Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0414 -- Debian Security Advisory DSA-317-1 New cupsys packages fix denial of service 12 June 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CUPS cupsys Publisher: Debian Operating System: Debian GNU/Linux 3.0 Debian GNU/Linux 2.2 Linux Impact: Denial of Service Access Required: Remote CVE Names: CAN-2003-0195 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 317-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman June 11th, 2003 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : cupsys Vulnerability : denial of service Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0195 The CUPS print server in Debian is vulnerable to a denial of service when an HTTP request is received without being properly terminated. For the stable distribution (woody) this problem has been fixed in version 1.1.14-5. For the old stable distribution (potato) this problem has been fixed in version 1.0.4-12.2. For the unstable distribution (sid) these problems are fixed in version 1.1.19final-1. We recommend that you update your cupsys package. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - - --------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2.dsc Size/MD5 checksum: 655 62f4187f7688d12d1cb2dc8f3ceddcb4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2.diff.gz Size/MD5 checksum: 32179 70555e86da9e760ae56aab28ae90c6d5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4.orig.tar.gz Size/MD5 checksum: 3147998 d753d8b3c2506a9b97bf4f22ca53f38b Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_alpha.deb Size/MD5 checksum: 2437792 68586395d797a4e61722767cef136a37 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_alpha.deb Size/MD5 checksum: 18086 6e9493d7a8fa81d23a6a1f5ede22a202 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_alpha.deb Size/MD5 checksum: 88128 d17fc2e76871efee28cfcdc3fa613ef7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_alpha.deb Size/MD5 checksum: 118130 01a41f44933ac8a6515b034be8fe15dd ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_arm.deb Size/MD5 checksum: 2336828 7dcec02babb951364408797a55e4da54 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_arm.deb Size/MD5 checksum: 17248 53ec17c74322643e8fef2365bfdbc5ea http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_arm.deb Size/MD5 checksum: 65418 9bd20224686a76d0718d611817520e1d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_arm.deb Size/MD5 checksum: 92906 2b26c2727fa1d17c7f20c8302224e900 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_i386.deb Size/MD5 checksum: 2296854 5604e4ef5b8f5745b24e928572f4ea00 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_i386.deb Size/MD5 checksum: 16834 80f1e31bb576a747171ceee897a08395 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_i386.deb Size/MD5 checksum: 65090 1b7eb1299370c942369c007ca88a4a19 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_i386.deb Size/MD5 checksum: 83476 257fd71bba53040177c67d0acc4af963 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_m68k.deb Size/MD5 checksum: 2245650 a539f8c6bca41313c3bcafcade951e92 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_m68k.deb Size/MD5 checksum: 16222 9de04da1ae83802aeb176ac768547b44 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_m68k.deb Size/MD5 checksum: 60304 5b7af092247d34a55ed31de79727d861 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_m68k.deb Size/MD5 checksum: 76378 b4c2cb0c1d44881398da9edca2179246 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_powerpc.deb Size/MD5 checksum: 2331472 d6b315e38ba84bcc85b9a46b3a15ac23 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_powerpc.deb Size/MD5 checksum: 16624 897f83ebf718f6f83fc2f39598b0db5c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_powerpc.deb Size/MD5 checksum: 68590 04ffc914f4f6da8e9e295be7a5d2b717 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_powerpc.deb Size/MD5 checksum: 89904 c5ebfeeda1bfceb42f6f12eb15038c56 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_sparc.deb Size/MD5 checksum: 2349170 fe795cb085fc8210aa53b4f83d3f8303 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_sparc.deb Size/MD5 checksum: 16860 6ff9f5d5967097196900a19599352e69 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_sparc.deb Size/MD5 checksum: 71574 edf96b9318e8d49254ae6ad3d78a89e5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_sparc.deb Size/MD5 checksum: 