb02960a180f9a7b2c20f3acd30b8ac4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 2359336 e106d470424730249bd78e3627cd982e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 116116 15ec4592d5d69df82ef0bfc13af38470 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 144438 6e07739403598c1fa4e547384027749e IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_s390.deb Size/MD5 checksum: 1795128 6d8293268c3b69e44c4b4fef02cdd41f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_s390.deb Size/MD5 checksum: 68818 a945b56e02744f098ae98a8b529d9e13 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_s390.deb Size/MD5 checksum: 85552 6569bf59c17d3bde8d723fd441060b5f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_s390.deb Size/MD5 checksum: 2337158 444e722e99e0207ba45a4a2782372492 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_s390.deb Size/MD5 checksum: 114702 766c671a3e0380d5ea79bd8908f222c4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_s390.deb Size/MD5 checksum: 140224 4706d66dd339c0bee9429c710053a86d Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_sparc.deb Size/MD5 checksum: 1844716 3148ba840c107efb91e9ae7ec472b38a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_sparc.deb Size/MD5 checksum: 70380 43573608b4c8b2194eba8320d84a676d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_sparc.deb Size/MD5 checksum: 83818 f2d12acc706621476f04b03e31f47bc6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_sparc.deb Size/MD5 checksum: 2354226 07c0e47816a4abcc6b4798a75245f805 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_sparc.deb Size/MD5 checksum: 119844 36e6cdfa8ba20a339118184ec2a9e04e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_sparc.deb Size/MD5 checksum: 146012 08ec4db24b3e696f4be77f56c9705eb7 These files will probably be moved into the stable distribution on its next revision. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UO2HW5ql+IAeqTIRAmXcAJ9L5o9g31DYY8FstIgtWD3PcM38mACeOqWL wZuCvjvZ1dXZ1JEDG+aMe/U= =D+06 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBPlZK5yh9+71yA2DNAQESiQP+I0KW7Hjg2SoBf+IGWGv/Z5mHHXue0D23 pf6AttXSiADzMZnH87wG9jKyHw+2tVxQ34xC1SBhPngynFRWlfSpZtjfstkCbs3X EG7PBIVoqENn7+yBRr/oAG47+ue2xvLKOzMTkDSrhWPfQQagHdU90zfqr7kSdON6 WajJE8+s0zM= =zhGv -----END PGP SIGNATURE-----