Details of VAR-200904-0794

ID

VAR-200904-0794

CVE

CVE-2009-0163

TITLE

CUPS of TIFF Integer overflow vulnerability in image decoding routine

Trust: 0.8

sources: JVNDB: JVNDB-2009-001257

DESCRIPTION

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied TIFF image sizes before using them to allocate memory buffers. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to CUPS 1.3.10 are vulnerable. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The _cupsImageReadTIFF() function of CUPS did not correctly validate the image height parameter read from the file when parsing TIFF files and used the height value to calculate the size of the dynamic heap buffer. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: cups Announcement ID: SUSE-SA:2009:024 Date: Wed, 22 Apr 2009 13:00:00 +0000 Affected Products: openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP2 SUSE Linux Enterprise Server 10 SP2 SLE 11 Vulnerability Type: remote code execution Severity (1-10): 8 (critical) SUSE Default Package: yes Cross-References: CVE-2009-0146, CVE-2009-0147, CVE-2009-0163 CVE-2009-0165, CVE-2009-0166, CVE-2009-0799 CVE-2009-0800, CVE-2009-1179, CVE-2009-1180 CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 Content of This Advisory: 1) Security Vulnerability Resolved: fixed remotely exploitable overflows Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. This file could lead to an integer overflow in the 'imagetops' filter which caused an heap overflow later. This bug is probably exploitable remotely by users having remote access to the CUPS server and allows the execution of arbitrary code with the privileges of the cupsd process. (CVE-2009-0163) The second issue affects the JBIG2 decoding of the 'pdftops' filter. The JBIG2 decoding routines are vulnerable to various software failure types like integer and buffer overflows and it is believed to be exploit- able remotely to execute arbitrary code with the privileges of the cupsd process. (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183) 2) Solution or Work-Around none 3) Special Instructions and Notes none 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm Power PC Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm x86-64 Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm Sources: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3 Novell Linux POS 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3 Novell Linux Desktop 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3 SUSE SLES 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3 SUSE Linux Enterprise Server 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7 SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7 SLE 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7 SLES 11 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. ===================================================================== SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSe8qrney5gA9JdPZAQI4aQf/e938Hr+O1QYi9y5cm9ycOcaFHWx0oZED yyOc4lUYZrb7qjmErPHfpoMR9c2XZlmESwKY0RZjddxe+vINDrOcMuI4nrp12ObP uYvSAAz3xgpXzVtW5B/90ihHJAqHAnwOsdO8adt6PtKCt7T2gMPuQV0RSz3BRy// qtBHDNyTBRPK7ex/YKUyQAbNENQUa3r9BaHpTHWjscfCoQch4Wz5hmLKv/n7eYdj CFetsr6zu3hn3isKD8EPTIMbkpaYBMxp53UnNiRmVRy0Gb7zlBz5ByYQaYY+YKf/ OZ+ZHRTuDsNbAT03QtkvML3yqr3Yobb39DFa+cSsH2c9xTdwWdzSAg== =ZnS5 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6b17f59f63c062c017c78d459dd2d89a 2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm 9bc5298d9895c356227fdda3a0ddb2c0 2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm e3583883df8532fc8c496866dac713f8 2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm fac1fcb839ad53322a447d4d39f769e3 2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm 3d65afc590fb8520d68b2a3e8e1da696 2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm 9e09ed22a2522ee45e93e0edc146193f 2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm 7427b1f56387e84db5a15aad85b424d2 2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm 67937a584d365d6b00ef688c88e8d7c5 2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm 410dc85c2c7b71ab316be5607c556682 2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm 64d6e14be8d93c7651ce5dc3e2ebc5bf 2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm cc9af7e314b6eaa6a8f946fa2c27f298 2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm 0c6d3a6b5211e8506a89144b8c3a3cfb 2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm c985516638ed4d8f792daa13bd506023 2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm 8d05619dcef538092696ce70998abd20 2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm 0bae2a3525b796882d2cc87853945e5a 2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm 11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8249475feb3bdc74ea7060944baed6aa 2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm 83951504acb783cfdb8ec4fe48d31e1e 2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm fa8a91e8e3bc8f11c19ab460d1f690fe 2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm e061fdbeded2d97bb3ca6b34d33cb384 2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm 893235ea8cf23295ae961ea2de0b9903 2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm 9844640563afdef4a870e2ed12e58136 2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm 06ea824a6a2cd9360a9e75a14718192a 2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm bb0eb04fa906a352e6738d08f116f89b 2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm 43d6a85dfdad7e969655ee4e2a377370 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm eef29dde4b9e80d4c360e953cbe9110b 2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm c74dc9f245091f451441d8b88f0beed3 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm 60345458274afc6ff480317fc408ec52 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm 0a880b9c0d655c10f5757882e30911f1 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm eb6fde793ac0d7ea86df42aa22637807 2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm 7f475f07368ed9158008f2891dce2cd6 2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm 11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. =========================================================== Ubuntu Security Notice USN-760-1 April 16, 2009 cups, cupsys vulnerability CVE-2009-0163 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcupsimage2 1.2.2-0ubuntu0.6.06.13 Ubuntu 7.10: libcupsimage2 1.3.2-1ubuntu7.10 Ubuntu 8.04 LTS: libcupsimage2 1.3.7-1ubuntu3.4 Ubuntu 8.10: libcupsimage2 1.3.9-2ubuntu9.