VARIoT IoT vulnerabilities database

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 41047 Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability 41048 Apple iPhone/iPod touch Prior to iOS 4 Wireless Network Security Weakness 41049 Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability 41051 WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability 41052 Apple iPhone/iPod touch Prior to iOS 4 JPEG File Buffer Overflow Vulnerability 41053 WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability 41054 WebKit Table Handling Remote Code Execution Vulnerability 41065 Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability 41066 Apple iPhone and iPod touch Race Condition Security Bypass Vulnerability 41067 Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability 41068 WebKit User Interface Cross Domain Spoofing Vulnerability. Apple iOS is an operating system developed by Apple Inc. for the iPhone

Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. An attacker with physical access to a locked device can exploit this issue to bypass the passcode and access the user's data. Apple iOS is an operating system developed by Apple Inc. for the iPhone. Attackers can use unknown vectors to bypass the login code passcode requirement

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. WebKit is prone to a cross-domain spoofing vulnerability. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 41047 Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability 41048 Apple iPhone/iPod touch Prior to iOS 4 Wireless Network Security Weakness 41049 Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability 41051 WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability 41052 Apple iPhone/iPod touch Prior to iOS 4 JPEG File Buffer Overflow Vulnerability 41053 WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability 41054 WebKit Table Handling Remote Code Execution Vulnerability 41065 Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability 41066 Apple iPhone and iPod touch Race Condition Security Bypass Vulnerability 41067 Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability 41068 WebKit User Interface Cross Domain Spoofing Vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. Apple iOS and Mac OS X are prone to a stack-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. An attacker can exploit this issue to bypass certain security restrictions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. Ziproxy is a forwarded, non-cached, compressed HTTP proxy server. Ziproxy can compress images into low quality JPEG files or JPEG 2000 and compress (gzip or) HTML and other text-like data. Ziproxy handles partial PNG images with errors that trick users into loading specially constructed PNG images with Ziproxy, which can trigger heap-based buffer overflows. Ziproxy is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Ziproxy PNG Image Processing Vulnerability SECUNIA ADVISORY ID: SA40156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40156 RELEASE DATE: 2010-06-26 DISCUSS ADVISORY: http://secunia.com/advisories/40156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ziproxy, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is reported in version 3.1.0. SOLUTION: Update to version 3.1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ziproxy.sourceforge.net/ http://ziproxy.cvs.sourceforge.net/viewvc/ziproxy/ziproxy-default/ChangeLog?r1=1.241&r2=1.239 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 RELEASE DATE: 2010-06-25 DISCUSS ADVISORY: http://secunia.com/advisories/40196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iTunes. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This is related to vulnerability #3 in: SA36096 2) Multiple integer overflows when processing TIFF files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. For more information: SA37931 SA40105 4) One unspecified vulnerability with an unknown impact has been reported in WebKit included in iTunes. No further information is currently available. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information see vulnerability #14 and 15 in: SA40257 SOLUTION: Update to version 9.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Chris Evans of the Google Security Team and Andrzej Dyjak. 2) The vendor credits Kevin Finisterre, digitalmunition.com. 4) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4220 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. This vulnerability CVE-2010-1763 and CVE-2010-1769 Is a different vulnerability.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 RELEASE DATE: 2010-06-25 DISCUSS ADVISORY: http://secunia.com/advisories/40196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iTunes. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This is related to vulnerability #3 in: SA36096 2) Multiple integer overflows when processing TIFF files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. For more information: SA37931 SA40105 4) One unspecified vulnerability with an unknown impact has been reported in WebKit included in iTunes. No further information is currently available. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information see vulnerability #14 and 15 in: SA40257 SOLUTION: Update to version 9.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Chris Evans of the Google Security Team and Andrzej Dyjak. 2) The vendor credits Kevin Finisterre, digitalmunition.com. 4) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4220 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. Pmount is a mobile device that allows regular users to attach without matching in /etc/fstab. Pmount does not securely create temporary files. Other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2063-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 17, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : pmount Vulnerability : insecure temporary file Problem type : local Debian-specific: no CVE Id : CVE-2010-2192 Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. For the stable distribution (lenny), this problem has been fixed in version 0.9.18-2+lenny1 For the unstable distribution (sid), this problem has been fixed in version 0.9.23-1, and will migrate to the testing distribution (squeeze) shortly. We recommend that you upgrade your pmount package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz Size/MD5 checksum: 436009 d04973bde34edac7dd2e50bfe8f10700 http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc