VARIoT IoT vulnerabilities database

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. A local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CVS Delta Fragment Array Indexing Vulnerability SECUNIA ADVISORY ID: SA41079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in version 1.11.23. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41079 SOLUTION: Apply updated packages via the yum utility ("yum update cvs")

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. (DoS) A vulnerability exists that could result in a state or arbitrary code execution.Crafted by a third party IPP Denial of service via request (DoS) state or execute arbitrary code. CUPS server is prone to a remote memory-corruption vulnerability because it fails to properly parse Internet Printing Protocol (IPP) packets. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition. CUPS versions prior to 1.3.7-18 are vulnerable. =========================================================== Ubuntu Security Notice USN-1012-1 November 04, 2010 cups, cupsys vulnerability CVE-2010-2941 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.20 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.12 Ubuntu 9.10: cups 1.4.1-5ubuntu2.7 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.3 Ubuntu 10.10: cups 1.4.4-6ubuntu2.2 In general, a standard system update will make all the necessary changes. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20.diff.gz Size/MD5: 115984 2260cf14fa9eabb70e0638fdf6238954 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20.dsc Size/MD5: 1701 195ad42d104530d991e9f490c6f0988c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.20_all.deb Size/MD5: 994 ead28149a3fe33fd7a3ec85ae883d6bd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 36544 0100c53857242ffbc142fed4f072dab3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 81330 15a675a80658b7cfa824043f3ffa2b21 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 2331706 217ac23c1df603d82d5747e49406d604 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 6092 7ebd90ea139cb0591045c0882b802842 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 78702 9e598e6ae57621e513c52e093a3ee523 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 25812 1ecd40a20df626c644636c4eb798b691 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_amd64.deb Size/MD5: 131558 5bd780d21c8cbcb107cb0831bc565103 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 34764 f4f7e517829d80e26987031a2ee18cd5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 77880 a250b4072d9c800185eee02447d4931e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 2263814 9275a836c4bb87c3ff5c76dd36f40151 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 6092 f30d60fd88470f876953dac745a1f4f1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 77362 4f50fffd90d6948040a1e92f419d954c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 25764 e8dc4e4db38e5a9528db16d54420da4b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_i386.deb Size/MD5: 123644 02d2b0eba02847866df7bb431d5e5f4c powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 40470 5aa3b6945c4ee3c7d5b687647cb65595 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 89496 7ac8ba447d27c1779e110766fa905892 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 2310130 8aa5fdee8a55aff46f22364ec10201bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 6100 86cc8753715cc020278feeb937ad95af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 79892 6925e0081820584e28de636d2eaff567 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 25762 86b14da6fcafad9c94ad2839b4fc775c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_powerpc.deb Size/MD5: 129424 056489bfd38abb2803268703b2f14830 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 35388 69d008101f7643a9902107557ba8f61c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 78688 e12768f2daeed511ffddc2a0e34aa5f8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 2298472 25374e04465cb76eaf0d2e8d435a918c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 6100 d418e76c7dbb31771e8336395f379e36 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 77162 e92ac195932c41517175fc86bcff4a61 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 25776 5aee3f5303231dce5c188c5c120df0c8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.20_sparc.deb Size/MD5: 125072 f1f2f0fe31aea99a5c59be705a317f28 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12.diff.gz Size/MD5: 153391 d100b51a6f4aaa7cee23a27b85e73278 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12.dsc Size/MD5: 2084 4207d04321d67a2494d45335f336bfab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.12_all.deb Size/MD5: 1144586 a0d45e6d111babdae9f753affb3fec8e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 37526 aad91eaf3d344f2398554697b7f88aba http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 90066 0220bd42d1eff4a7ebc4ff835e5c5d62 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 1890160 d86e5d94b0f848be3357274e81edf9d8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 60800 ff353e3042f2fa8f0e84939f050cfcfe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 50222 