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS did not properly check the height of TIFF images. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13.diff.gz Size/MD5: 102178 863f0abea416857983fcbc36bbc8fee0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13.dsc Size/MD5: 1060 8b93d82fe6a744f9b6b972e430854e61 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.13_all.deb Size/MD5: 996 fc3d13dd1774da8483ef9fd49d00f9a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 36234 077b33449948a0745fb62ec47a152e0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 81898 792f80793ff57dec7fd4fbf3924c9727 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 2286906 7ea898e74d915f8e0075937e65c0319e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 6092 eaf3a9fc9e865121118e76d50b6e9a34 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 77558 e5fbc40b4db7bb3d32ee25ff39695c15 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 25744 9a465e48530aaedc5a214950a11a775b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_amd64.deb Size/MD5: 130254 1caa4bb6e80bc39fb5b542896025dd77 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 34768 79497d55cd423ca78c0e726165519fa8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 77992 4294c7111e56c04ed50593bec7eb0542 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 2254210 703ebb85b86728df092483387bda4534 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 6092 793818da9ca70fd541c52cd8177f3fcd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 76674 f432e40a80246a572b37a3e6d4d4a73c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 25750 ee2707b99b13e573d0820f9aa5972ba6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_i386.deb Size/MD5: 122458 6da0de3ab25d10882d12c758b80d5ff3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 40470 11fb5f90c1e4fbc654c92e3bc5430b56 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 89526 c448a86356ebbf358f39d7145a7c2dab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 2301522 787625ce48c7c48ccd151639088576c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 6098 cc1c61b074d317283149df6f88b16f89 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 79204 6de2beef0271c7f194f2595f42fa1d03 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 25750 3b3cfb5258aa90376f0c403b5ce4f313 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_powerpc.deb Size/MD5: 128220 1889e3958ddd3b4167f814be5e0c5669 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 35398 f6754708625e1aeca20be2caac6805e8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 78730 359a8aa851331cd328bede00fb583eb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 2287820 818ba75da33d934da415eb807ffe7ed5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 6094 e8ce8e1e2fc8435ad4fe840f21f0a28e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 76460 4366457c2c3354c3ed39b796aee8fedf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 25746 135ca59c238b25146cc5045c887625c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_sparc.deb Size/MD5: 123946 7520a311cdcb245d7935f93b58d4dbec Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10.diff.gz Size/MD5: 131553 bd757fd2c0d9ca026aea8060565d80e2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10.dsc Size/MD5: 1228 a6021e0ba41e2572bcb732065e804eeb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.10_all.deb Size/MD5: 1080406 28199baa2db7d4f7770dd33e70a509ad amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 37208 e0ae7c648e1925b2af7591e5984cb337 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 89518 4a40eea92e1e8f6ac48e894379199b2b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 2034852 0db1c3d8632f7fbd01f6aac0c7f45da9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 59970 c3b6f5602bfd4d7d5ddf02548fd26ca8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 46762 94af06d4c34b5192fb1b1a5c920f5252 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 152020 52ada0c420bdb32ed2755ad90d5011a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_amd64.deb Size/MD5: 186838 f01269d277410f7017769d68d3459c71 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 36472 d5affc2f40d7c2e9e49bdc782dfcf293 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 86480 80eb13c0582bf503b9bf971f534dd8ed http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 2018496 3d6947a3bcea2baa614c3788965237ee http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 58842 4ef22d7e7df7b849b8208bc21748ec26 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 46236 c32911b38e74b203f4de31c01897d52b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 145696 fb5ae372221228f37aff28c847a47ff0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_i386.deb Size/MD5: 183628 36f43b9146a8621757931944c59456a2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 36674 2a1da18420c0d2c02e4f0b818642c9cc http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 88306 6e4e4edcdfa385fb04d6933b79c49053 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 