SCO Security Advisory SCOSA-2006.21 - Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
33ca8ba70b4d50b49744483b82ed5ddc58a29321f5afd1ac2fe7b19d84a4cbeb-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: SCOSA-2006.21
Issue date: 2006 April 18
Cross reference: fz533446
CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
______________________________________________________________________________
1. Problem Description
Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
The vulnerabilities are caused due to the use of a vulnerable
version of Xpdf.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 Cups package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21
4.2 Verification
MD5 (p533446.714.image) = 1bbbd92df9260f0ac32cf27ad03b4532
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533446.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533446.714.image
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://secunia.com/advisories/17976/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533446.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFERlkmaqoBO7ipriERAk7zAJ0Q+vs/nCHC44LI9s1Am73hFqJacACfYkhQ
OwhdzIoyILAJA3ZkI1bpi/A=
=s7Zo
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed