Fedora 8 : cups-1.3.7-2.fc8 (2008-3586)

medium Nessus Plugin ID 32207

Synopsis

The remote Fedora host is missing a security update.

Description

- Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-2

- Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790).

- Fri May 2 2008 Tim Waugh <twaugh at redhat.com>

- Include the hostname in the charset error (part of bug #441719).

- Thu Apr 10 2008 Tim Waugh <twaugh at redhat.com>

- Log an error when a client requests a charset other than ASCII or UTF-8.

- Thu Apr 3 2008 Tim Waugh <twaugh at redhat.com>

- Main package requires exactly-matching libs package.

- Wed Apr 2 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-1

- 1.3.7. No longer need str2715, str2727, or CVE-2008-0047 patches.

- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-4

- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).

- Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729).

- Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3

- Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727).

- Sat Feb 23 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-2

- Fix encoding of job-sheets option (bug #433753, STR #2715).

- Wed Feb 20 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-1

- 1.3.6. No longer need str2650, str2664, or str2703 patches.

- Tue Feb 12 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-3

- Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703).

- Mon Jan 21 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-2

- Rebuilt.

- Thu Jan 10 2008 Tim Waugh <twaugh at redhat.com>

- Apply patch to fix busy looping in the backends (bug #426653, STR #2664).

- Wed Jan 9 2008 Tim Waugh <twaugh at redhat.com>

- Apply patch to prevent overlong PPD lines from causing failures except in strict mode (bug #405061). Needed for compatibility with older versions of foomatic (e.g. Red Hat Enterprise Linux 3/4).

- Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650).

- Thu Jan 3 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-1

- 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393 patches.

- Efficiency fix for pstoraster (bug #416871).

- Fri Nov 30 2007 Tim Waugh <twaugh at redhat.com>

- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them.

- Tue Nov 27 2007 Tim Waugh <twaugh at redhat.com>

- Updated to improved dnssd backend from Till Kamppeter.

- Don't undo the util.c parts of STR #2537.

- Tue Nov 20 2007 Tim Waugh <twaugh at redhat.com> 1:1.3.4-4

- Added fix for STR #2600 in which cupsd can crash from a NULL dereference with LogLevel debug2 (bug #385631).

- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.3.4-3

- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls.

- Temporarily undo STR #2537 change so that non-UTF-8 requests are not rejected (bug #378211).

- LSPP cupsdSetString/ClearString fixes (bug #378451).

[plus 6 lines in the Changelog]

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected cups package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=441692

http://www.nessus.org/u?2e86d829

Plugin Details

Severity: Medium

ID: 32207

File Name: fedora_2008-3586.nasl

Version: 1.17

Type: local

Agent: unix

Published: 5/11/2008

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:cups, cpe:/o:fedoraproject:fedora:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2008

Vulnerability Publication Date: 4/10/2008

Reference Information

CVE: CVE-2008-1722

BID: 28781

CWE: 20

FEDORA: 2008-3586