-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:051 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : February 26, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 0a7d158dea287d3fb02d562e66144f55 2007.0/i586/cups-1.2.4-1.7mdv2007.0.i586.rpm 0f89e8283a7765359bf587aa1a49d537 2007.0/i586/cups-common-1.2.4-1.7mdv2007.0.i586.rpm 80e246d3868f57bc052f9d0527161ed2 2007.0/i586/cups-serial-1.2.4-1.7mdv2007.0.i586.rpm 11e435c39845560d06451300cee0ff78 2007.0/i586/libcups2-1.2.4-1.7mdv2007.0.i586.rpm 82903c633dfe9b705976ac9cfea5fe13 2007.0/i586/libcups2-devel-1.2.4-1.7mdv2007.0.i586.rpm f688f9d5d9c80a1c4081ba897bda3b31 2007.0/i586/php-cups-1.2.4-1.7mdv2007.0.i586.rpm 9d8074c34c5471dd2ea7150747e9763d 2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 35030a4837fef0355a0353e552d56d45 2007.0/x86_64/cups-1.2.4-1.7mdv2007.0.x86_64.rpm 6f91d3f1c641e623549ad9d102037205 2007.0/x86_64/cups-common-1.2.4-1.7mdv2007.0.x86_64.rpm 5b974bae09a30c051fca184dbfc514a6 2007.0/x86_64/cups-serial-1.2.4-1.7mdv2007.0.x86_64.rpm d6a2095673a0e3093303bb98c2251fb8 2007.0/x86_64/lib64cups2-1.2.4-1.7mdv2007.0.x86_64.rpm d705ff9b705c54a3c842c25823c3c412 2007.0/x86_64/lib64cups2-devel-1.2.4-1.7mdv2007.0.x86_64.rpm 64424352ee5b03cc16d6318d47681602 2007.0/x86_64/php-cups-1.2.4-1.7mdv2007.0.x86_64.rpm 9d8074c34c5471dd2ea7150747e9763d 2007.0/SRPMS/cups-1.2.4-1.7mdv2007.0.src.rpm Mandriva Linux 2007.1: 5105e804cdb43266919ef6a2d4d56172 2007.1/i586/cups-1.2.10-2.5mdv2007.1.i586.rpm bc59fa659d2a1198cb37e6a5e46147d7 2007.1/i586/cups-common-1.2.10-2.5mdv2007.1.i586.rpm b42d2a433bf01becc833f1f052117451 2007.1/i586/cups-serial-1.2.10-2.5mdv2007.1.i586.rpm ac1ab68a5b9d22eed8de1afcfc5244dc 2007.1/i586/libcups2-1.2.10-2.5mdv2007.1.i586.rpm 08523fd668fd17454873aa3f6b62b339 2007.1/i586/libcups2-devel-1.2.10-2.5mdv2007.1.i586.rpm b0159435bf4e9cd5e69e7215bc936cfe 2007.1/i586/php-cups-1.2.10-2.5mdv2007.1.i586.rpm f57d2c24cf4c2566019e6457c15a4314 2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 104867d41e5732b04cc19c4cb9cb9ecc 2007.1/x86_64/cups-1.2.10-2.5mdv2007.1.x86_64.rpm bc98f745c4fe6172926c7fae56421dbf 2007.1/x86_64/cups-common-1.2.10-2.5mdv2007.1.x86_64.rpm 75f5cf947fbdf830b4c4ab7a5ab39be3 2007.1/x86_64/cups-serial-1.2.10-2.5mdv2007.1.x86_64.rpm b792523a1e6607731d428ee8ab750cdb 2007.1/x86_64/lib64cups2-1.2.10-2.5mdv2007.1.x86_64.rpm 7d359e84eb335e0e73a45c3425ba16c7 2007.1/x86_64/lib64cups2-devel-1.2.10-2.5mdv2007.1.x86_64.rpm b1734f40a5a137d7b040e89f8f2c9cf4 2007.1/x86_64/php-cups-1.2.10-2.5mdv2007.1.x86_64.rpm f57d2c24cf4c2566019e6457c15a4314 2007.1/SRPMS/cups-1.2.10-2.5mdv2007.1.src.rpm Mandriva Linux 2008.0: 41c457c0abf00c4cd12c68206d1ef19d 