Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 02 Mar 2011 10:49:29 +0100
Type : VULN
Sujet : CERT-Renater : 2011/VULN168 (Debian : cups security update)
====================================================================                                    CERT-Renater

                         Note d'Information No. 2011/VULN168
_____________________________________________________________________

DATE                      : 02/03/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Debian running cups version prior to 1.3.8-1+lenny9.

======================================================================
http://www.debian.org/security/2011/dsa-2176
______________________________________________________________________

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2176-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
March 02, 2011                         http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : cups
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 
CVE-2010-2432 CVE-2010-2941

Several vulnerabilities have been discovered in the Common UNIX Printing
System:

CVE-2008-5183

    A null pointer dereference in RSS job completion notifications
    could lead to denial of service.

CVE-2009-3553

    It was discovered that incorrect file descriptor handling
    could lead to denial of service.

CVE-2010-0540

    A cross-site request forgery vulnerability was discovered in
    the web interface.

CVE-2010-0542

    Incorrect memory management in the filter subsystem could lead
    to denial of service.

CVE-2010-1748

    Information disclosure in the web interface.

CVE-2010-2431

    Emmanuel Bouillon discovered a symlink vulnerability in handling
    of cache files.

CVE-2010-2432

    Denial of service in the authentication code.

CVE-2010-2941

    Incorrect memory management in the IPP code could lead to denial
    of service or the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny9.

The stable distribution (squeeze) and the unstable distribution (sid)
had already been fixed prior to the initial Squeeze release.

We recommend that you upgrade your cups packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================