2021548 e36baf8b1a559266afb503c1008b5663 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 59608 329ddf9d992ecaf21eb18e57dccf4e62 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 47680 89a1ed1d3cb67a07e4d4319dfb71895a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 142424 5ecc4470690aedfab8556725bf85cfff http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_lpia.deb Size/MD5: 181846 43b58a4c526583c74c89cd4e7922ec79 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 46494 0ca3f3fdde42664d486abc95068f69d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 107740 0e3d348f47a0c48894b34a6dcf650e87 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 2099816 114adfec30bc20c02131152ae2653ab3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 59526 56cf77e54d71cae67dbbad07c160be31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 51858 eaf13d94845d822200136d4688660269 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 146962 a0ff3d61f23e682f8fc82fbfe29eedb8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_powerpc.deb Size/MD5: 192602 ddde17c0ec31f8d4d8b05612998cdaab sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 37562 d98f8a2da544ed059f2218c0dfb954fa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 89616 1698ff4ba7cfe1e4934c118c2c7c2caa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 2061104 e0eea27213a8408271b51ba9c45125cb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 58096 33a7b735a3e51428f730a4bf2c1ee09e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 45558 4aa6f440619a2de5c18873ff9627b432 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 148474 77e142bca5bff88c9ce1c73698622c89 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_sparc.deb Size/MD5: 182656 6b393aae8cd4cefdf02136153359b6c0 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4.diff.gz Size/MD5: 135945 d143c1a3b17173c2803504ad7b3df4ae http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4.dsc Size/MD5: 1441 d9658e80896dd1798f22ec35c08f767c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.4_all.deb Size/MD5: 1144156 67f4f393da17c41d1a61fb78ba94fbe9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 37526 ee157cf2304860889fc039b4259264e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 89976 307967ab122f76fbe9b5175f916789b3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 1880582 7768e9c295de2d02c278759477278a63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 60804 f9fb944aa37602a48f65201959c5529e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 50214 0f9c82dd716941e504477b61cd477d08 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 344932 a2a18fd5df284949c4fb8f0b3b38bea7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_amd64.deb Size/MD5: 178022 ae2cb50d333a0be48644dce3cf321378 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 36944 72386915883428b08d0dc1208cd680c3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 88404 5b6566bfcbbd0ee855092683916076c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 1863010 ceb126a3d52dce78c5b97301131fdd5d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 60088 d8747e59074b5267a9bdfacf7bdebafa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 49868 9e9657da87eb95d41e2aad34239cdf59 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 339346 25f8b9b769c36948c7a4ec4f96e9d3dc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_i386.deb Size/MD5: 174876 e23f2b31e3588d7af93d1414eb955cbe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 36662 200d134f978f9359ecd7f5c1ff623738 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 88744 488c36dd36446835be013f69f8db40a5 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 1865232 35485b90317586990a302a8ba5206c22 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 60492 065a9c7b1ec07828808cfed0560b9e22 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 50804 331fd9a149c9ab045d4de7ab8fd17a55 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 337010 720b686c27d1f131e06d667abea73602 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_lpia.deb Size/MD5: 173786 788b5e42061459ff4d0df691c8293ed0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 46924 0c3497bb8000506a197c41cdbf304c2c http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 110822 51331a4f6bfb47a6fffa7f1fb9b890af http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 1949088 25f2d721528a2cca1ca1def205a3624a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 59930 160fa81dd9360a020cfa367611bd1aca http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 54924 72540e9a996198e47e8af99f34ec2a71 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 341668 606092528cdb687e3078469892e5afe7 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_powerpc.deb Size/MD5: 183760 b4e8c6f93f1abd7cd73c02cba6e54d55 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 38038 a9e53793bb13c13b440772aad110751f http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 91038 2e9d0d7aca0af65bcc2408bbea5b75f3 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 1897862 cfb3e5e4b34128d0f8183b858616d523 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 57832 7122c3bdc29a3ff7ed0d602e6d93152c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 48216 03ca0630f77162bac3bcf6a09f95f867 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 341372 97be9c9a5cb106642989cfe7cd39ce3e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_sparc.deb Size/MD5: 173700 2937c5f089a4010f2702866b5ad6e9b4 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1.diff.gz Size/MD5: 326772 22e42d26d94eae277a0220b206b36267 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1.dsc Size/MD5: 2043 140705e4f8af42d5b4ff697d86ff3c20 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.1_all.deb