2008.0/i586/cups-1.3.0-3.5mdv2008.0.i586.rpm 527208039efbae8c688e17222375cd25 2008.0/i586/cups-common-1.3.0-3.5mdv2008.0.i586.rpm 77ff879a0416f557da2577e2cc0be520 2008.0/i586/cups-serial-1.3.0-3.5mdv2008.0.i586.rpm f2e416902352f08a433fa3b42125f069 2008.0/i586/libcups2-1.3.0-3.5mdv2008.0.i586.rpm 464018750437eefcd27c64851dd3babf 2008.0/i586/libcups2-devel-1.3.0-3.5mdv2008.0.i586.rpm 51c51c2d372c97a3bd67ec20a6e8ab1f 2008.0/i586/php-cups-1.3.0-3.5mdv2008.0.i586.rpm 59be42c190d902a00fff01c813933fab 2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: ae89deb6366ad290ffdad65c50536d05 2008.0/x86_64/cups-1.3.0-3.5mdv2008.0.x86_64.rpm 3dedafa2f472ce3ac5147cb55208b505 2008.0/x86_64/cups-common-1.3.0-3.5mdv2008.0.x86_64.rpm ed1390e977087d00427082d74a982816 2008.0/x86_64/cups-serial-1.3.0-3.5mdv2008.0.x86_64.rpm 361afea801db6537a050e40c47e52f28 2008.0/x86_64/lib64cups2-1.3.0-3.5mdv2008.0.x86_64.rpm 7b2be918011c91cf5dc30a91ebe09ee4 2008.0/x86_64/lib64cups2-devel-1.3.0-3.5mdv2008.0.x86_64.rpm 1f5dd9fa07b8e29c36fae8a3003b5743 2008.0/x86_64/php-cups-1.3.0-3.5mdv2008.0.x86_64.rpm 59be42c190d902a00fff01c813933fab 2008.0/SRPMS/cups-1.3.0-3.5mdv2008.0.src.rpm Corporate 4.0: bbee37ca52c8033ec89f3cc9205e0c05 corporate/4.0/i586/cups-1.2.4-0.7.20060mlcs4.i586.rpm e72747799613a53d88cea13ac52c1a74 corporate/4.0/i586/cups-common-1.2.4-0.7.20060mlcs4.i586.rpm 548b48c8afa79a83971cb2adb20004a1 corporate/4.0/i586/cups-serial-1.2.4-0.7.20060mlcs4.i586.rpm df20bcab65ba98cb2587270be4562b97 corporate/4.0/i586/libcups2-1.2.4-0.7.20060mlcs4.i586.rpm 108d380752eeccb01bd80f2d6a25479b corporate/4.0/i586/libcups2-devel-1.2.4-0.7.20060mlcs4.i586.rpm 2194a57725880ab610799790575f62ed corporate/4.0/i586/php-cups-1.2.4-0.7.20060mlcs4.i586.rpm e7131afcaa870e2f49d37224a7b6d6cf corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7e0ab06ae666103857342dbf5189d3ea corporate/4.0/x86_64/cups-1.2.4-0.7.20060mlcs4.x86_64.rpm e5f9340f4748c8ffa07c061444fb1bdf corporate/4.0/x86_64/cups-common-1.2.4-0.7.20060mlcs4.x86_64.rpm 46089fc8f48fd08bca263967e5fcb21f corporate/4.0/x86_64/cups-serial-1.2.4-0.7.20060mlcs4.x86_64.rpm 7fac230cf127e832c596f221524d2b8c corporate/4.0/x86_64/lib64cups2-1.2.4-0.7.20060mlcs4.x86_64.rpm cca789f65894cbf299b280c3962e7f65 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.7.20060mlcs4.x86_64.rpm 4eaaaeb37968a80b704c175d5f3019ae corporate/4.0/x86_64/php-cups-1.2.4-0.7.20060mlcs4.x86_64.rpm e7131afcaa870e2f49d37224a7b6d6cf corporate/4.0/SRPMS/cups-1.2.4-0.7.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHxGspmqjQ0CJFipgRAnf/AJ9PEVZ9dqHhbIf/l0ahyAI0X7TSFwCeNPN1 TjNDlFJ7JJuDeIoNPHdWbco= =UfLp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/