VARIoT IoT vulnerabilities database
| VAR-201007-0153 | CVE-2010-2661 | Opera Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. Opera Web Browser is prone to multiple security vulnerabilities.
The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available.
Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: June 15, 2012
Bugs: #264831, #283391, #290862, #293902, #294208, #294680,
#308069, #324189, #325199, #326413, #332449, #348874,
#352750, #367837, #373289, #381275, #386217, #387137,
#393395, #409857, #415379, #421075
ID: 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
allow for the execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.00.1467 >= 12.00.1467
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition. A remote
attacker may be able to: trick users into downloading and executing
arbitrary files, bypass intended access restrictions, spoof trusted
content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
information, force subscriptions to arbitrary feeds, bypass the popup
blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
have other unknown impact.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application or
possibly obtain sensitive information.
A physically proximate attacker may be able to access an email account.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
References
==========
[ 1 ] CVE-2009-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234
[ 2 ] CVE-2009-2059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059
[ 3 ] CVE-2009-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063
[ 4 ] CVE-2009-2067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067
[ 5 ] CVE-2009-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070
[ 6 ] CVE-2009-3013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013
[ 7 ] CVE-2009-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044
[ 8 ] CVE-2009-3045
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045
[ 9 ] CVE-2009-3046
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046
[ 10 ] CVE-2009-3047
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047
[ 11 ] CVE-2009-3048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048
[ 12 ] CVE-2009-3049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049
[ 13 ] CVE-2009-3831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831
[ 14 ] CVE-2009-4071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071
[ 15 ] CVE-2009-4072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072
[ 16 ] CVE-2010-0653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653
[ 17 ] CVE-2010-1349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349
[ 18 ] CVE-2010-1989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989
[ 19 ] CVE-2010-1993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993
[ 20 ] CVE-2010-2121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121
[ 21 ] CVE-2010-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421
[ 22 ] CVE-2010-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455
[ 23 ] CVE-2010-2576
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576
[ 24 ] CVE-2010-2658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658
[ 25 ] CVE-2010-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659
[ 26 ] CVE-2010-2660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660
[ 27 ] CVE-2010-2661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661
[ 28 ] CVE-2010-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662
[ 29 ] CVE-2010-2663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663
[ 30 ] CVE-2010-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664
[ 31 ] CVE-2010-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665
[ 32 ] CVE-2010-3019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019
[ 33 ] CVE-2010-3020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020
[ 34 ] CVE-2010-3021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021
[ 35 ] CVE-2010-4579
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579
[ 36 ] CVE-2010-4580
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580
[ 37 ] CVE-2010-4581
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581
[ 38 ] CVE-2010-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582
[ 39 ] CVE-2010-4583
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583
[ 40 ] CVE-2010-4584
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584
[ 41 ] CVE-2010-4585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585
[ 42 ] CVE-2010-4586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586
[ 43 ] CVE-2011-0681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681
[ 44 ] CVE-2011-0682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682
[ 45 ] CVE-2011-0683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683
[ 46 ] CVE-2011-0684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684
[ 47 ] CVE-2011-0685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685
[ 48 ] CVE-2011-0686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686
[ 49 ] CVE-2011-0687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687
[ 50 ] CVE-2011-1337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337
[ 51 ] CVE-2011-1824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824
[ 52 ] CVE-2011-2609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609
[ 53 ] CVE-2011-2610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610
[ 54 ] CVE-2011-2611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611
[ 55 ] CVE-2011-2612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612
[ 56 ] CVE-2011-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613
[ 57 ] CVE-2011-2614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614
[ 58 ] CVE-2011-2615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615
[ 59 ] CVE-2011-2616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616
[ 60 ] CVE-2011-2617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617
[ 61 ] CVE-2011-2618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618
[ 62 ] CVE-2011-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619
[ 63 ] CVE-2011-2620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620
[ 64 ] CVE-2011-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621
[ 65 ] CVE-2011-2622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622
[ 66 ] CVE-2011-2623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623
[ 67 ] CVE-2011-2624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624
[ 68 ] CVE-2011-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625
[ 69 ] CVE-2011-2626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626
[ 70 ] CVE-2011-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627
[ 71 ] CVE-2011-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628
[ 72 ] CVE-2011-2629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629
[ 73 ] CVE-2011-2630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630
[ 74 ] CVE-2011-2631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631
[ 75 ] CVE-2011-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632
[ 76 ] CVE-2011-2633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633
[ 77 ] CVE-2011-2634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634
[ 78 ] CVE-2011-2635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635
[ 79 ] CVE-2011-2636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636
[ 80 ] CVE-2011-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637
[ 81 ] CVE-2011-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638
[ 82 ] CVE-2011-2639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639
[ 83 ] CVE-2011-2640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640
[ 84 ] CVE-2011-2641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641
[ 85 ] CVE-2011-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388
[ 86 ] CVE-2011-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065
[ 87 ] CVE-2011-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681
[ 88 ] CVE-2011-4682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682
[ 89 ] CVE-2011-4683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683
[ 90 ] CVE-2012-1924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924
[ 91 ] CVE-2012-1925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925
[ 92 ] CVE-2012-1926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926
[ 93 ] CVE-2012-1927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927
[ 94 ] CVE-2012-1928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928
[ 95 ] CVE-2012-1930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930
[ 96 ] CVE-2012-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931
[ 97 ] CVE-2012-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555
[ 98 ] CVE-2012-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556
[ 99 ] CVE-2012-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557
[ 100 ] CVE-2012-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558
[ 101 ] CVE-2012-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560
[ 102 ] CVE-2012-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Opera Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA40250
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40250/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
RELEASE DATE:
2010-06-24
DISCUSS ADVISORY:
http://secunia.com/advisories/40250/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40250/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities with an unknown impact have been reported in
Opera.
1) A vulnerability is caused due to an unspecified error.
2) Another vulnerability is caused due to an unspecified error.
3) Another vulnerability is caused due to an unspecified error.
4) Another vulnerability is caused due to an unspecified error.
SOLUTION:
Update to version 10.54.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.opera.com/docs/changelogs/windows/1054/
http://www.opera.com/support/kb/view/954/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-1178 | CVE-2010-2665 | Opera In URI Processing cross-site scripting vulnerability \ |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site.". Opera Web Browser is prone to multiple security vulnerabilities.
The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available.
Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: June 15, 2012
Bugs: #264831, #283391, #290862, #293902, #294208, #294680,
#308069, #324189, #325199, #326413, #332449, #348874,
#352750, #367837, #373289, #381275, #386217, #387137,
#393395, #409857, #415379, #421075
ID: 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
allow for the execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.00.1467 >= 12.00.1467
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition. A remote
attacker may be able to: trick users into downloading and executing
arbitrary files, bypass intended access restrictions, spoof trusted
content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
information, force subscriptions to arbitrary feeds, bypass the popup
blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
have other unknown impact.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application or
possibly obtain sensitive information.