Size/MD5 checksum: 1202 d2a121965c3af232694c8df63821d713 http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz Size/MD5 checksum: 8778 96ad2faddf78f80b104a4b9d883507d5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb Size/MD5 checksum: 119610 b8734d5a360b76e0c8dc7e7d97ee2f9d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb Size/MD5 checksum: 117680 5ef3870410e876fbc7bdd0e092f08eef arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb Size/MD5 checksum: 100718 b04cb703b30df4605d9d121ee2c89c16 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb Size/MD5 checksum: 101628 1ecb1c7cc49eda6d31de2165327dac99 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb Size/MD5 checksum: 113350 189516bd992b63efaa489067cc9f6449 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb Size/MD5 checksum: 102034 5070f1a0a8a9d617c710bc2820bf65e9 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb Size/MD5 checksum: 133204 747d5be1ca278b8bac08522d72282923 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb Size/MD5 checksum: 114712 661bf288a4790a6c99f826a9d23ed584 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb Size/MD5 checksum: 115204 e5fc95107322fa23317ac413b9d0dac5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb Size/MD5 checksum: 124538 684de19e8f8df5ae941849b1b0298e33 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb Size/MD5 checksum: 116318 a80c45d4dbd5a7fb666f4926e5deac59 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb Size/MD5 checksum: 102488 96c8d0f14087b1036c70bd500da2b032 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwacTUACgkQNxpp46476apEeACfSjvEfyP9UZu2/MC0Jm852lRD U3YAnAvDten0Kd7bucSdHv9DyRmqjiih =W8js -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2010 Date: December 11, 2014 Bugs: #159556, #208464, #253822, #259968, #298067, #300375, #300943, #302478, #307525, #307633, #315235, #316697, #319719, #320961, #322457, #325507, #326759, #326953, #329125, #329939, #331421, #332527, #333661 ID: 201412-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/insight < 6.7.1-r1 >= 6.7.1-r1 2 dev-perl/perl-tk < 804.028-r2 >= 804.028-r2 3 dev-util/sourcenav < 5.1.4 >= 5.1.4 4 dev-lang/tk < 8.4.18-r1 >= 8.4.18-r1 5 sys-block/partimage < 0.6.8 >= 0.6.8 6 app-antivirus/bitdefender-console <= 7.1 Vulnerable! 7 net-mail/mlmmj < 1.2.17.1 >= 1.2.17.1 8 sys-apps/acl < 2.2.49 >= 2.2.49 9 x11-apps/xinit < 1.2.0-r4 >= 1.2.0-r4 10 app-arch/gzip < 1.4 >= 1.4 11 app-arch/ncompress < 4.2.4.3 >= 4.2.4.3 12 dev-libs/liblzw < 0.2 >= 0.2 13 media-gfx/splashutils < 1.5.4.3-r3 >= 1.5.4.3-r3 14 sys-devel/m4 < 1.4.14-r1 >= 1.4.14-r1 15 kde-base/kdm < 4.3.5-r1 >= 4.3.5-r1 16 x11-libs/gtk+ < 2.18.7 >= 2.18.7 17 kde-base/kget < 4.3.5-r1 >= 4.3.5-r1 18 app-text/dvipng < 1.13 >= 1.13 19 app-misc/beanstalkd < 1.4.6 >= 1.4.6 20 sys-apps/pmount < 0.9.23 >= 0.9.23 21 sys-auth/pam_krb5 < 4.3 >= 4.3 22 app-text/gv < 3.7.1 >= 3.7.1 23 net-ftp/lftp < 4.0.6 >= 4.0.6 24 www-client/uzbl < 2010.08.05 >= 2010.08.05 25 x11-misc/slim < 1.3.2 >= 1.3.2 26 net-misc/iputils < 20100418 >= 20100418 27 media-tv/dvbstreamer < 1.1-r1 >= 1.1-r1 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 27 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * Insight * Perl Tk Module * Source-Navigator * Tk * Partimage * Mlmmj * acl * Xinit * gzip * ncompress * liblzw * splashutils * GNU M4 * KDE Display Manager * GTK+ * KGet * dvipng * Beanstalk * Policy Mount * pam_krb5 * GNU gv * LFTP * Uzbl * Slim * Bitdefender Console * iputils * DVBStreamer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All Insight users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1" All Perl Tk Module users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2" All Source-Navigator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4" All Tk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1" All Partimage users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8" All Mlmmj users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1" All acl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49" All Xinit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4" All gzip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4" All ncompress users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3" All liblzw users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2" All splashutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-gfx/splashutils-1.5.4.3-r3" All GNU M4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1" All KDE Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1" All GTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7" All KGet 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1" All dvipng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13" All Beanstalk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6" All Policy Mount users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23" All pam_krb5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3" All GNU gv users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1" All LFTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6" All Uzbl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05" All Slim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2" All iputils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418" All DVBStreamer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1" Gentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: # emerge --unmerge "app-antivirus/bitdefender-console" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2006-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005 [ 2 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 3 ] CVE-2008-0553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553 [ 4 ] CVE-2008-1382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382 [ 5 ] CVE-2008-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907 [ 6 ] CVE-2008-6218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218 [ 7 ] CVE-2008-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661 [ 8 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 9 ] CVE-2009-0360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360 [ 10 ] CVE-2009-0361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361 [ 11 ] CVE-2009-0946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946 [ 12 ] CVE-2009-2042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042 [ 13 ] CVE-2009-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624 [ 14 ] CVE-2009-3736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736 [ 15 ] CVE-2009-4029 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029 [ 16 ] CVE-2009-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411 [ 17 ] CVE-2009-4896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896 [ 18 ] CVE-2010-0001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001 [ 19 ] CVE-2010-0436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436 [ 20 ] CVE-2010-0732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732 [ 21 ] CVE-2010-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829 [ 22 ] CVE-2010-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000 [ 23 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 24 ] CVE-2010-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511 [ 25 ] CVE-2010-2056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056 [ 26 ] CVE-2010-2060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060 [ 27 ] CVE-2010-2192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192 [ 28 ] CVE-2010-2251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251 [ 29 ] CVE-2010-2529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529 [ 30 ] CVE-2010-2809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809 [ 31 ] CVE-2010-2945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. CUPS (Common UNIX Printing System) is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to fall into an infinite loop, denying service to legitimate users. Versions prior to CUPS 1.4.4 are vulnerable. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 (CVE-2011-2896). The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 451f5c217b5607e6ae8e2c091b7ecc75 2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm 0c7f78718f376f9df426aa4dc1b6f93e 2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm deefb9a51325690a9f4fe8fe519faf9f 2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm bdea2daf7c44f8a5250df2d548a9e030 2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm dd60444ba124fa9c024375b9356848d6 2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm 680ac463439bb2332229a52fb1d8a4c4 2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm 67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 557d87c9d241ae39c785c6373dd8b70f 2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm f68379827c3e1dd18601fff8dd19621f 2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm 5439dfb021e198212a04698d95ddb5f2 2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm 6567d318f829bafaa625262159589806 2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm 17f56ba710371a2297d13880fc7676d7 2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm 8d29304cb6f1bbb89682bf852a2da6ed 2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm 67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm Mandriva Linux 2010.1: 333f2b8f389a7210be1123ce092bbb8b 2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm 2f753bd61e2726d1099d2dd3d57f2eca 2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm 2d9ae53f0a159618391ef18c94561408 2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm 9fbb242780d33b802667d5babdeff105 2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm 461913f016aa628f81379e1a4e67151b 2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm 3b907ebc975bbf2d700edd64d44e5e79 2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0eb77a9809fcd349c3fa223781f7794e 2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm e5e69d444efa6344cff81af4278c9755 2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm 6c0a637a71baa5c5a58ce5c4b28d0137 2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm b34fcde9ed6ef29b76e816f800d11237 2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm ebc1a568d6dee5bf1d88bdceded2a716 2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm 98f1846e79b75e9e0a3e98b15385d80d 2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm Mandriva Enterprise Server 5: 776e12f8d570445f63c0a9437fcddd2e mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm ad33a9c8115cc83c1008028bcb0e29c7 mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm 21b795c7736553fd6a825598976c866b mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm c3fd62dd50d3ce0b96ef0b3c2520ff89 mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm 34b4518819bfac3d5ea9d6e925b7945b mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm 5403247140449d963d791c54df419b18 mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 7f11915d7803d01df1840d891882e6ba mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm 1a364126747bf4f24987c184344c4ec4 mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm 3d728c0528cc1ad0d23b1a511c122f68 mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm 1abee6673d58115557b11c5fded196d2 mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm dab5b4d9ef8442301b180e21fc003b45 mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm 91955cdd36674dc12ba5bb716c2bee36 mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for cups SECUNIA ADVISORY ID: SA43521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA37364 SA40165 SA41706 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2176-1: http://www.debian.org/security/2011/dsa-2176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. CUPS (Common UNIX Printing System) is prone to a local privilege-escalation vulnerability. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. Versions prior to CUPS 1.4.4 are vulnerable. There is a vulnerability in the cupsFileOpen function of CUPS. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CUPS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40165 RELEASE DATE: 2010-06-27 DISCUSS ADVISORY: http://secunia.com/advisories/40165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to conduct cross-site request forgery attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) An error due to missing memory allocation checks in the "texttops" filter can be exploited to cause a heap corruption and potentially execute arbitrary code. 2) An uninitialised memory access error in the CUPS web interface when handling form variables can be exploited to disclose potentially sensitive "cupsd" memory. 3) The CUPS web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change CUPS settings when a logged-in administrative user visits a malicious web site. SOLUTION: Update to version 1.4.4. PROVIDED AND/OR DISCOVERED BY: 1) Apple credts regenrecht. 2) Apple credits Luca Carettoni. 