Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)

medium Nessus Plugin ID 32197

Synopsis

The remote Fedora host is missing a security update.

Description

- Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11

- Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790).

- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10

- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).

- Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117).

- Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729).

- Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9

- Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656).

- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8

- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls.

- LSPP fixes (cupsdSetString/ClearString).

- Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7

- Applied patch to fix CVE-2007-4045 (bug #250161).

- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101).

- Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6

- Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661).

- Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5

- Use ppdev for parallel port Device ID retrieval (bug #311671).

- Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4

- Applied patch to fix CVE-2007-3387 (bug #251518).

- Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3

- Better buildroot tag.

- Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522).

- Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2

- Use kernel support for USB paper-out detection, when available (bug #249213).

- Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1

- 1.2.12. No longer need adminutil or str2408 patches.

- Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3

- Better paper-out detection patch still (bug #246222).

- Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2

- Applied patch to fix group handling in PPDs (bug #186231, STR #2408).

- Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1

- Fixed permissions on classes.conf in the file manifest (bug #245748).

- 1.2.11.

- Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com>

- Make the initscript use start priority 56 (bug #213828).

- Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12

- Better paper-out detection patch (bug #241589).

- Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11

- Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected cups package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=441692

http://www.nessus.org/u?fd31df12

Plugin Details

Severity: Medium

ID: 32197

File Name: fedora_2008-3449.nasl

Version: 1.18

Type: local

Agent: unix

Published: 5/11/2008

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:cups, cpe:/o:fedoraproject:fedora:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2008

Vulnerability Publication Date: 4/10/2008

Reference Information

CVE: CVE-2008-1722

BID: 28781

CWE: 20

FEDORA: 2008-3449