A physically proximate attacker may be able to access an email account.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
References
==========
[ 1 ] CVE-2009-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234
[ 2 ] CVE-2009-2059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059
[ 3 ] CVE-2009-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063
[ 4 ] CVE-2009-2067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067
[ 5 ] CVE-2009-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070
[ 6 ] CVE-2009-3013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013
[ 7 ] CVE-2009-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044
[ 8 ] CVE-2009-3045
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045
[ 9 ] CVE-2009-3046
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046
[ 10 ] CVE-2009-3047
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047
[ 11 ] CVE-2009-3048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048
[ 12 ] CVE-2009-3049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049
[ 13 ] CVE-2009-3831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831
[ 14 ] CVE-2009-4071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071
[ 15 ] CVE-2009-4072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072
[ 16 ] CVE-2010-0653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653
[ 17 ] CVE-2010-1349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349
[ 18 ] CVE-2010-1989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989
[ 19 ] CVE-2010-1993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993
[ 20 ] CVE-2010-2121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121
[ 21 ] CVE-2010-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421
[ 22 ] CVE-2010-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455
[ 23 ] CVE-2010-2576
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576
[ 24 ] CVE-2010-2658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658
[ 25 ] CVE-2010-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659
[ 26 ] CVE-2010-2660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660
[ 27 ] CVE-2010-2661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661
[ 28 ] CVE-2010-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662
[ 29 ] CVE-2010-2663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663
[ 30 ] CVE-2010-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664
[ 31 ] CVE-2010-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665
[ 32 ] CVE-2010-3019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019
[ 33 ] CVE-2010-3020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020
[ 34 ] CVE-2010-3021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021
[ 35 ] CVE-2010-4579
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579
[ 36 ] CVE-2010-4580
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580
[ 37 ] CVE-2010-4581
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581
[ 38 ] CVE-2010-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582
[ 39 ] CVE-2010-4583
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583
[ 40 ] CVE-2010-4584
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584
[ 41 ] CVE-2010-4585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585
[ 42 ] CVE-2010-4586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586
[ 43 ] CVE-2011-0681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681
[ 44 ] CVE-2011-0682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682
[ 45 ] CVE-2011-0683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683
[ 46 ] CVE-2011-0684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684
[ 47 ] CVE-2011-0685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685
[ 48 ] CVE-2011-0686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686
[ 49 ] CVE-2011-0687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687
[ 50 ] CVE-2011-1337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337
[ 51 ] CVE-2011-1824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824
[ 52 ] CVE-2011-2609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609
[ 53 ] CVE-2011-2610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610
[ 54 ] CVE-2011-2611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611
[ 55 ] CVE-2011-2612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612
[ 56 ] CVE-2011-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613
[ 57 ] CVE-2011-2614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614
[ 58 ] CVE-2011-2615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615
[ 59 ] CVE-2011-2616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616
[ 60 ] CVE-2011-2617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617
[ 61 ] CVE-2011-2618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618
[ 62 ] CVE-2011-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619
[ 63 ] CVE-2011-2620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620
[ 64 ] CVE-2011-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621
[ 65 ] CVE-2011-2622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622
[ 66 ] CVE-2011-2623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623
[ 67 ] CVE-2011-2624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624
[ 68 ] CVE-2011-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625
[ 69 ] CVE-2011-2626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626
[ 70 ] CVE-2011-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627
[ 71 ] CVE-2011-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628
[ 72 ] CVE-2011-2629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629
[ 73 ] CVE-2011-2630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630
[ 74 ] CVE-2011-2631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631
[ 75 ] CVE-2011-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632
[ 76 ] CVE-2011-2633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633
[ 77 ] CVE-2011-2634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634
[ 78 ] CVE-2011-2635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635
[ 79 ] CVE-2011-2636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636
[ 80 ] CVE-2011-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637
[ 81 ] CVE-2011-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638
[ 82 ] CVE-2011-2639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639
[ 83 ] CVE-2011-2640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640
[ 84 ] CVE-2011-2641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641
[ 85 ] CVE-2011-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388
[ 86 ] CVE-2011-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065
[ 87 ] CVE-2011-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681
[ 88 ] CVE-2011-4682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682
[ 89 ] CVE-2011-4683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683
[ 90 ] CVE-2012-1924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924
[ 91 ] CVE-2012-1925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925
[ 92 ] CVE-2012-1926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926
[ 93 ] CVE-2012-1927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927
[ 94 ] CVE-2012-1928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928
[ 95 ] CVE-2012-1930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930
[ 96 ] CVE-2012-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931
[ 97 ] CVE-2012-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555
[ 98 ] CVE-2012-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556
[ 99 ] CVE-2012-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557
[ 100 ] CVE-2012-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558
[ 101 ] CVE-2012-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560
[ 102 ] CVE-2012-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Opera Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA40250
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40250/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
RELEASE DATE:
2010-06-24
DISCUSS ADVISORY:
http://secunia.com/advisories/40250/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40250/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities with an unknown impact have been reported in
Opera.
1) A vulnerability is caused due to an unspecified error.
2) Another vulnerability is caused due to an unspecified error.
3) Another vulnerability is caused due to an unspecified error.
4) Another vulnerability is caused due to an unspecified error.
SOLUTION:
Update to version 10.54.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.opera.com/docs/changelogs/windows/1054/
http://www.opera.com/support/kb/view/954/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-1175 | CVE-2010-1407 | Apple iOS of WebKit Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. WebKit is prone to a remote information-disclosure vulnerability.
Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Ubuntu update for webkit
SECUNIA ADVISORY ID:
SA41856
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41856/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
RELEASE DATE:
2010-10-21
DISCUSS ADVISORY:
http://secunia.com/advisories/41856/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41856/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ubuntu has issued an update for webkit.
For more information:
SA36677
SA37346
SA37769
SA37931
SA38545
SA38932
SA39091
SA39651
SA40105
SA40196
SA40479
SA40664
SA41014
SA41085
SA41242
SA41328
SOLUTION:
Apply updated packages.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
ORIGINAL ADVISORY:
USN-1006-1:
http://www.ubuntu.com/usn/usn-1006-1
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-1130 | CVE-2010-2660 | Opera In IDN Vulnerability impersonating a domain |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. Opera Web Browser is prone to multiple security vulnerabilities.
The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available.
Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: June 15, 2012
Bugs: #264831, #283391, #290862, #293902, #294208, #294680,
#308069, #324189, #325199, #326413, #332449, #348874,
#352750, #367837, #373289, #381275, #386217, #387137,
#393395, #409857, #415379, #421075
ID: 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
allow for the execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.00.1467 >= 12.00.1467
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition. A remote
attacker may be able to: trick users into downloading and executing
arbitrary files, bypass intended access restrictions, spoof trusted
content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
information, force subscriptions to arbitrary feeds, bypass the popup
blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
have other unknown impact.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application or
possibly obtain sensitive information.
A physically proximate attacker may be able to access an email account.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
References
==========
[ 1 ] CVE-2009-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234
[ 2 ] CVE-2009-2059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059
[ 3 ] CVE-2009-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063
[ 4 ] CVE-2009-2067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067
[ 5 ] CVE-2009-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070
[ 6 ] CVE-2009-3013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013
[ 7 ] CVE-2009-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044
[ 8 ] CVE-2009-3045
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045
[ 9 ] CVE-2009-3046
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046
[ 10 ] CVE-2009-3047
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047
[ 11 ] CVE-2009-3048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048
[ 12 ] CVE-2009-3049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049
[ 13 ] CVE-2009-3831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831
[ 14 ] CVE-2009-4071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071
[ 15 ] CVE-2009-4072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072
[ 16 ] CVE-2010-0653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653
[ 17 ] CVE-2010-1349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349
[ 18 ] CVE-2010-1989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989
[ 19 ] CVE-2010-1993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993
[ 20 ] CVE-2010-2121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121
[ 21 ] CVE-2010-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421
[ 22 ] CVE-2010-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455
[ 23 ] CVE-2010-2576
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576
[ 24 ] CVE-2010-2658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658
[ 25 ] CVE-2010-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659
[ 26 ] CVE-2010-2660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660
[ 27 ] CVE-2010-2661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661
[ 28 ] CVE-2010-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662
[ 29 ] CVE-2010-2663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663
[ 30 ] CVE-2010-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664
[ 31 ] CVE-2010-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665
[ 32 ] CVE-2010-3019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019
[ 33 ] CVE-2010-3020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020
[ 34 ] CVE-2010-3021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021