3) Apple credits Adrian "pagvac" Pastor of GNUCITIZEN, and Tim Starling. ORIGINAL ADVISORY: http://cups.org/articles.php?L596 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. CUPS is prone to a NULL-pointer dereference vulnerability. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial-of-service conditions. CUPS versions prior to 1.4.4 are affected. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. A missing memory allocation failure check in CUPS's texttops filter resulted in a null pointer dereference. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Debian update for cups SECUNIA ADVISORY ID: SA43521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 RELEASE DATE: 2011-03-21 DISCUSS ADVISORY: http://secunia.com/advisories/43521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. ORIGINAL ADVISORY: DSA-2176-1: http://www.debian.org/security/2011/dsa-2176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . =========================================================== Ubuntu Security Notice USN-952-1 June 21, 2010 cups, cupsys vulnerabilities CVE-2010-0540, CVE-2010-0542, CVE-2010-1748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.19 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.11 Ubuntu 9.04: cups 1.3.9-17ubuntu3.9 Ubuntu 9.10: cups 1.4.1-5ubuntu2.6 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.2 In general, a standard system update will make all the necessary changes. (CVE-2010-0540) It was discovered that CUPS did not properly handle memory allocations in the texttops filter. (CVE-2010-0542) Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. (CVE-2010-1748) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.dsc Size/MD5: 1061 177a2f8e4a29a35ea13fd51256f1380f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.19_all.deb Size/MD5: 998 35bdefd4098d83e84274364d62ee78ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 36246 f780e86740e595dc53b1ed5c75b55c13 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 81834 4085edf21acd7cc603465d9cab24197f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 2297664 891a2b5476e05e98e0b821fad88d0daf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 6096 7f361fac37f34a2560226286e3f59cb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 78160 7a84d018f2ca5b447dc647034759b0e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 25738 dad628ebfbdc12b32325657781edd0e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 131420 8cf624425e00972351b02f37d150916e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 34766 84d90801efca2b0330fccea613ce63de http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77896 158339fe207b732d69201e75cb0f3381 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 2263760 2eca2208b83d962a5c3c5e1fe6d4275f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 6094 36b6a321662416156d7260007a6ca31a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77288 ad80ca6edfc486db896d9eb779e0f650 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 25744 1d533c0ab57482330ae306a7891ec6ff http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 123508 83db482d3738e3ffcc3bfbee0cc33721 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 40476 37b383d15aacfd39dae5300cf032bbd1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 89508 0f77ab8e581be995daab715e3dd7abc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 2310060 47807a4cd2146d7a209a2a189c2b8cb3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 6100 ea6cc5c9d5f9bed2541300fe56597e78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 79802 b1a45ff6919450143c754a1ff36e9060 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 25742 1f563fdffe4e8bd058bedf9460e88e4c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 129252 330ddedb5d53bae2ba5c7752e18fcfa6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 35384 8ed75eb174931274c38d13af2fb7c112 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 78676 ddd3a0a2cb9352db14eb335413b08f46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 2298378 da734c1436bd698bec5f919f75d28ed5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 6096 e1848071c118342cd2c4bb2cb3ca2ce9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 77080 aacd50b0ac685df76f63d312727604d9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 25752 05b0ee318bdfa19b7de919ed6754b410 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 124994 c16e6c9aaca61f227d1c3940d93002da Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.diff.gz Size/MD5: 152646 c20cc845d61bec4c777a623bdd3a6043 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.dsc Size/MD5: 1444 f04fc7976a0a92b58e57ff27631efab0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.11_all.deb Size/MD5: 1144560 7b4f2abb608fa6c442994caa8c47e110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 37526 a9d6ecea3143d1335dc31815cf75dbd5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 90076 042ae92e8d94ae9d2482952b2e99df5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 1890142 14da569119511e5f51b320cfc79506d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 60796 60488f0471f8c9bc173c03320bb789b2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 50214 47f4d3a00e8f761452a020a09a7384b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 345354 e963afb3e1275ddf97b68284e40372ea http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 179228 f33a66c1ac3967328f17297b1749b53b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 36950 df31639f3490ff68d09f8029cec8924f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 88546 b9ea8e8c14ed2d0f8ecfe137fdf6454a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 1872422 9b0e8cce7f3ac6f029d1d9722e98a213 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 60092 9e5eb97dd1cebd0229863029e4ca8f78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 49858 34a9fac10b0722657d2ca8ef56848f8d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 339688 c898e4f9f0dca3101a03dd02111a10f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 176154 6a9ab1e5e19cadb5c7252502fc027de7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 36672 f41063e4a148dc8899ebef34e6cbfb3c http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 88846 4b68211c70b5bb7e656254da22bbd318 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 1874024 d6476f29b2979d242c8ff37d2241a61b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 60494 320b2a5fdfebf2c40a0710adff97036d http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 50816 3c56d3f411c40dedf3b6436b30b54b9a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 