89630 03b72fddbe710bca0a74a34a0461ae2c Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5.dsc Size/MD5 checksum: 698 d8e9f0cbef70faa7a8f977da6e3fbd93 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5.diff.gz Size/MD5 checksum: 37098 4cd82a8a1616de6ae7b2fc3d646ed8fe http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_alpha.deb Size/MD5 checksum: 1899134 dcb4b6347d0b476dae89be122b39e2eb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_alpha.deb Size/MD5 checksum: 73962 0b4b8df7cbbff8ffc5257bc1a517c179 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_alpha.deb Size/MD5 checksum: 92600 3aea4a863525bd32cc5dfc302de54121 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_alpha.deb Size/MD5 checksum: 2445454 f21eeeda531ea8161c224036fc9879b0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_alpha.deb Size/MD5 checksum: 137630 54f0a920320e84654c4f4e5f4081eaa6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_alpha.deb Size/MD5 checksum: 180558 1226c233b2e7a9112a5ba8b650008071 ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_arm.deb Size/MD5 checksum: 1821286 58e362b98239e909ae33428d5171443a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_arm.deb Size/MD5 checksum: 68108 f4f3f92b9d79dab00940a5a6758d5406 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_arm.deb Size/MD5 checksum: 85296 671027bcdef6f2dd3fbafc88f2b7f0b0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_arm.deb Size/MD5 checksum: 2345502 2660201c3a1c0a3381dea45829f2d029 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_arm.deb Size/MD5 checksum: 112622 4084c872746fd9fc7b32994285bb4a1a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_arm.deb Size/MD5 checksum: 150036 74969c5e6cb230fd01840ec8d9cfb1c3 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_i386.deb Size/MD5 checksum: 1787996 3e7950c3c56e0daf070d1ffc68abd728 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_i386.deb Size/MD5 checksum: 67638 418c11ff1b4afe09fe5444bebcb28ce6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_i386.deb Size/MD5 checksum: 83808 c0567c005914ae32aff65b8314a1412f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_i386.deb Size/MD5 checksum: 2311616 482948c4d0f856529c53f19f81c2808c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_i386.deb Size/MD5 checksum: 110654 f9ecb4934ee098f2ffa9f4939effb328 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_i386.deb Size/MD5 checksum: 136264 1f12c18e24db07e1899e41450bb5dd11 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_ia64.deb Size/MD5 checksum: 2007428 2e71050b2af16539bac04dcd2a494467 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_ia64.deb Size/MD5 checksum: 77024 3a240e09125e4760a11fc9ec0a717639 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_ia64.deb Size/MD5 checksum: 96766 0190898c7cd23b3cd2395f581d04a667 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_ia64.deb Size/MD5 checksum: 2656402 e4a973aa88b3fb786cf22e512efa2072 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_ia64.deb Size/MD5 checksum: 155600 d6a1a3ab8a2da0ae7eeea6c708402029 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_ia64.deb Size/MD5 checksum: 182558 b814b6d43cb8cf470a2b5710a136dcfd HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_hppa.deb Size/MD5 checksum: 1881126 63a68e019a11aac8d40d52f9ff83967e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_hppa.deb Size/MD5 checksum: 70430 1ede64635341a55b36b60f71500e9a67 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_hppa.deb Size/MD5 checksum: 89442 a494f46a9556ddbc4b45b374d8e51d5d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_hppa.deb Size/MD5 checksum: 2455688 f3dd321dba6d2ea35c435c37e7c6b928 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_hppa.deb Size/MD5 checksum: 126252 3e16e6b53bf6479d7b0fe0f337352d26 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_hppa.deb Size/MD5 checksum: 159180 fc4939ad20629d5590724418962f19e2 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_m68k.deb Size/MD5 checksum: 1754486 93070aee659899fd16e9dc3d2a216a93 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_m68k.deb Size/MD5 checksum: 65898 01b904f8e17cade65565b63c642f9cf7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_m68k.deb Size/MD5 checksum: 81000 b625a07a4d0d741d84759d81d68b300e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_m68k.deb Size/MD5 checksum: 2261028 856feb8179b788e523e6a6c88afce6c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_m68k.deb