[ 35 ] CVE-2010-4579
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579
[ 36 ] CVE-2010-4580
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580
[ 37 ] CVE-2010-4581
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581
[ 38 ] CVE-2010-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582
[ 39 ] CVE-2010-4583
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583
[ 40 ] CVE-2010-4584
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584
[ 41 ] CVE-2010-4585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585
[ 42 ] CVE-2010-4586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586
[ 43 ] CVE-2011-0681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681
[ 44 ] CVE-2011-0682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682
[ 45 ] CVE-2011-0683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683
[ 46 ] CVE-2011-0684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684
[ 47 ] CVE-2011-0685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685
[ 48 ] CVE-2011-0686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686
[ 49 ] CVE-2011-0687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687
[ 50 ] CVE-2011-1337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337
[ 51 ] CVE-2011-1824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824
[ 52 ] CVE-2011-2609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609
[ 53 ] CVE-2011-2610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610
[ 54 ] CVE-2011-2611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611
[ 55 ] CVE-2011-2612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612
[ 56 ] CVE-2011-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613
[ 57 ] CVE-2011-2614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614
[ 58 ] CVE-2011-2615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615
[ 59 ] CVE-2011-2616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616
[ 60 ] CVE-2011-2617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617
[ 61 ] CVE-2011-2618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618
[ 62 ] CVE-2011-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619
[ 63 ] CVE-2011-2620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620
[ 64 ] CVE-2011-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621
[ 65 ] CVE-2011-2622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622
[ 66 ] CVE-2011-2623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623
[ 67 ] CVE-2011-2624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624
[ 68 ] CVE-2011-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625
[ 69 ] CVE-2011-2626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626
[ 70 ] CVE-2011-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627
[ 71 ] CVE-2011-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628
[ 72 ] CVE-2011-2629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629
[ 73 ] CVE-2011-2630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630
[ 74 ] CVE-2011-2631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631
[ 75 ] CVE-2011-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632
[ 76 ] CVE-2011-2633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633
[ 77 ] CVE-2011-2634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634
[ 78 ] CVE-2011-2635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635
[ 79 ] CVE-2011-2636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636
[ 80 ] CVE-2011-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637
[ 81 ] CVE-2011-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638
[ 82 ] CVE-2011-2639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639
[ 83 ] CVE-2011-2640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640
[ 84 ] CVE-2011-2641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641
[ 85 ] CVE-2011-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388
[ 86 ] CVE-2011-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065
[ 87 ] CVE-2011-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681
[ 88 ] CVE-2011-4682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682
[ 89 ] CVE-2011-4683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683
[ 90 ] CVE-2012-1924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924
[ 91 ] CVE-2012-1925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925
[ 92 ] CVE-2012-1926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926
[ 93 ] CVE-2012-1927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927
[ 94 ] CVE-2012-1928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928
[ 95 ] CVE-2012-1930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930
[ 96 ] CVE-2012-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931
[ 97 ] CVE-2012-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555
[ 98 ] CVE-2012-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556
[ 99 ] CVE-2012-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557
[ 100 ] CVE-2012-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558
[ 101 ] CVE-2012-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560
[ 102 ] CVE-2012-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Opera Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA40250
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40250/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
RELEASE DATE:
2010-06-24
DISCUSS ADVISORY:
http://secunia.com/advisories/40250/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40250/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities with an unknown impact have been reported in
Opera.
1) A vulnerability is caused due to an unspecified error.
2) Another vulnerability is caused due to an unspecified error.
3) Another vulnerability is caused due to an unspecified error.
4) Another vulnerability is caused due to an unspecified error.
SOLUTION:
Update to version 10.54.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.opera.com/docs/changelogs/windows/1054/
http://www.opera.com/support/kb/view/954/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-1120 | CVE-2010-2666 | Windows and Mac OS X Run on Opera Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. Opera Web Browser is prone to multiple security vulnerabilities.
The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available.
Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Opera Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA40250
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40250/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
RELEASE DATE:
2010-06-24
DISCUSS ADVISORY:
http://secunia.com/advisories/40250/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40250/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40250
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities with an unknown impact have been reported in
Opera.
1) A vulnerability is caused due to an unspecified error.
2) Another vulnerability is caused due to an unspecified error.
3) Another vulnerability is caused due to an unspecified error.
4) Another vulnerability is caused due to an unspecified error.
SOLUTION:
Update to version 10.54.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.opera.com/docs/changelogs/windows/1054/
http://www.opera.com/support/kb/view/954/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-0329 | CVE-2010-1756 | Apple iOS Vulnerabilities that allow users to track users in the settings application |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired.
This may lead to a false sense of security, which may aid in further attacks.
NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad
| VAR-201006-0328 | CVE-2010-1755 | Apple iOS of Safari Remote in Web A vulnerability that allows the server to track users |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. Apple Safari for iOS is prone to a security-bypass vulnerability that allows unauthorized access to cookies.
NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad
| VAR-201006-0327 | CVE-2010-1775 | Apple iOS of Passcode lock arbitrary data access vulnerability |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
41047 Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability
41048 Apple iPhone/iPod touch Prior to iOS 4 Wireless Network Security Weakness
41049 Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability
41051 WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability
41052 Apple iPhone/iPod touch Prior to iOS 4 JPEG File Buffer Overflow Vulnerability
41053 WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability
41054 WebKit Table Handling Remote Code Execution Vulnerability
41065 Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability
41066 Apple iPhone and iPod touch Race Condition Security Bypass Vulnerability
41067 Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability
41068 WebKit User Interface Cross Domain Spoofing Vulnerability. Apple iOS is an operating system developed by Apple Inc. for the iPhone
| VAR-201006-0314 | CVE-2010-1754 | Apple iOS of Vulnerability that can bypass passcode request in passcode lock |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired.
An attacker with physical access to a locked device can exploit this issue to bypass the passcode and access the user's data. Apple iOS is an operating system developed by Apple Inc. for the iPhone. Attackers can use unknown vectors to bypass the login code passcode requirement
| VAR-201006-0330 | CVE-2010-1757 | Apple iOS of WebKit Vulnerabilities in user interface spoofing |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. WebKit is prone to a cross-domain spoofing vulnerability. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201006-0313 | CVE-2010-1753 | Apple iOS of ImageIO Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
41047 Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability
41048 Apple iPhone/iPod touch Prior to iOS 4 Wireless Network Security Weakness
41049 Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability
41051 WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability
41052 Apple iPhone/iPod touch Prior to iOS 4 JPEG File Buffer Overflow Vulnerability
41053 WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability
41054 WebKit Table Handling Remote Code Execution Vulnerability
41065 Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability
41066 Apple iPhone and iPod touch Race Condition Security Bypass Vulnerability
41067 Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability
41068 WebKit User Interface Cross Domain Spoofing Vulnerability.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad
| VAR-201006-0312 | CVE-2010-1752 | Apple iOS of CFNetwork Vulnerable to stack-based buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. Apple iOS and Mac OS X are prone to a stack-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad
| VAR-201006-0311 | CVE-2010-1751 | Apple iOS of Application Sandbox Vulnerability in obtaining location information |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired.
An attacker can exploit this issue to bypass certain security restrictions. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad
| VAR-201006-0352 | CVE-2010-2350 | Ziproxy of PNG Heap-based buffer overflow vulnerability in decoder |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. Ziproxy is a forwarded, non-cached, compressed HTTP proxy server. Ziproxy can compress images into low quality JPEG files or JPEG 2000 and compress (gzip or) HTML and other text-like data. Ziproxy handles partial PNG images with errors that trick users into loading specially constructed PNG images with Ziproxy, which can trigger heap-based buffer overflows. Ziproxy is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Ziproxy PNG Image Processing Vulnerability
SECUNIA ADVISORY ID:
SA40156
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40156/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40156
RELEASE DATE:
2010-06-26
DISCUSS ADVISORY:
http://secunia.com/advisories/40156/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40156/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40156
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Ziproxy, which potentially can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is reported in version 3.1.0.
SOLUTION:
Update to version 3.1.1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://ziproxy.sourceforge.net/
http://ziproxy.cvs.sourceforge.net/viewvc/ziproxy/ziproxy-default/ChangeLog?r1=1.241&r2=1.239
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-0323 | CVE-2010-1769 | Apple iTunes of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. WebKit is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA40196
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40196/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40196
RELEASE DATE:
2010-06-25
DISCUSS ADVISORY:
http://secunia.com/advisories/40196/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40196/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40196
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes.
1) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
This is related to vulnerability #3 in:
SA36096
2) Multiple integer overflows when processing TIFF files can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
For more information:
SA37931
SA40105
4) One unspecified vulnerability with an unknown impact has been
reported in WebKit included in iTunes. No further information is
currently available.
5) Two vulnerabilities in WebKit can be exploited by malicious people
to compromise a user's system.