337320 79b5fb2771ca47c968f5abf93b91202c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 174996 0bcdda8df4f857444adca2943fd3c170 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 46938 ad94ebf4867859a982bb89477eab7ea4 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 110644 a281f4e5aa21d689540f919d5ee3fa5d http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 1958650 0e52cf6cd29c14ff0f2cc3212c552b99 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 59936 4091d328dee9d0deba5661fc5e762f1c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 54924 4fcf6eb1050a0eeee9854126fee0a79e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 342064 8d4b8d42acc54c66da52949ea44fd553 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 184954 42c1c793307f1cc4d18d522ae80f0270 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 38036 e62ae6e8d6d291f9ed605c555d158718 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 91032 0eeec008bd95aebc2cf01b29dc21c908 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 1907984 55de2e9030db5aa551bce341684870dc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 57832 b053dd502dd903723e8d6a77ce0b1c2b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 48216 1def563a1d36813e430550ff75cf8d5e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 341820 abc71448985875caa6210132ecf46b93 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 174938 f91384db37267deab1639718fe3b8c34 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.diff.gz Size/MD5: 347764 2955695161c0ce780898d42714dba9c8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.dsc Size/MD5: 1995 00cc768af9e65ccaaed74d7c4352e86d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 1165952 144fdfb5ea034f6f0efa02c8d36f5667 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61232 dfdb0322c17e7e1b747ba8f9db12a498 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61240 06126e6e2f7caf9e7fd2f124daf3396c http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61226 808e56e373bc060585483194bcfac4a7 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 17df573a12aca59fb662736b11cb5a89 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 4518 b33fc896433f2122e19187140ff848bf http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61218 521cc3faadf974588bd059da948ffd46 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 5d435cb91fe17f9603d67ac58cf00ebd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 37304 456a29fc3e6e4a6a12afb28cf070d153 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 119754 3a3546041387ada93c1f834570d0b7db http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 1675558 fd25a667614137c16bfa36e8c4bcf772 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 2178564 f1799dbcec836870692ecaa40b254f8b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 352570 5ac8c911b9b70ba35f4054ae5fff6857 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 178584 8f72778104c3015920601f7d39ec58ca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 61264 cc1633d90a82496ea55beb87d9e4282a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 52218 ef2c76e51468c29f16868f9b65a1d986 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 36230 3469935b69c38df8cc889905082f6170 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 115268 2c97947d64499af1488d7147aabd1272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 1533088 e0c1e8945bcf28c325313ecc8675819b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 2144702 03fd75f8698031522c9483663deaddf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 346396 a89110547944785464731b47fadf5ef9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 175170 470d2d69e5df366ca7d359b86c4693b3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 60498 7a2cb2739132e79a1fa70c0983d6bda0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 51542 60e03d1de616cc7d9fd5deccfba7e73f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 36028 95dd554290394bba340e1b9ed0eeca22 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 114518 7cdf8bfff996881b0ff38122507d24f8 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 1562414 99f96dacc52fb8ab31879dc8d917eed3 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 2141504 666f44d2a5057b47b0926b8fbc0ff9ce http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 343356 43f548744343771bfccc97e0965767e5 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 173468 495c1181694e597d3e2ee9b7879f63b4 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 60670 59cb79251da624cf56788a6ebbdd1854 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 52342 8b1039fde9779991586c0861bde5d692 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 43570 1bfc6992664c3dcf9ac9853ab5b6f62f http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 138118 56c93d7803d01c16a39e9fbe917e3a98 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 1649586 223b30bbc9f4d0e25c327eb10bf364ec http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 2266484 6abc3509cdcf34e481d74adb7b939ec2 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 348324 d36b5c40f196d505735fe367a7a2380a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 183986 555915a89c0a514dcb6e77486a9112ed http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 61310 1c61fe881255b71f6264119f319f24b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 57406 ab4fb5ea4040929b5ec38abad5f38cfb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 37208 6046757ca4fe9b690247c34fe009b8ea http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 117494 0a21aaee253debec63b21c20dfda20bd http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 1477080 6d03ce62f445559aeac03429e66cf9bb http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 2211336 6ea40676d2b68ab7e75e4e81d79493c5 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 345154 da2107d40cbf1f8575995dddb031ac25 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 170956 d17a5b8ce2609a9a73b8b49af592d31d http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 57854 9978193eaa21591bcbda0103bd2d7420 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 49696 e9933a11538063753748ab7a29ddf48b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.diff.gz Size/MD5: 430803 9896ab093cf6c3ef71a80e0c37e4b7aa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.dsc Size/MD5: 2273 893689e77881954b258ddb7107aa699e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 1420352 27ce929720fc629fed288754a91ce13b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69858 