Description: | Description:
The remote host is missing updates announced in advisory CLA-2003:702.
Cups[1] (Common UNIX Printing System) is an open-source, freely available and cross-platform printing solution for UNIX environments.
iDefense published[2][3] some time ago several vulnerabilities in Cups researched by zen-parse which are being addressed now. Additionally, a new denial of service vulnerability[12] was discovered by Phil D'Amore of Red Hat and is also being fixed.
The vulnerabilities outlined below affect only Conectiva Linux 7.0 and 8 (CL9 is not affected):
1. pdftops integer overflow (CVE-2002-1384)[3][4]
2. Multiple integer overflows (CVE-2002-1383)[5]
3. Race condition (CVE-2002-1366)[6]
4. Arbitrary printer creation and Root Certificate Design Flaw (CVE-2002-1367)[7]
5. Negative Length Memcpy() Calls (CVE-2002-1368)[8]
6. Unsafe Strncat Function Call in jobs.c (CVE-2002-1369)[9]
7. Zero Width Images in filters/image-gif.c (CVE-2002-1371)[10]
8. File Descriptor Resource Leaks (CVE-2002-1372)[11]
The vulnerability below affects Conectiva Linux 7.0, 8 and 9:
9. Denial of service vulnerability (CVE-2003-0195)[12]
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:702 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003
Risk factor : Critical
CVSS Score: 10.0
|