For more information see vulnerability #14 and 15 in:
SA40257
SOLUTION:
Update to version 9.2.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Chris Evans of the Google Security Team and
Andrzej Dyjak.
2) The vendor credits Kevin Finisterre, digitalmunition.com.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4220
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
| VAR-201006-0104 | CVE-2010-1387 | Apple iTunes of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. This vulnerability CVE-2010-1763 and CVE-2010-1769 Is a different vulnerability.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. WebKit is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
Versions prior to iOS 4 are vulnerable.
This BID is being retired. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA40196
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40196/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40196
RELEASE DATE:
2010-06-25
DISCUSS ADVISORY:
http://secunia.com/advisories/40196/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40196/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40196
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes.
1) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
This is related to vulnerability #3 in:
SA36096
2) Multiple integer overflows when processing TIFF files can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
For more information:
SA37931
SA40105
4) One unspecified vulnerability with an unknown impact has been
reported in WebKit included in iTunes. No further information is
currently available.
5) Two vulnerabilities in WebKit can be exploited by malicious people
to compromise a user's system.
For more information see vulnerability #14 and 15 in:
SA40257
SOLUTION:
Update to version 9.2.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Chris Evans of the Google Security Team and
Andrzej Dyjak.
2) The vendor credits Kevin Finisterre, digitalmunition.com.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4220
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-0283 | CVE-2010-2192 | pmount of policy.c Vulnerable to overwriting arbitrary files |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. Pmount is a mobile device that allows regular users to attach without matching in /etc/fstab. Pmount does not securely create temporary files. Other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2063-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
June 17, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pmount
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-2192
Dan Rosenberg discovered that pmount, a wrapper around the standard mount
program which permits normal users to mount removable devices without a
matching /etc/fstab entry, creates files in /var/lock insecurely.
For the stable distribution (lenny), this problem has been fixed in
version 0.9.18-2+lenny1
For the unstable distribution (sid), this problem has been fixed in
version 0.9.23-1, and will migrate to the testing distribution (squeeze)
shortly.
We recommend that you upgrade your pmount package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz
Size/MD5 checksum: 436009 d04973bde34edac7dd2e50bfe8f10700
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc
Size/MD5 checksum: 1202 d2a121965c3af232694c8df63821d713
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz
Size/MD5 checksum: 8778 96ad2faddf78f80b104a4b9d883507d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb
Size/MD5 checksum: 119610 b8734d5a360b76e0c8dc7e7d97ee2f9d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb
Size/MD5 checksum: 117680 5ef3870410e876fbc7bdd0e092f08eef
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb
Size/MD5 checksum: 100718 b04cb703b30df4605d9d121ee2c89c16
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb
Size/MD5 checksum: 101628 1ecb1c7cc49eda6d31de2165327dac99
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb
Size/MD5 checksum: 113350 189516bd992b63efaa489067cc9f6449
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb
Size/MD5 checksum: 102034 5070f1a0a8a9d617c710bc2820bf65e9
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb
Size/MD5 checksum: 133204 747d5be1ca278b8bac08522d72282923
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb
Size/MD5 checksum: 114712 661bf288a4790a6c99f826a9d23ed584
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb
Size/MD5 checksum: 115204 e5fc95107322fa23317ac413b9d0dac5
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb
Size/MD5 checksum: 124538 684de19e8f8df5ae941849b1b0298e33
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb
Size/MD5 checksum: 116318 a80c45d4dbd5a7fb666f4926e5deac59
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb
Size/MD5 checksum: 102488 96c8d0f14087b1036c70bd500da2b032
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwacTUACgkQNxpp46476apEeACfSjvEfyP9UZu2/MC0Jm852lRD
U3YAnAvDten0Kd7bucSdHv9DyRmqjiih
=W8js
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple packages, Multiple vulnerabilities fixed in 2010
Date: December 11, 2014
Bugs: #159556, #208464, #253822, #259968, #298067, #300375,
#300943, #302478, #307525, #307633, #315235, #316697,
#319719, #320961, #322457, #325507, #326759, #326953,
#329125, #329939, #331421, #332527, #333661
ID: 201412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
This GLSA contains notification of vulnerabilities found in several
Gentoo packages which have been fixed prior to January 1, 2011. The
worst of these vulnerabilities could lead to local privilege escalation
and remote code execution. Please see the package list and CVE
identifiers below for more information.
Background
==========
For more information on the packages listed in this GLSA, please see
their homepage referenced in the ebuild.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-util/insight < 6.7.1-r1 >= 6.7.1-r1
2 dev-perl/perl-tk < 804.028-r2 >= 804.028-r2
3 dev-util/sourcenav < 5.1.4 >= 5.1.4
4 dev-lang/tk < 8.4.18-r1 >= 8.4.18-r1
5 sys-block/partimage < 0.6.8 >= 0.6.8
6 app-antivirus/bitdefender-console
<= 7.1 Vulnerable!
7 net-mail/mlmmj < 1.2.17.1 >= 1.2.17.1
8 sys-apps/acl < 2.2.49 >= 2.2.49
9 x11-apps/xinit < 1.2.0-r4 >= 1.2.0-r4
10 app-arch/gzip < 1.4 >= 1.4
11 app-arch/ncompress < 4.2.4.3 >= 4.2.4.3
12 dev-libs/liblzw < 0.2 >= 0.2
13 media-gfx/splashutils < 1.5.4.3-r3 >= 1.5.4.3-r3
14 sys-devel/m4 < 1.4.14-r1 >= 1.4.14-r1
15 kde-base/kdm < 4.3.5-r1 >= 4.3.5-r1
16 x11-libs/gtk+ < 2.18.7 >= 2.18.7
17 kde-base/kget < 4.3.5-r1 >= 4.3.5-r1
18 app-text/dvipng < 1.13 >= 1.13
19 app-misc/beanstalkd < 1.4.6 >= 1.4.6
20 sys-apps/pmount < 0.9.23 >= 0.9.23
21 sys-auth/pam_krb5 < 4.3 >= 4.3
22 app-text/gv < 3.7.1 >= 3.7.1
23 net-ftp/lftp < 4.0.6 >= 4.0.6
24 www-client/uzbl < 2010.08.05 >= 2010.08.05
25 x11-misc/slim < 1.3.2 >= 1.3.2
26 net-misc/iputils < 20100418 >= 20100418
27 media-tv/dvbstreamer < 1.1-r1 >= 1.1-r1
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
27 affected packages
Description
===========
Vulnerabilities have been discovered in the packages listed below.
Please review the CVE identifiers in the Reference section for details.
* Insight
* Perl Tk Module
* Source-Navigator
* Tk
* Partimage
* Mlmmj
* acl
* Xinit
* gzip
* ncompress
* liblzw
* splashutils
* GNU M4
* KDE Display Manager
* GTK+
* KGet
* dvipng
* Beanstalk
* Policy Mount
* pam_krb5
* GNU gv
* LFTP
* Uzbl
* Slim
* Bitdefender Console
* iputils
* DVBStreamer
Impact
======
A context-dependent attacker may be able to gain escalated privileges,
execute arbitrary code, cause Denial of Service, obtain sensitive
information, or otherwise bypass security restrictions.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All Insight users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1"
All Perl Tk Module users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2"
All Source-Navigator users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4"
All Tk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1"
All Partimage users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8"
All Mlmmj users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1"
All acl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49"
All Xinit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4"
All gzip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4"
All ncompress users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3"
All liblzw users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2"
All splashutils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=media-gfx/splashutils-1.5.4.3-r3"
All GNU M4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1"
All KDE Display Manager users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1"
All GTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7"
All KGet 4.3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1"
All dvipng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13"
All Beanstalk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6"
All Policy Mount users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23"
All pam_krb5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3"
All GNU gv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1"
All LFTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6"
All Uzbl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05"
All Slim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2"
All iputils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418"
All DVBStreamer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1"
Gentoo has discontinued support for Bitdefender Console. We recommend
that users unmerge Bitdefender Console:
# emerge --unmerge "app-antivirus/bitdefender-console"
NOTE: This is a legacy GLSA. Updates for all affected architectures
have been available since 2011. It is likely that your system is
already no longer affected by these issues.