388fcac30796d5907253d647b12d7969 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69822 3cf78e179ad70f3273abfc1263664266 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 97bd4ac6413bb46ab53861a581113f0a http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 b391fa9c83fbf3009e56df2746ab94d2 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 4544 57b5675c9659d18d88a113f55a2176f9 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69842 7aff9ca2dc796cb3604221265e9b2747 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 36714 b7a8d6d23214b4d0cbc888888a48e335 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 120262 8dfd957d0cc33ffaaf32072079907ee1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90150 3233d3c9c94c0f262f00f4b71d7a81d5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 1909664 73ed914b62e3c9e04dcaec55b543407d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 210802 f23c0fdafcfd0fad270f8afa3a937c31 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 219530 3c472155e2f3471ddb68a50b6661aa42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 103906 a77f22491afdfd65c60fe01ba8660673 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 33134 5d3ba0a39217678739e2c7812512d28c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90504 fe988efeb10d537670c25ad298c58eb7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 22188 6316c51f52a01de4b3011411db62a5b7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 61528 5b4718cdfd4387c0d7114f2580c8254b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 53152 4013a5f53425a382b45889fe73f6f3a9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 81518 f81f9bcdd2faf8a7f9ba6fefe4f8cdc2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 15490 e4228a982cf71ae48ee2af86325b45ac http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 143326 b8a0420a543914c8299e340a5723ba1d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 60108 fa27048727ffbbb4e58ba9ee6ccaadeb http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 34522 851e93d20f1315beb56cf357956c5f2a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 35484 3a0b604fdbf0106ca6886eee07968dff http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 115306 688d22b75b84a4b0ef3ed89306f653bf http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 89220 4b4a76a3551a6c934975aa040289a3d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 1867674 564568d5ec8164e9ee916dc41951d660 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 199732 6617d9b279c98755836e6ce614978924 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 213492 2c15204d6c3c638327b812a76259c33a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 102998 80bcbfadf15cb8f0b578362352fc461f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32872 2cb6e24ce760d286b1e4ce2e7dc9275c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 90720 5c967305feec17ac2c2715ca3a553263 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 22070 d77fc0c0f4db9f7e907f658be56f9c42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 60316 88f1d9c994bfc4ac28381aa8ca28585e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 52414 b8598a149d3a8f8b3d0cb79f12633dea http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 81432 e2eba2bb5cd587421404445bf4cb3c36 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 15202 531427f9f7e56220142b4e51233daf01 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 141908 70047df2efe6271a7f0fe81be26e898b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 61440 287af16b51cbf417374964ce1faaa9a0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32818 67c42e8a46deb780a4ea43679a8f7b1b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 35444 43e9a036f2cb42db2e2894edfef0afda http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 115172 a7a25b4d3d2c988a06dee38802fd2e0b http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 89146 d45d7185a76bd44f3e11a2f52b87f1fd http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 1865278 622d02b7fdcfd8ad0c7ab5e4758dc29c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 197074 b109e960fb1cfd95ecc65cdcb106bc97 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 212098 185440c848f158c3f1ea8a00096454e6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 102282 ff45f4229a289f1d3a5eadf0dfa1f6d7 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 32662 51fff11adcbf03ff5c6c4344231f40f4 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 90140 2025394e060c7ac4135fb3197c82e2aa http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 21772 94c88b2f892a3ca17071da2e1d3f57de http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 59952 b6e1c63ff6dcf6fae5ddf41e83bf2b39 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 52580 2733ad91569bb1b7018966ac2316d6b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 81372 71e31f4d06b1de5ede2c8186e60292fb http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 15308 f81a0425d623423089f99b429a15e916 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 142212 ec10060804a0e9747a65322cdb456ea0 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 62670 e9f0de51cdf2665eaeb9699f4440d4b3 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 33272 5cb032354f73c1f3b549b9bf4ba034b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 37002 98296fbdb2c48a660ec17b0c4a4f3c90 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 121666 bba9834fa00e775df09cf0f0488f7f9a http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89800 d19794e77bb85ad268c3d2bc2bfa1f31 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 1931086 acb1d07a0d0a2dc17fba7683ec52e16b http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 203926 83542c3ef9602299bfb8302ed77290e7 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 224070 6ed170661f54e7fa50f61a69a904ec21 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 103042 8966b98ea957fbb8b92a4678317fddae http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 35072 b1aa40b4d141f00000864f0a87a795f3 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89920 f1f371d9914166ec1af92bf5706253f0 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 22332 87366d86919da7b07046b73a1b276471 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 60622 d5dfb6d846e1b6f3935071d78da667ba http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 55370 b598355d538a5202a38c1286b8cf9cb8 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 81882 96dca3856de634bbd9596a6fc7afa9c6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 