Mandrake Linux Security Update Advisory
| Package name: | cups |
| Advisory ID: | MDKSA-2003:104 |
| Date: | November 5th, 2003 |
| Affected versions: | 9.0, Corporate Server 2.1 |
Problem Description:
A bug in versions of CUPS prior to 1.1.19 was reported by Paul
Mitcheson in the Internet Printing Protocol (IPP) implementation
would result in CUPS going into a busy loop, which could result in
a Denial of Service (DoS) condition. To be able to exploit this
problem, an attacker would need to be able to make a TCP connection
to the IPP port (port 631 by default).
The provided packages have been patched to correct this
problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0788
Updated Packages:
Corporate Server 2.1:
584a05963995876e075e5ca9817cfadb
corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.i586.rpm
7971d0e5ac93d322e6aa97677e815eef
corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.i586.rpm
06320efce369f26e61c37f32eb16169f
corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.i586.rpm
525bb92144b0b12c8ed04422cdc82d71
corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.i586.rpm
6d35d2b7a8cb4eb93292cf47f408a4fe
corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.i586.rpm
b93777ca1fa1ef8b3471f5a3827c1e32
corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
32240f855fb4495a9041f06f595ab8e2
x86_64/corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.x86_64.rpm
77f573305193f54dd39d7f0418da466e
x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.x86_64.rpm
5b68c85307ccbcb6dd7d8b4494781cf9
x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.x86_64.rpm
bcc3fdf22ebc631bbd0560795413d312
x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.x86_64.rpm
67d11d928cd59d3e734c90a9b1f02e05
x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.x86_64.rpm
b93777ca1fa1ef8b3471f5a3827c1e32
x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm
Mandrake Linux 9.0:
ef999ce7a7361856bde78493357c173c
9.0/RPMS/cups-1.1.18-2.2.90mdk.i586.rpm
23772861be6813682316071ac5142169
9.0/RPMS/cups-common-1.1.18-2.2.90mdk.i586.rpm
517a0a906e0f6135aacb31fc1dc98c1c
9.0/RPMS/cups-serial-1.1.18-2.2.90mdk.i586.rpm
e5ba8a833fab015d04743e61466adcb3
9.0/RPMS/libcups1-1.1.18-2.2.90mdk.i586.rpm
fce8efc7313816c9aaabaa6c9abf6201
9.0/RPMS/libcups1-devel-1.1.18-2.2.90mdk.i586.rpm
4357ea21f3bb199c65fc37c9eebd1066
9.0/SRPMS/cups-1.1.18-2.2.90mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:
gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98
Please be aware that sometimes it takes the mirrors a few hours
to update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
| Type | Bits/KeyID | Date | User ID |
| pub | 1024D/22458A98 | 2000-07-10 | Linux Mandrake Security Team <security linux-mandrake.com> |