References
==========
[ 1 ] CVE-2006-3005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005
[ 2 ] CVE-2007-2741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741
[ 3 ] CVE-2008-0553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553
[ 4 ] CVE-2008-1382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
[ 5 ] CVE-2008-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907
[ 6 ] CVE-2008-6218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218
[ 7 ] CVE-2008-6661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661
[ 8 ] CVE-2009-0040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040
[ 9 ] CVE-2009-0360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360
[ 10 ] CVE-2009-0361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361
[ 11 ] CVE-2009-0946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946
[ 12 ] CVE-2009-2042
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042
[ 13 ] CVE-2009-2624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624
[ 14 ] CVE-2009-3736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736
[ 15 ] CVE-2009-4029
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029
[ 16 ] CVE-2009-4411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411
[ 17 ] CVE-2009-4896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896
[ 18 ] CVE-2010-0001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001
[ 19 ] CVE-2010-0436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436
[ 20 ] CVE-2010-0732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732
[ 21 ] CVE-2010-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829
[ 22 ] CVE-2010-1000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000
[ 23 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 24 ] CVE-2010-1511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511
[ 25 ] CVE-2010-2056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056
[ 26 ] CVE-2010-2060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060
[ 27 ] CVE-2010-2192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192
[ 28 ] CVE-2010-2251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251
[ 29 ] CVE-2010-2529
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529
[ 30 ] CVE-2010-2809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809
[ 31 ] CVE-2010-2945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201006-0454 | CVE-2010-2432 | CUPS of cupsDoAuthentication Service disruption in functions ( infinite loop ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. CUPS (Common UNIX Printing System) is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected application to fall into an infinite loop, denying service to legitimate users.
Versions prior to CUPS 1.4.4 are vulnerable.
The LZW decompressor in the LWZReadByte function in giftoppm.c in
the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
and earlier, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which
allows remote attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
(CVE-2011-2896).
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896 (CVE-2011-3170).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
451f5c217b5607e6ae8e2c091b7ecc75 2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm
0c7f78718f376f9df426aa4dc1b6f93e 2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm
deefb9a51325690a9f4fe8fe519faf9f 2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm
bdea2daf7c44f8a5250df2d548a9e030 2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm
dd60444ba124fa9c024375b9356848d6 2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm
680ac463439bb2332229a52fb1d8a4c4 2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
557d87c9d241ae39c785c6373dd8b70f 2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm
f68379827c3e1dd18601fff8dd19621f 2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm
5439dfb021e198212a04698d95ddb5f2 2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm
6567d318f829bafaa625262159589806 2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm
17f56ba710371a2297d13880fc7676d7 2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm
8d29304cb6f1bbb89682bf852a2da6ed 2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2010.1:
333f2b8f389a7210be1123ce092bbb8b 2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm
2f753bd61e2726d1099d2dd3d57f2eca 2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm
2d9ae53f0a159618391ef18c94561408 2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm
9fbb242780d33b802667d5babdeff105 2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm
461913f016aa628f81379e1a4e67151b 2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm
3b907ebc975bbf2d700edd64d44e5e79 2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0eb77a9809fcd349c3fa223781f7794e 2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm
e5e69d444efa6344cff81af4278c9755 2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm
6c0a637a71baa5c5a58ce5c4b28d0137 2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm
b34fcde9ed6ef29b76e816f800d11237 2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm
ebc1a568d6dee5bf1d88bdceded2a716 2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm
98f1846e79b75e9e0a3e98b15385d80d 2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
776e12f8d570445f63c0a9437fcddd2e mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad33a9c8115cc83c1008028bcb0e29c7 mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm
21b795c7736553fd6a825598976c866b mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm
c3fd62dd50d3ce0b96ef0b3c2520ff89 mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm
34b4518819bfac3d5ea9d6e925b7945b mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm
5403247140449d963d791c54df419b18 mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7f11915d7803d01df1840d891882e6ba mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
1a364126747bf4f24987c184344c4ec4 mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm
3d728c0528cc1ad0d23b1a511c122f68 mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm
1abee6673d58115557b11c5fded196d2 mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm
dab5b4d9ef8442301b180e21fc003b45 mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm
91955cdd36674dc12ba5bb716c2bee36 mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2176-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cups
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941
Several vulnerabilities have been discovered in the Common UNIX Printing
System:
CVE-2008-5183
A null pointer dereference in RSS job completion notifications
could lead to denial of service.
CVE-2009-3553
It was discovered that incorrect file descriptor handling
could lead to denial of service.
CVE-2010-0540
A cross-site request forgery vulnerability was discovered in
the web interface.
CVE-2010-0542
Incorrect memory management in the filter subsystem could lead
to denial of service.
CVE-2010-1748
Information disclosure in the web interface.
CVE-2010-2431
Emmanuel Bouillon discovered a symlink vulnerability in handling
of cache files.
CVE-2010-2432
Denial of service in the authentication code.
CVE-2010-2941
Incorrect memory management in the IPP code could lead to denial
of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny9.
The stable distribution (squeeze) and the unstable distribution (sid)
had already been fixed prior to the initial Squeeze release.
We recommend that you upgrade your cups packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5
HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx
=j7wC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to execute arbitrary code using specially
crafted streams, IPP requests or files, or cause a Denial of Service
(daemon crash or hang). A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March).
http://secunia.com/company/events/mms_2011/
----------------------------------------------------------------------
TITLE:
Debian update for cups
SECUNIA ADVISORY ID:
SA43521
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43521/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43521
RELEASE DATE:
2011-03-21
DISCUSS ADVISORY:
http://secunia.com/advisories/43521/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43521/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43521
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Debian has issued an update for cups. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site request forgery attacks, disclose potentially
sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
For more information:
SA37364
SA40165
SA41706
SOLUTION:
Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY:
DSA-2176-1:
http://www.debian.org/security/2011/dsa-2176
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201006-0453 | CVE-2010-2431 | CUPS of cupsFileOpen Vulnerability of function overwriting arbitrary files |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. CUPS (Common UNIX Printing System) is prone to a local privilege-escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Versions prior to CUPS 1.4.4 are vulnerable. There is a vulnerability in the cupsFileOpen function of CUPS. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
CUPS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA40165
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40165/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40165
RELEASE DATE:
2010-06-27
DISCUSS ADVISORY:
http://secunia.com/advisories/40165/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40165/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40165
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in CUPS, which can be
exploited by malicious people to conduct cross-site request forgery
attacks, disclose potentially sensitive information, cause a DoS
(Denial of Service), or potentially compromise a vulnerable system.
1) An error due to missing memory allocation checks in the "texttops"
filter can be exploited to cause a heap corruption and potentially
execute arbitrary code.
2) An uninitialised memory access error in the CUPS web interface
when handling form variables can be exploited to disclose potentially
sensitive "cupsd" memory.
3) The CUPS web interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the
requests. This can be exploited to e.g. change CUPS settings when a
logged-in administrative user visits a malicious web site.
SOLUTION:
Update to version 1.4.4.
PROVIDED AND/OR DISCOVERED BY:
1) Apple credts regenrecht.
2) Apple credits Luca Carettoni.
3) Apple credits Adrian "pagvac" Pastor of GNUCITIZEN, and Tim
Starling.
ORIGINAL ADVISORY:
http://cups.org/articles.php?L596
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2176-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cups
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941
Several vulnerabilities have been discovered in the Common UNIX Printing
System:
CVE-2008-5183
A null pointer dereference in RSS job completion notifications
could lead to denial of service.
CVE-2009-3553
It was discovered that incorrect file descriptor handling
could lead to denial of service.
CVE-2010-0540
A cross-site request forgery vulnerability was discovered in
the web interface.
CVE-2010-0542
Incorrect memory management in the filter subsystem could lead
to denial of service.
CVE-2010-1748
Information disclosure in the web interface.
CVE-2010-2431
Emmanuel Bouillon discovered a symlink vulnerability in handling
of cache files.
CVE-2010-2432
Denial of service in the authentication code.
CVE-2010-2941
Incorrect memory management in the IPP code could lead to denial
of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny9.