15792 ada89970388879b889ce3ce23f0786e9 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 141460 54b03efb38851fc77a7c32217d89a838 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 64954 75bb84b2f2aed56705323657a98c94c6 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 34788 3b21946edb4a3f5b5a53941a97c7902b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 36050 40e9f13fcb68ae0f7b780ddffa930569 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 117802 69758c023939b53c735884c8bb3da729 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 89654 d38e699a47d22475311fbc9f72835462 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 1954398 385300918a21dc44de8f253ee2f28eaf http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 201862 dcf93f4fd26767ca13dd8562244fcf1b http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 211164 700260b08f51811acc2a051b24378125 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 104686 dea3e49233b35c05ceb73d2c6cb377c2 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 32990 05ea0b382be4213b3a5a56cea510f2ef http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 90114 8e30914034d660780c8023500e6ffc3f http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 21388 3924468f70aa5cd4ba7000414fdf0688 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 58154 093eb825804bc6d172335e1a73f9afb6 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 50288 47b1de9dede6755e934512df997031d9 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 80642 f0c36f2b152a9c5834f871a9e3ba534a http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 14382 74976d5c3d9d2e5f84c63b3d95df8dad http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 144596 8c8e872d9a7fc3461cd3295c47c46da4 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 61448 f654d799a55faf5c5bbbc6d111d17e0e http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 33862 426ade2e9fa86473091f0722f60b2e3a Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.diff.gz Size/MD5: 496671 585b5a839d9ec546a9534330a76c0964 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.dsc Size/MD5: 2273 167a7ea0e055786fe2e5f74c03b92294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 1463434 ab433df67ddd32bf49adbe3e16ba82c4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73442 8dad2edf6d46f76dcb52db201016947d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73402 db5a399abfcb69136bdd86554d1ab636 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73432 9fb3a058c65da62706a80d9484010eef http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73438 dab3b5e2ff47294536789a858bb9a3b3 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 4552 e0c4a0047f7ec0268315afaa85caf9b0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73424 ced4b61fab69b55277de4b5a29b7017d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 44774 d9e37725367f31858091bdf5b168d881 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 140618 94b07ecdeac71ffd4ccd6417ba744a98 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 93886 7a2163f56c74b490b1c1a3a6c10d0cf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 1973830 125e1409b54622ebcd8c0557efc004ab http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 212968 d6ab1b998818ba99f18b1e633666c13f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 223550 2c887f725f30a5e1d9aa2c20d6268337 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 107780 ec510ebb54127d6567d5b585321733d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 33114 5ccf1df923f97a7ab3f0dcb56f9c7294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 94168 f3fb3af8004fcb81ef04220e6a66d7f2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 22086 cf810510c3b376d69b13f37398aacc1a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 61438 882621ff9d056e9ac830ea5627bc0c93 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 53094 09ed3cb267e2e3b8bcbe208ea7a0ad02 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 85296 3557d7e7ba9cdc196a6040eea6cd7272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 15444 ea9e1ce52141169dd6c64f2633c195a4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 147096 e85555341ed2031d26c921dc77ed7503 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 59990 9ba72110aead42b48c679562e4b55af0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 34596 3d41e6ee5ab5bc0abd355c5625c36091 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 43346 6de1a8c71528e1ec1014a5331309e8bd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 135836 9bee4520bf4ca64466a08a51b426088a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 92978 9397ab013a3ee9f18378b30b40d924ce http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 1928108 558ae105b117bd0ba98580b0db10de45 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 202544 8bcf1d8fcafe878a6c3728ea448966e5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 217726 7d8eddc54dc065a4a7d277c908e83f3e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 106934 441cd88aabbaa2a57adb57daebfd13c1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32950 fe896ca272249efb52cc3325c959b956 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 94304 20dd13df8749e1e3b17053288b768146 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 21780 8c493eed360e1c996dacf20a993a4457 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 60196 8937ce7e76d479a3be672ed8287a7675 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 52268 ca080db4912f21a37e496999506a4e12 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 85238 d9ded4b415c370cff8cf2c1a9c6b403a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 15138 c18676b7afb412704b384d02a9f764a0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 145604 c3f0c1d386de11db2c83b29ce61d747e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 61266 9350be23632e0bb41bacdf493916f1e5 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32894 588a8edd7a8cef5ad2312c6b2a466d41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 44800 b5b282e36f232b95a4221a19c58e4d80 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 142152 c7959ec969f56a4c8061a9115e3fb9d0 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93536 31ab6658804a9d5b8e165f7182522792 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 1992826 720559a8b6b13a49cb8de64599dc0d0c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 206536 c0792eccffa336a078847fc1570f1847 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 228182 