Size/MD5 checksum: 105858 24a37f8e18b52b88e22d18302d3d1735 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_m68k.deb Size/MD5 checksum: 128416 019a003fa1de011154d9b5601c0a1931 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_mips.deb Size/MD5 checksum: 1810972 e9d1421939f0b93cd95b1d505f302812 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_mips.deb Size/MD5 checksum: 67538 c90ecd70fb8c4eae02fa55732bb8ff45 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_mips.deb Size/MD5 checksum: 80958 8aa3c567755d5db530a985eecdbea256 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_mips.deb Size/MD5 checksum: 2404286 459e9627c908bd5540cfd6ea0419cc3a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_mips.deb Size/MD5 checksum: 112404 645a755f5089ee5c64b61a0e4f71919e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_mips.deb Size/MD5 checksum: 150828 470fed7157c61c8c04664db4c4b4d935 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_mipsel.deb Size/MD5 checksum: 1811562 103cfa02aae226a094070d5f3ac5d3d0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_mipsel.deb Size/MD5 checksum: 67514 4f1a4cbc9412c36b7281846067c81262 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_mipsel.deb Size/MD5 checksum: 80984 73090253e9044914fcc54b825fbc2b11 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_mipsel.deb Size/MD5 checksum: 2406572 108f891a2fe177f0e1c84ca44d63ece3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_mipsel.deb Size/MD5 checksum: 112176 aeeb8a7cf8334afcf06b945bfcdf3c55 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_mipsel.deb Size/MD5 checksum: 150646 271adca793dc88c1638b3678e5b2fa56 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_powerpc.deb Size/MD5 checksum: 1799960 ddc40dda5fc8e316e405d114ee14c082 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_powerpc.deb Size/MD5 checksum: 67534 bf87487701aa0c8fd11bf455bf972bf2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_powerpc.deb Size/MD5 checksum: 83094 88d8483159207532e16471ced0bfad0a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_powerpc.deb Size/MD5 checksum: 2359434 e6cc4e0e75c8e18a44c28d0b4a8db6f7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_powerpc.deb Size/MD5 checksum: 116408 2c7504ff43f285569ba0cfd0cfbc87e2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_powerpc.deb Size/MD5 checksum: 144854 3efab73d39f75627c0231bee2af525e4 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_s390.deb Size/MD5 checksum: 1795366 e0130999dea734e7b53e4c30fe3a57fb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_s390.deb Size/MD5 checksum: 68910 7f09597ee481040851d8f4b702909d5c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_s390.deb Size/MD5 checksum: 85650 33da3795e9786cf0ecd6ec817a8906ce http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_s390.deb Size/MD5 checksum: 2337264 929b9bf3cef6c7c6af959811f440e908 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_s390.deb Size/MD5 checksum: 114946 0b44773caea7c1b039e1b920a2ab5723 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_s390.deb Size/MD5 checksum: 140476 aceabfac589cd5bf64d919ea798342d1 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_sparc.deb Size/MD5 checksum: 1844758 1e973cbe93dd47a1169efc3c371f6adb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_sparc.deb Size/MD5 checksum: 70478 0d7ba3b1a0a389454f3873c32a25c6b8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_sparc.deb Size/MD5 checksum: 83914 54f609e6d9972c9b5d069bd3a4387ba1 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_sparc.deb Size/MD5 checksum: 2354314 aa4a299d98fc23d4e1850f3b6c55ec9a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_sparc.deb Size/MD5 checksum: 120092 a45b72479880f579f5f1d5f148ba87a3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_sparc.deb Size/MD5 checksum: 146370 8ebc656faec1d66166b2e88831896610 These files will probably be moved into the stable distribution on its next revision. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+5/EmArxCt0PiXR4RAlVFAKC8Rf+TwmWJ330+PKCn4N3+2GHmegCfXF2D A3Wu+b+qM1kdRctJzMTRQMA= =I4f0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBPugASih9+71yA2DNAQHYZAP8DhC1M6C0j4bE/beBqqIPnobrJpXmxGuC EHr7n79/SzogQu4YqN8tW2YxLcmgMTC+PFfRFFShDoL/Qsh/ox52YqPkR24u+H1r vfHqOt7O1HMIcfEwJQWCLrv4PzPyIhApcoWgyCcdUm0k8oz8pqK9NnXckwU07rjL Wuh4BKGU4CY= =148W -----END PGP SIGNATURE-----