The stable distribution (squeeze) and the unstable distribution (sid)
had already been fixed prior to the initial Squeeze release.
We recommend that you upgrade your cups packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5
HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx
=j7wC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm
1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm
a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm
130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm
06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm
7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm
4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm
3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm
473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm
6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2010.0:
b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm
9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm
9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm
30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm
d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm
1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm
c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm
8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm
330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm
bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm
cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm
c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm
2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm
f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm
eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm
64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm
3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm
a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm
b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm
d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to execute arbitrary code using specially
crafted streams, IPP requests or files, or cause a Denial of Service
(daemon crash or hang). Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site request forgery attacks, disclose potentially
sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system
| VAR-201006-0053 | CVE-2010-0542 | CUPS of Arbitrary code execution vulnerability in the text filter subsystem |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. CUPS is prone to a NULL-pointer dereference vulnerability.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial-of-service conditions.
CUPS versions prior to 1.4.4 are affected. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. A missing memory allocation failure check in CUPS's texttops filter resulted in a null pointer dereference. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2176-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cups
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941
Several vulnerabilities have been discovered in the Common UNIX Printing
System:
CVE-2008-5183
A null pointer dereference in RSS job completion notifications
could lead to denial of service.
CVE-2009-3553
It was discovered that incorrect file descriptor handling
could lead to denial of service.
CVE-2010-0540
A cross-site request forgery vulnerability was discovered in
the web interface.
CVE-2010-0542
Incorrect memory management in the filter subsystem could lead
to denial of service.
CVE-2010-1748
Information disclosure in the web interface.
CVE-2010-2431
Emmanuel Bouillon discovered a symlink vulnerability in handling
of cache files.
CVE-2010-2432
Denial of service in the authentication code.
CVE-2010-2941
Incorrect memory management in the IPP code could lead to denial
of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny9.
The stable distribution (squeeze) and the unstable distribution (sid)
had already been fixed prior to the initial Squeeze release.
We recommend that you upgrade your cups packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5
HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx
=j7wC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
The web interface in CUPS, reads uninitialized memory during handling
of form variables, which allows context-dependent attackers to obtain
sensitive information from cupsd process memory via unspecified vectors
(CVE-2010-1748).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm
1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm
a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm
130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm
06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm
7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm
4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm
3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm
473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm
6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm
d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2010.0:
b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm
9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm
9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm
30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm
d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm
1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm
c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm
8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm
330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm
bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm
cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm
a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm
c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm
2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm
f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm
eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm
64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm
3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm
a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm
b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm
d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm
e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details. A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March).
http://secunia.com/company/events/mms_2011/
----------------------------------------------------------------------
TITLE:
Debian update for cups
SECUNIA ADVISORY ID:
SA43521
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43521/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43521
RELEASE DATE:
2011-03-21
DISCUSS ADVISORY:
http://secunia.com/advisories/43521/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43521/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43521
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Debian has issued an update for cups. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site request forgery attacks, disclose potentially
sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
ORIGINAL ADVISORY:
DSA-2176-1:
http://www.debian.org/security/2011/dsa-2176
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-952-1 June 21, 2010
cups, cupsys vulnerabilities
CVE-2010-0540, CVE-2010-0542, CVE-2010-1748
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.19
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.11
Ubuntu 9.04:
cups 1.3.9-17ubuntu3.9
Ubuntu 9.10:
cups 1.4.1-5ubuntu2.6
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.2
In general, a standard system update will make all the necessary changes. (CVE-2010-0540)
It was discovered that CUPS did not properly handle memory allocations in
the texttops filter. (CVE-2010-0542)
Luca Carettoni discovered that the CUPS web interface incorrectly handled
form variables. (CVE-2010-1748)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz
Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.dsc
Size/MD5: 1061 177a2f8e4a29a35ea13fd51256f1380f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.19_all.deb
Size/MD5: 998 35bdefd4098d83e84274364d62ee78ae
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 36246 f780e86740e595dc53b1ed5c75b55c13
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 81834 4085edf21acd7cc603465d9cab24197f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 2297664 891a2b5476e05e98e0b821fad88d0daf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 6096 7f361fac37f34a2560226286e3f59cb4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 78160 7a84d018f2ca5b447dc647034759b0e1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 25738 dad628ebfbdc12b32325657781edd0e4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_amd64.deb
Size/MD5: 131420 8cf624425e00972351b02f37d150916e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 34766 84d90801efca2b0330fccea613ce63de
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 77896 158339fe207b732d69201e75cb0f3381
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 2263760 2eca2208b83d962a5c3c5e1fe6d4275f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 6094 36b6a321662416156d7260007a6ca31a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 77288 ad80ca6edfc486db896d9eb779e0f650
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 25744 1d533c0ab57482330ae306a7891ec6ff
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_i386.deb
Size/MD5: 123508 83db482d3738e3ffcc3bfbee0cc33721
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 40476 37b383d15aacfd39dae5300cf032bbd1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 89508 0f77ab8e581be995daab715e3dd7abc3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 2310060 47807a4cd2146d7a209a2a189c2b8cb3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 6100 ea6cc5c9d5f9bed2541300fe56597e78
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 79802 b1a45ff6919450143c754a1ff36e9060
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 25742 1f563fdffe4e8bd058bedf9460e88e4c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_powerpc.deb
Size/MD5: 129252 330ddedb5d53bae2ba5c7752e18fcfa6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 35384 8ed75eb174931274c38d13af2fb7c112
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 78676 ddd3a0a2cb9352db14eb335413b08f46
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 2298378 da734c1436bd698bec5f919f75d28ed5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 6096 e1848071c118342cd2c4bb2cb3ca2ce9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 77080 aacd50b0ac685df76f63d312727604d9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 25752 05b0ee318bdfa19b7de919ed6754b410
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_sparc.deb
Size/MD5: 124994 c16e6c9aaca61f227d1c3940d93002da
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.diff.gz
Size/MD5: 152646 c20cc845d61bec4c777a623bdd3a6043
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.dsc
Size/MD5: 1444 f04fc7976a0a92b58e57ff27631efab0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.11_all.deb
Size/MD5: 1144560 7b4f2abb608fa6c442994caa8c47e110
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 37526 a9d6ecea3143d1335dc31815cf75dbd5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 90076 042ae92e8d94ae9d2482952b2e99df5a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 1890142 14da569119511e5f51b320cfc79506d1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 60796 60488f0471f8c9bc173c03320bb789b2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 50214 47f4d3a00e8f761452a020a09a7384b4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 345354 e963afb3e1275ddf97b68284e40372ea
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_amd64.deb