7336ad247af6f88cf383738429859a03 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 107032 aa51ce9c4d8b97a4be4c4604c1ece7dd http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 35034 5ad9a33558ab86fe168d1778367f5614 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93706 46fab84fdbe699e3bf89ac4d7a7a5f21 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 22244 4427366e73d2ed6b756290bbbe89f33e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 60546 b5561e25ff9d7a625079a4a92b97eeeb http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 55298 7564d5317f23a06dd984e7a011f7d4a3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 85702 e50cfac0de465610de321b6a247294ad http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 15702 b530dc6e40497cdd17cb2eef7fc86f35 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 145258 3e1d1f46e3a3a978073cb7134660dca8 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 64908 91d9e1374bca739f621f52ff824cb967 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 34770 300740d181959eaa050dd38e8d7f5b95 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 44076 8e8b983418cfe367c386a581948e62d1 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 140914 b937ab49f26f53b13dbacfa1b1755b5e http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 93224 9b81849a723629db064aada33a669605 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 2042588 76638c4d1cc937a4d3038d6ca56c017c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 210178 e1f8624cc98825259447a8f3cfccab43 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 220154 d2692b4767b48e7960007762babdfd4d http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 109484 ee657ed269651dad0e97742db63b3fa6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 33836 49d880a15f6c4c92dc37ef7c9a3e94ed http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 94740 807e344de7057bf78fdbe6d16c8160fe http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 22060 285f1d26a014fcaba9c52a8a204f4a8e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 59236 f2769fd0e05f40416fafb3b8b4e71fd3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 51354 0dacc2034f6a772bf1a35c4390bd707b http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 84742 42f204443d66552e20b05f431a37c9b6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 14596 7bc50be13da6d36c7a8b1ef77ea2c64c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 150882 f51782127f098c8431b4c08ad9084a08 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 62864 470e0fe33fae056cb349cba8f291552a http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 34536 d7f328a90189cac65cda36e18bac2391

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. The SAP J2EE engine is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aim in further attacks and facilitate access to other services. The issue affects the following: SAP-JEECOR 6.40 SAP-JEECOR 7.00 SAP-JEECOR 7.01 SAP-JEECOR 7.02 SERVERCORE 7.10 SERVERCORE 7.11 SERVERCORE 7.20 SERVERCORE 7.30. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: SAP J2EE Telnet Interface Credentials Reflection Vulnerability SECUNIA ADVISORY ID: SA40223 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40223 RELEASE DATE: 2010-06-26 DISCUSS ADVISORY: http://secunia.com/advisories/40223/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40223/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40223 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported a vulnerability in the SAP J2EE engine, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the J2EE telnet interface and can be exploited to replay authentication credentials when authenticating to other services (e.g. SMB). The vulnerability is reported in the following versions: * SAP-JEECOR 6.40 * SAP-JEECOR 7.00 * SAP-JEECOR 7.01 * SAP-JEECOR 7.02 * SERVERCORE 7.10 * SERVERCORE 7.11 * SERVERCORE 7.20 * SERVERCORE 7.30 SOLUTION: Patches are available via SAP note 1425847. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce, Onapsis ORIGINAL ADVISORY: Onapsis: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html SAP (note 1425847): http://service.sap.com/sap/support/notes/1425847 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. Very little information is known about this issue. We will update this BID as soon as more information becomes available. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 RELEASE DATE: 2010-06-25 DISCUSS ADVISORY: http://secunia.com/advisories/40196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iTunes. Some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This is related to vulnerability #3 in: SA36096 2) Multiple integer overflows when processing TIFF files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. For more information: SA40181 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information see vulnerability #14 and 15 in: SA40257 SOLUTION: Update to version 9.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Chris Evans of the Google Security Team and Andrzej Dyjak. 2) The vendor credits Kevin Finisterre, digitalmunition.com. 4) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4220 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. Secure Access is prone to a cross-site scripting vulnerability

Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. (DoS) There is a vulnerability that becomes a condition.Print service name by third party Unicode Denial of service via deployment of devices using characters (DoS) There is a possibility of being put into a state. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. Attackers can exploit this issue to create a denial-of-service condition

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. Apple Mac OS X Open Directory is prone to a security-bypass vulnerability. Attackers able to execute a man-in-the-middle attack can exploit this issue to impersonate the network account server. This may lead to arbitrary code execution with SYSTEM-level privileges. Other attacks may also be possible. This issue affects Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it

Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. Apple Mac OS X is prone to a remote format-string vulnerability. This issue affects the Network Authorization component. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or to obtain sensitive information. Failed attacks will result in denial-of-service conditions. This issue affects Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it