Size/MD5: 1162718 c4a529b76cb13d183742cfe97b55c752 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58152 81fa7be3a2a76147f7a67ce4a121ff60 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58156 c9c848aebf1ade63952d8389abc5f3bf http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58152 afd18dbc80d5dd23829a4a1a01e460b7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58144 f9bc2310454e4da75f864f2045862658 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58160 b6769b906799fc4ea2c656d80da1d06e http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.1_all.deb Size/MD5: 4520 003e453bfe030642881f1e1da8e8584f http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.1_all.deb Size/MD5: 58152 0b2a967c1c2d5df741dbc2cb52859d30 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 37292 4f375bc9f49b9da0f73c275457f55d12 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 119760 dd3a1aecde95717fa7e851109a354bee http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 1682898 c26be549839e7a4d248d9522c054bc6b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 2172590 1d404942c1d17c04bf41d35eff3d8659 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 352194 b9e04638f374857a50fd77b7a2520959 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 173228 28eaba2dd6122d89950208f2116b7c70 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 61314 d13070d0b0f8b825b1b609edee2db1ad http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_amd64.deb Size/MD5: 52320 4e1d19899e19d6a758650e0c10f11ef6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 36218 187077786460ee74332852f687994c6c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 115352 7b495d086a4c343de6c82a5698a2a4c5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 1542692 01760cc4d1982888060b395cc7be029a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 2139192 8afc727936869202f341828303335278 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 346006 dbde71f046951a7659f74f525cbffcc9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 170132 ef65c06e253fff0abcfd65d2f5a31fcd http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 60544 25f1d4abca846b06e069454f6f3a8466 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_i386.deb Size/MD5: 51722 4ef5ec5cbadf9e1cc79382ffa26c810b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 36018 cbc15f20819738099ed26fe7997bcf8d http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 114518 394dd8bd72ac9c8a3c9ce4e5c6cedeaf http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 1571906 54f0843c55f62fb00ad3e710fe3d6ff1 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 2135902 703e6bcb8a0735a384f9aa181ddddec4 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 342974 e2f3b8d7bf11cc54b2436f7e842ca7b3 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 168386 adf813126a00c802b60370eddb88de38 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 60628 20d3b236b59bef41128e3fb5d1c27287 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_lpia.deb Size/MD5: 52386 3f15a37be429e4d207a4c162c84dcb00 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 43568 9447909b62f47aacdd592ac8996dfea3 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 138180 6c28c85aa26294fedcc004029523fcae http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 1663524 93c53f6575c0ca8dcc0afa4d095692f4 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 2264202 1fed9199064dc8410f81cc8907b704ef http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 347976 96fd20205d93eea2548bca83b908d113 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 177408 4261b533aea5c6182ea7691213679598 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 61260 2d4d1ba36a6de1902218026e64318d6b http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_powerpc.deb Size/MD5: 57450 2a2998fa82b1fe1ee96e611c4c77206b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 37224 cdbc38869242424d8124616e056dfa66 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 117622 7bc46aecb0b89365862dc7258d930581 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 1490668 5381f6465bd5613250cb5c23bb05859d http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 2200926 ec86a228dd8ae2bcdc90ce2ad895bf0c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 344786 b43662d38ca8476b6144b234a963da8a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 166278 eb5036c2b7a964e51a33bdb8277792dc http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 57862 40e5cd934bdba9782656bfcf4e1b7fa9 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_sparc.deb Size/MD5: 49794 ea8318bcbe30647f312d2d997a847936 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Multiple vulnerabilities Date: April 23, 2009 Bugs: #263070 ID: 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in CUPS might allow for the remote execution of arbitrary code or DNS rebinding attacks. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. * Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164). * Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler. Furthermore, the web interface could be used to conduct DNS rebinding attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10" References ========== [ 1 ] CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 [ 2 ] CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 [ 3 ] CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 [ 4 ] CVE-2009-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164 [ 5 ] CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2009-0163 // JVNDB: JVNDB-2009-001257 // BID: 34571 // VULHUB: VHN-37609 // PACKETSTORM: 76918 // PACKETSTORM: 82086 // PACKETSTORM: 82088 // PACKETSTORM: 82087 // PACKETSTORM: 83554 // PACKETSTORM: 76752 // PACKETSTORM: 77000

