Description: | Description: The remote host is missing an update to cups announced via advisory FEDORA-2009-3753.
Update Information:
This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166.
PDF files are now converted to PostScript using the poppler package's pdftops program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname to cupsd.conf for each such name. The special line ServerAlias * disables checking (but this allows DNS rebinding attacks).
ChangeLog:
* Tue Apr 21 2009 Tim Waugh 1:1.3.10-1 - 1.3.10. No longer need ext, includeifexists, str2988, CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches. - Requires poppler-utils. - NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname for each such name. The special line ServerAlias * disables checking (but this allows DNS rebinding attacks). * Fri Apr 17 2009 Tim Waugh - Fixed getnameddest patch (bug #481481, STR #3082). * Wed Jan 28 2009 Tim Waugh 1:1.3.9-4 - Always supply document-name when printing a file (STR #3055). - Load MIME type rules correctly (bug #426089, STR #3059). - Fixed quotas (STR #3077, STR #3078). - Removed all patch fuzz.
References:
[ 1 ] Bug #490597 - CVE-2009-0164 cups: insufficient checking of the HTTP Host: header https://bugzilla.redhat.com/show_bug.cgi?id=490597 [ 2 ] Bug #490596 - CVE-2009-0163 cups: Integer overflow in the TIFF image filter https://bugzilla.redhat.com/show_bug.cgi?id=490596 [ 3 ] Bug #490612 - CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) https://bugzilla.redhat.com/show_bug.cgi?id=490612 [ 4 ] Bug #490614 - CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder https://bugzilla.redhat.com/show_bug.cgi?id=490614 [ 5 ] Bug #490625 - CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder https://bugzilla.redhat.com/show_bug.cgi?id=490625
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update cups' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3753
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|