Size/MD5: 179228 f33a66c1ac3967328f17297b1749b53b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 36950 df31639f3490ff68d09f8029cec8924f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 88546 b9ea8e8c14ed2d0f8ecfe137fdf6454a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 1872422 9b0e8cce7f3ac6f029d1d9722e98a213
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 60092 9e5eb97dd1cebd0229863029e4ca8f78
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 49858 34a9fac10b0722657d2ca8ef56848f8d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 339688 c898e4f9f0dca3101a03dd02111a10f4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_i386.deb
Size/MD5: 176154 6a9ab1e5e19cadb5c7252502fc027de7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 36672 f41063e4a148dc8899ebef34e6cbfb3c
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 88846 4b68211c70b5bb7e656254da22bbd318
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 1874024 d6476f29b2979d242c8ff37d2241a61b
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 60494 320b2a5fdfebf2c40a0710adff97036d
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 50816 3c56d3f411c40dedf3b6436b30b54b9a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 337320 79b5fb2771ca47c968f5abf93b91202c
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_lpia.deb
Size/MD5: 174996 0bcdda8df4f857444adca2943fd3c170
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 46938 ad94ebf4867859a982bb89477eab7ea4
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 110644 a281f4e5aa21d689540f919d5ee3fa5d
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 1958650 0e52cf6cd29c14ff0f2cc3212c552b99
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 59936 4091d328dee9d0deba5661fc5e762f1c
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 54924 4fcf6eb1050a0eeee9854126fee0a79e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 342064 8d4b8d42acc54c66da52949ea44fd553
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_powerpc.deb
Size/MD5: 184954 42c1c793307f1cc4d18d522ae80f0270
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 38036 e62ae6e8d6d291f9ed605c555d158718
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 91032 0eeec008bd95aebc2cf01b29dc21c908
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 1907984 55de2e9030db5aa551bce341684870dc
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 57832 b053dd502dd903723e8d6a77ce0b1c2b
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 48216 1def563a1d36813e430550ff75cf8d5e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 341820 abc71448985875caa6210132ecf46b93
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_sparc.deb
Size/MD5: 174938 f91384db37267deab1639718fe3b8c34
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.diff.gz
Size/MD5: 347764 2955695161c0ce780898d42714dba9c8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.dsc
Size/MD5: 1995 00cc768af9e65ccaaed74d7c4352e86d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 1165952 144fdfb5ea034f6f0efa02c8d36f5667
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61232 dfdb0322c17e7e1b747ba8f9db12a498
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61240 06126e6e2f7caf9e7fd2f124daf3396c
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61226 808e56e373bc060585483194bcfac4a7
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61230 17df573a12aca59fb662736b11cb5a89
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 4518 b33fc896433f2122e19187140ff848bf
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61218 521cc3faadf974588bd059da948ffd46
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.9_all.deb
Size/MD5: 61230 5d435cb91fe17f9603d67ac58cf00ebd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 37304 456a29fc3e6e4a6a12afb28cf070d153
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 119754 3a3546041387ada93c1f834570d0b7db
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 1675558 fd25a667614137c16bfa36e8c4bcf772
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 2178564 f1799dbcec836870692ecaa40b254f8b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 352570 5ac8c911b9b70ba35f4054ae5fff6857
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 178584 8f72778104c3015920601f7d39ec58ca
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 61264 cc1633d90a82496ea55beb87d9e4282a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_amd64.deb
Size/MD5: 52218 ef2c76e51468c29f16868f9b65a1d986
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 36230 3469935b69c38df8cc889905082f6170
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 115268 2c97947d64499af1488d7147aabd1272
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 1533088 e0c1e8945bcf28c325313ecc8675819b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 2144702 03fd75f8698031522c9483663deaddf4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 346396 a89110547944785464731b47fadf5ef9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 175170 470d2d69e5df366ca7d359b86c4693b3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 60498 7a2cb2739132e79a1fa70c0983d6bda0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_i386.deb
Size/MD5: 51542 60e03d1de616cc7d9fd5deccfba7e73f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 36028 95dd554290394bba340e1b9ed0eeca22
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 114518 7cdf8bfff996881b0ff38122507d24f8
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 1562414 99f96dacc52fb8ab31879dc8d917eed3
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 2141504 666f44d2a5057b47b0926b8fbc0ff9ce
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 343356 43f548744343771bfccc97e0965767e5
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 173468 495c1181694e597d3e2ee9b7879f63b4
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 60670 59cb79251da624cf56788a6ebbdd1854
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_lpia.deb
Size/MD5: 52342 8b1039fde9779991586c0861bde5d692
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 43570 1bfc6992664c3dcf9ac9853ab5b6f62f
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 138118 56c93d7803d01c16a39e9fbe917e3a98
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 1649586 223b30bbc9f4d0e25c327eb10bf364ec
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 2266484 6abc3509cdcf34e481d74adb7b939ec2
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 348324 d36b5c40f196d505735fe367a7a2380a
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 183986 555915a89c0a514dcb6e77486a9112ed
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 61310 1c61fe881255b71f6264119f319f24b3
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_powerpc.deb
Size/MD5: 57406 ab4fb5ea4040929b5ec38abad5f38cfb
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 37208 6046757ca4fe9b690247c34fe009b8ea
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 117494 0a21aaee253debec63b21c20dfda20bd
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 1477080 6d03ce62f445559aeac03429e66cf9bb
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 2211336 6ea40676d2b68ab7e75e4e81d79493c5
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 345154 da2107d40cbf1f8575995dddb031ac25
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 170956 d17a5b8ce2609a9a73b8b49af592d31d
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 57854 9978193eaa21591bcbda0103bd2d7420
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_sparc.deb
Size/MD5: 49696 e9933a11538063753748ab7a29ddf48b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.diff.gz
Size/MD5: 430803 9896ab093cf6c3ef71a80e0c37e4b7aa
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.dsc
Size/MD5: 2273 893689e77881954b258ddb7107aa699e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz
Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 1420352 27ce929720fc629fed288754a91ce13b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 69858 388fcac30796d5907253d647b12d7969
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 69822 3cf78e179ad70f3273abfc1263664266
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 69854 97bd4ac6413bb46ab53861a581113f0a
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 69854 b391fa9c83fbf3009e56df2746ab94d2
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 4544 57b5675c9659d18d88a113f55a2176f9
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.6_all.deb
Size/MD5: 69842 7aff9ca2dc796cb3604221265e9b2747
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 36714 b7a8d6d23214b4d0cbc888888a48e335
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 120262 8dfd957d0cc33ffaaf32072079907ee1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 90150 3233d3c9c94c0f262f00f4b71d7a81d5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 1909664 73ed914b62e3c9e04dcaec55b543407d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 210802 f23c0fdafcfd0fad270f8afa3a937c31
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 219530 3c472155e2f3471ddb68a50b6661aa42
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 103906 a77f22491afdfd65c60fe01ba8660673
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 33134 5d3ba0a39217678739e2c7812512d28c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 90504 fe988efeb10d537670c25ad298c58eb7
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 22188 6316c51f52a01de4b3011411db62a5b7
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 61528 5b4718cdfd4387c0d7114f2580c8254b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 53152 4013a5f53425a382b45889fe73f6f3a9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 81518 f81f9bcdd2faf8a7f9ba6fefe4f8cdc2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 15490 e4228a982cf71ae48ee2af86325b45ac
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 143326 b8a0420a543914c8299e340a5723ba1d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 60108 fa27048727ffbbb4e58ba9ee6ccaadeb
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_amd64.deb
Size/MD5: 34522 851e93d20f1315beb56cf357956c5f2a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 35484 3a0b604fdbf0106ca6886eee07968dff
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 115306 688d22b75b84a4b0ef3ed89306f653bf
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 89220 4b4a76a3551a6c934975aa040289a3d4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 1867674 564568d5ec8164e9ee916dc41951d660
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 199732 6617d9b279c98755836e6ce614978924
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 213492 2c15204d6c3c638327b812a76259c33a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 102998 80bcbfadf15cb8f0b578362352fc461f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 32872 2cb6e24ce760d286b1e4ce2e7dc9275c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 90720 5c967305feec17ac2c2715ca3a553263
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 22070 d77fc0c0f4db9f7e907f658be56f9c42
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 60316 88f1d9c994bfc4ac28381aa8ca28585e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 52414 b8598a149d3a8f8b3d0cb79f12633dea
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 81432 e2eba2bb5cd587421404445bf4cb3c36
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 15202 531427f9f7e56220142b4e51233daf01
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 141908 70047df2efe6271a7f0fe81be26e898b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 61440 287af16b51cbf417374964ce1faaa9a0
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_i386.deb
Size/MD5: 32818 67c42e8a46deb780a4ea43679a8f7b1b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 35444 43e9a036f2cb42db2e2894edfef0afda
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 115172 a7a25b4d3d2c988a06dee38802fd2e0b
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 89146 d45d7185a76bd44f3e11a2f52b87f1fd