AFFECTED PRODUCTS

vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5-1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.3.6	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.2	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.2.3	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5-2	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.3	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.18	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.10-1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.20	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.7	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.12	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.10	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.9-1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.11	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.21	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.12	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.17	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.6	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.15	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.16	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.13	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-2	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.7	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.14	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.7	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.19	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.23	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.10	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	cups	scope:	lte	version:	1.3.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.22	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.11	Trust: 1.0
vendor:	cups	model:	cups	scope:	lte	version:	1.3.9	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	3.0 (x64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux client	scope:	eq	version:	2008	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	11	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	11 (x64)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.7 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.7 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux eus	scope:	eq	version:	5.3.z (server)	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise	scope:	eq	version:	11	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.0	Trust: 0.3
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	novell linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	2	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop version	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	20080	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.9	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.8	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.5	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.12	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.10	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.9	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.8	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	easy	model:	software products cups rc1	scope:	eq	version:	1.1.23	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.23	Trust: 0.3
vendor:	easy	model:	software products cups rc1	scope:	eq	version:	1.1.22	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.22	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.21	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.20	Trust: 0.3
vendor:	easy	model:	software products cups rc5	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.18	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.17	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.10	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.7	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.6	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-5	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-3	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.0.4-8	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	ne	version:	1.3.10	Trust: 0.3

sources: BID: 34571 // CNNVD: CNNVD-200904-443 // JVNDB: JVNDB-2009-001257 // NVD: CVE-2009-0163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0163
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-0163
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200904-443
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-37609
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0163
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37609
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37609 // CNNVD: CNNVD-200904-443 // JVNDB: JVNDB-2009-001257 // NVD: CVE-2009-0163

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-37609 // JVNDB: JVNDB-2009-001257 // NVD: CVE-2009-0163

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 76752 // PACKETSTORM: 77000 // CNNVD: CNNVD-200904-443

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200904-443

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001257

PATCH

title:	cups-1.3.7-8.4.1AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=428	Trust: 0.8
title:	STR #3031	url:	http://www.cups.org/str.php?L3031	Trust: 0.8
title:	1709	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1709	Trust: 0.8
title:	1714	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1714	Trust: 0.8
title:	RHSA-2009:0428	url:	https://rhn.redhat.com/errata/RHSA-2009-0428.html	Trust: 0.8
title:	RHSA-2009:0429	url:	https://rhn.redhat.com/errata/RHSA-2009-0429.html	Trust: 0.8
title:	RHSA-2009:0428	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0428J.html	Trust: 0.8
title:	RHSA-2009:0429	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0429J.html	Trust: 0.8
title:	TLSA-2010-13	url:	http://www.turbolinux.co.jp/security/2010/TLSA-2010-13j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2009-001257

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0163	Trust: 3.5
db:	BID	id:	34571	Trust: 2.8
db:	SECUNIA	id:	34481	Trust: 2.5
db:	SECUNIA	id:	34756	Trust: 2.5
db:	SECTRACK	id:	1022070	Trust: 2.5
db:	SECUNIA	id:	34747	Trust: 1.7
db:	SECUNIA	id:	34852	Trust: 1.7
db:	SECUNIA	id:	34722	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-001257	Trust: 0.8
db:	BUGTRAQ	id:	20090417 RPSA-2009-0061-1 CUPS	Trust: 0.6
db:	REDHAT	id:	RHSA-2009:0428	Trust: 0.6
db:	REDHAT	id:	RHSA-2009:0429	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2009:024	Trust: 0.6
db:	UBUNTU	id:	USN-760-1	Trust: 0.6
db:	DEBIAN	id:	DSA-1773	Trust: 0.6
db:	GENTOO	id:	GLSA-200904-20	Trust: 0.6
db:	CNNVD	id:	CNNVD-200904-443	Trust: 0.6
db:	PACKETSTORM	id:	76752	Trust: 0.2
db:	PACKETSTORM	id:	76769	Trust: 0.1
db:	VULHUB	id:	VHN-37609	Trust: 0.1
db:	PACKETSTORM	id:	76918	Trust: 0.1
db:	PACKETSTORM	id:	82086	Trust: 0.1
db:	PACKETSTORM	id:	82088	Trust: 0.1
db:	PACKETSTORM	id:	82087	Trust: 0.1
db:	PACKETSTORM	id:	83554	Trust: 0.1
db:	PACKETSTORM	id:	77000	Trust: 0.1

sources: VULHUB: VHN-37609 // BID: 34571 // PACKETSTORM: 76918 // PACKETSTORM: 82086 // PACKETSTORM: 82088 // PACKETSTORM: 82087 // PACKETSTORM: 83554 // PACKETSTORM: 76752 // PACKETSTORM: 77000 // CNNVD: CNNVD-200904-443 // JVNDB: JVNDB-2009-001257 // NVD: CVE-2009-0163

REFERENCES

url:	http://www.securityfocus.com/bid/34571	Trust: 2.5
url:	http://www.securitytracker.com/id?1022070	Trust: 2.5
url:	http://secunia.com/advisories/34481	Trust: 2.5
url:	http://secunia.com/advisories/34756	Trust: 2.5
url:	http://www.cups.org/str.php?l3031	Trust: 2.0
url:	http://security.gentoo.org/glsa/glsa-200904-20.xml	Trust: 1.8
url:	http://wiki.rpath.com/advisories:rpsa-2009-0061	Trust: 1.7
url:	http://www.cups.org/articles.php?l582	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=490596	Trust: 1.7
url:	http://www.debian.org/security/2009/dsa-1773	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0428.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0429.html	Trust: 1.7
url:	http://secunia.com/advisories/34722	Trust: 1.7
url:	http://secunia.com/advisories/34747	Trust: 1.7
url:	http://secunia.com/advisories/34852	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-760-1	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0163	Trust: 1.3
url:	http://www.securityfocus.com/archive/1/502750/100/0/threaded	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11546	Trust: 1.1
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0163	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0163	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0146	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0166	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0147	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded	Trust: 0.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0147	Trust: 0.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0166	Trust: 0.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0146	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1180	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1179	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1182	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0799	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0165	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0800	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1181	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1183	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0791	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3609	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3609	Trust: 0.4
url:	http://www.mandriva.com/security/	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0791	Trust: 0.4
url:	http://www.mandriva.com/security/advisories	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3608	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0949	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0949	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3608	Trust: 0.4
url:	http://svn.easysw.com/public/cups/trunk/changes-1.3.txt	Trust: 0.3
url:	http://www.cups.org	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2009-163.htm	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0165	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1181	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0800	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0195	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0799	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1180	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1183	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1182	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0195	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1179	Trust: 0.3
url:	http://secunia.com/	Trust: 0.2
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.2
url:	http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.novell.com/index.jsp?search=search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.novell.com/index.jsp?search=search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm	Trust: 0.1
url:	http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm	Trust: 0.1
url:	http://download.novell.com/index.jsp?search=search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1196	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.10_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.13_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.10_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.4_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.13_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.10_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.10_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.10_sparc.deb	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0164	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0164	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1

CREDITS

iDefense

Trust: 0.9

sources: BID: 34571 // CNNVD: CNNVD-200904-443

SOURCES

db:	VULHUB	id:	VHN-37609
db:	BID	id:	34571
db:	PACKETSTORM	id:	76918
db:	PACKETSTORM	id:	82086
db:	PACKETSTORM	id:	82088
db:	PACKETSTORM	id:	82087
db:	PACKETSTORM	id:	83554
db:	PACKETSTORM	id:	76752
db:	PACKETSTORM	id:	77000
db:	CNNVD	id:	CNNVD-200904-443
db:	JVNDB	id:	JVNDB-2009-001257
db:	NVD	id:	CVE-2009-0163

LAST UPDATE DATE

2025-09-28T20:19:32.458000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37609	date:	2018-10-11T00:00:00
db:	BID	id:	34571	date:	2015-04-13T21:55:00
db:	CNNVD	id:	CNNVD-200904-443	date:	2009-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2009-001257	date:	2010-05-07T00:00:00
db:	NVD	id:	CVE-2009-0163	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37609	date:	2009-04-23T00:00:00
db:	BID	id:	34571	date:	2009-04-16T00:00:00
db:	PACKETSTORM	id:	76918	date:	2009-04-22T21:36:03
db:	PACKETSTORM	id:	82086	date:	2009-10-21T02:32:05
db:	PACKETSTORM	id:	82088	date:	2009-10-21T03:01:09
db:	PACKETSTORM	id:	82087	date:	2009-10-21T02:57:54
db:	PACKETSTORM	id:	83554	date:	2009-12-08T01:31:40
db:	PACKETSTORM	id:	76752	date:	2009-04-16T22:46:02
db:	PACKETSTORM	id:	77000	date:	2009-04-28T00:22:34
db:	CNNVD	id:	CNNVD-200904-443	date:	2009-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2009-001257	date:	2009-05-27T00:00:00
db:	NVD	id:	CVE-2009-0163	date:	2009-04-23T17:30:01.577