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 1865278 622d02b7fdcfd8ad0c7ab5e4758dc29c
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 197074 b109e960fb1cfd95ecc65cdcb106bc97
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 212098 185440c848f158c3f1ea8a00096454e6
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 102282 ff45f4229a289f1d3a5eadf0dfa1f6d7
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 32662 51fff11adcbf03ff5c6c4344231f40f4
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 90140 2025394e060c7ac4135fb3197c82e2aa
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 21772 94c88b2f892a3ca17071da2e1d3f57de
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 59952 b6e1c63ff6dcf6fae5ddf41e83bf2b39
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 52580 2733ad91569bb1b7018966ac2316d6b3
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 81372 71e31f4d06b1de5ede2c8186e60292fb
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 15308 f81a0425d623423089f99b429a15e916
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 142212 ec10060804a0e9747a65322cdb456ea0
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 62670 e9f0de51cdf2665eaeb9699f4440d4b3
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_lpia.deb
Size/MD5: 33272 5cb032354f73c1f3b549b9bf4ba034b3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 37002 98296fbdb2c48a660ec17b0c4a4f3c90
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 121666 bba9834fa00e775df09cf0f0488f7f9a
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 89800 d19794e77bb85ad268c3d2bc2bfa1f31
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 1931086 acb1d07a0d0a2dc17fba7683ec52e16b
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 203926 83542c3ef9602299bfb8302ed77290e7
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 224070 6ed170661f54e7fa50f61a69a904ec21
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 103042 8966b98ea957fbb8b92a4678317fddae
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 35072 b1aa40b4d141f00000864f0a87a795f3
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 89920 f1f371d9914166ec1af92bf5706253f0
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 22332 87366d86919da7b07046b73a1b276471
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 60622 d5dfb6d846e1b6f3935071d78da667ba
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 55370 b598355d538a5202a38c1286b8cf9cb8
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 81882 96dca3856de634bbd9596a6fc7afa9c6
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 15792 ada89970388879b889ce3ce23f0786e9
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 141460 54b03efb38851fc77a7c32217d89a838
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 64954 75bb84b2f2aed56705323657a98c94c6
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_powerpc.deb
Size/MD5: 34788 3b21946edb4a3f5b5a53941a97c7902b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 36050 40e9f13fcb68ae0f7b780ddffa930569
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 117802 69758c023939b53c735884c8bb3da729
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 89654 d38e699a47d22475311fbc9f72835462
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 1954398 385300918a21dc44de8f253ee2f28eaf
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 201862 dcf93f4fd26767ca13dd8562244fcf1b
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 211164 700260b08f51811acc2a051b24378125
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 104686 dea3e49233b35c05ceb73d2c6cb377c2
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 32990 05ea0b382be4213b3a5a56cea510f2ef
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 90114 8e30914034d660780c8023500e6ffc3f
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 21388 3924468f70aa5cd4ba7000414fdf0688
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 58154 093eb825804bc6d172335e1a73f9afb6
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 50288 47b1de9dede6755e934512df997031d9
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 80642 f0c36f2b152a9c5834f871a9e3ba534a
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 14382 74976d5c3d9d2e5f84c63b3d95df8dad
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 144596 8c8e872d9a7fc3461cd3295c47c46da4
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 61448 f654d799a55faf5c5bbbc6d111d17e0e
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_sparc.deb
Size/MD5: 33862 426ade2e9fa86473091f0722f60b2e3a
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.diff.gz
Size/MD5: 496671 585b5a839d9ec546a9534330a76c0964
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.dsc
Size/MD5: 2273 167a7ea0e055786fe2e5f74c03b92294
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz
Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 1463434 ab433df67ddd32bf49adbe3e16ba82c4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 73442 8dad2edf6d46f76dcb52db201016947d
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 73402 db5a399abfcb69136bdd86554d1ab636
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 73432 9fb3a058c65da62706a80d9484010eef
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 73438 dab3b5e2ff47294536789a858bb9a3b3
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 4552 e0c4a0047f7ec0268315afaa85caf9b0
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.2_all.deb
Size/MD5: 73424 ced4b61fab69b55277de4b5a29b7017d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 44774 d9e37725367f31858091bdf5b168d881
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 140618 94b07ecdeac71ffd4ccd6417ba744a98
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 93886 7a2163f56c74b490b1c1a3a6c10d0cf4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 1973830 125e1409b54622ebcd8c0557efc004ab
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 212968 d6ab1b998818ba99f18b1e633666c13f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 223550 2c887f725f30a5e1d9aa2c20d6268337
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 107780 ec510ebb54127d6567d5b585321733d4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 33114 5ccf1df923f97a7ab3f0dcb56f9c7294
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 94168 f3fb3af8004fcb81ef04220e6a66d7f2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 22086 cf810510c3b376d69b13f37398aacc1a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 61438 882621ff9d056e9ac830ea5627bc0c93
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 53094 09ed3cb267e2e3b8bcbe208ea7a0ad02
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 85296 3557d7e7ba9cdc196a6040eea6cd7272
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 15444 ea9e1ce52141169dd6c64f2633c195a4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 147096 e85555341ed2031d26c921dc77ed7503
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 59990 9ba72110aead42b48c679562e4b55af0
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_amd64.deb
Size/MD5: 34596 3d41e6ee5ab5bc0abd355c5625c36091
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 43346 6de1a8c71528e1ec1014a5331309e8bd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 135836 9bee4520bf4ca64466a08a51b426088a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 92978 9397ab013a3ee9f18378b30b40d924ce
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 1928108 558ae105b117bd0ba98580b0db10de45
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 202544 8bcf1d8fcafe878a6c3728ea448966e5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 217726 7d8eddc54dc065a4a7d277c908e83f3e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 106934 441cd88aabbaa2a57adb57daebfd13c1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 32950 fe896ca272249efb52cc3325c959b956
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 94304 20dd13df8749e1e3b17053288b768146
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 21780 8c493eed360e1c996dacf20a993a4457
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 60196 8937ce7e76d479a3be672ed8287a7675
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 52268 ca080db4912f21a37e496999506a4e12
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 85238 d9ded4b415c370cff8cf2c1a9c6b403a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 15138 c18676b7afb412704b384d02a9f764a0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 145604 c3f0c1d386de11db2c83b29ce61d747e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 61266 9350be23632e0bb41bacdf493916f1e5
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_i386.deb
Size/MD5: 32894 588a8edd7a8cef5ad2312c6b2a466d41
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 44800 b5b282e36f232b95a4221a19c58e4d80
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 142152 c7959ec969f56a4c8061a9115e3fb9d0
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 93536 31ab6658804a9d5b8e165f7182522792
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 1992826 720559a8b6b13a49cb8de64599dc0d0c
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 206536 c0792eccffa336a078847fc1570f1847
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 228182 7336ad247af6f88cf383738429859a03
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 107032 aa51ce9c4d8b97a4be4c4604c1ece7dd
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 35034 5ad9a33558ab86fe168d1778367f5614
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 93706 46fab84fdbe699e3bf89ac4d7a7a5f21
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 22244 4427366e73d2ed6b756290bbbe89f33e
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 60546 b5561e25ff9d7a625079a4a92b97eeeb
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 55298 7564d5317f23a06dd984e7a011f7d4a3
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 85702 e50cfac0de465610de321b6a247294ad
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 15702 b530dc6e40497cdd17cb2eef7fc86f35
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 145258 3e1d1f46e3a3a978073cb7134660dca8
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 64908 91d9e1374bca739f621f52ff824cb967
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_powerpc.deb
Size/MD5: 34770 300740d181959eaa050dd38e8d7f5b95
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 44076 8e8b983418cfe367c386a581948e62d1
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 140914 b937ab49f26f53b13dbacfa1b1755b5e
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 93224 9b81849a723629db064aada33a669605
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 2042588 76638c4d1cc937a4d3038d6ca56c017c
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 210178 e1f8624cc98825259447a8f3cfccab43
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 220154 d2692b4767b48e7960007762babdfd4d
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 109484 ee657ed269651dad0e97742db63b3fa6
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 33836 49d880a15f6c4c92dc37ef7c9a3e94ed
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 94740 807e344de7057bf78fdbe6d16c8160fe
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 22060 285f1d26a014fcaba9c52a8a204f4a8e
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 59236 f2769fd0e05f40416fafb3b8b4e71fd3
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 51354 0dacc2034f6a772bf1a35c4390bd707b
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 84742 42f204443d66552e20b05f431a37c9b6
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 14596 7bc50be13da6d36c7a8b1ef77ea2c64c
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 150882 f51782127f098c8431b4c08ad9084a08
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 62864 470e0fe33fae056cb349cba8f291552a
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_sparc.deb
Size/MD5: 34536 d7f328a90189cac65cda36e18bac2391