e542208af5f7a467830e419b626cfef7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 345378 f07c4b029952b7a6642c72b0c8147836 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_amd64.deb Size/MD5: 179260 aa682ea9595bf1d0a2d05056d0891684 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 36944 c48f0b914ac1b894e22d2cc603d9d5d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 88546 97796e3f9b13de442f10e7610760db51 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 1872366 86e3874ba6d76c8bc8cc008b1a20179e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 60088 2c4f2b000fe55507870f2d1ba35a1671 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 49854 7a265c6722a71a777ad6983221c69237 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 339712 1cdbcaba6e3ca72263029e02c4e9a644 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_i386.deb Size/MD5: 176192 48dc7e10c58edac35ab5cd07d80d3ec8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 36662 f3bd3b7be79d8cd3f848ed485ead9f89 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 88854 09246564701d7218582b03b64d1a51b8 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 1874020 836f2a232fd589f90d275710d3235efa http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 60494 6a4ac9b403951b60d152b5fe5632cd9c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 50812 cd0ea5b7ec8a434fb60f16d21c6f05c4 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 337338 6c831c798a722383e513da144a7eb201 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_lpia.deb Size/MD5: 175080 9b68ef482abe42005b2f395d49b92deb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 46926 69ef7fd1961cb78692940413a3b14703 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 110654 6d9a3b20490e0bbfcc8930186f3cb179 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 1958632 59c58ffa6d6a5c9d2052186d8c83dd45 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 59940 bc4e5e81985274129d6be4d9bf4e88c1 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 54928 62a214ab162fbba83fc5e3724e24c268 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 342106 d1039ccae2da1136548519a86618d07e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_powerpc.deb Size/MD5: 185046 da33c5d83912dbdb1def18ae0e8fccca sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 38028 ac6dafd1e364d4e5288f357452cad333 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 91042 36d694b41a118349c573816d52014eea http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 1907954 63d93420d6d4a7dd88e70c4f8a2611fe http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 57828 504f2d11c6a0e4a4ec3918914aaad705 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 48216 c929a0ad18aba9e083b5d9948350fdde http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 341870 552f51c9d77099052f02e463e1ddd786 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.12_sparc.deb Size/MD5: 175040 22bef42fc45647fa782a60adacbb58da Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7.diff.gz Size/MD5: 431562 e0b9944d804c1aff3953fc9dafb8d096 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7.dsc Size/MD5: 2913 43a1c177131b4988112e0383e4973599 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.7_all.deb Size/MD5: 1448128 fc5032bde5ed5135007a3692560c540b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.7_all.deb Size/MD5: 70036 bd99f8fefc1989f1aa911ccb017296eb http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.7_all.deb Size/MD5: 69992 469b7b45dd48ad7043c7119c36ff3a08 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.7_all.deb Size/MD5: 70030 9a40a963777db6e952022c44e5567e13 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.7_all.deb Size/MD5: 70038 82e66988e123170500344160f83c9da8 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.7_all.deb Size/MD5: 4552 bc633c6de278ab369fd11ea560f6a5cd http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.7_all.deb Size/MD5: 70022 7c5964c2937717e3b1594fcf2f5e8efc amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 36802 6ccdde79f9346b460b94fd58f3d085a4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 119120 126ed31ae420a556fa5731b1fae0c2f1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 90236 8fc6d838da43d0d9bf8c005e0d0314c7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 1923346 9ee9498012753aa85e1c5b4cf65b43ee http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 210146 a6fdf1472beb01e0b8ba06151d7fee60 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 219290 6ea7983166dd24f9c9178354185ad8e5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 103908 5eb06c332ee7327e2cf3777074a35715 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 33136 16b50f42d086f2873084baeb274dbe52 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 90504 69d2494b1a8b3b3a08ac3686756b6e95 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 22186 4d244262c26095daea344749ecfc0750 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 61472 0c7a0e7e72f889a318044ac26fa41883 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 53146 86c41ac9f6fb52bc023d7d50c6763df2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 81584 cfa5e895475d89da723d31b9e2bc91ae http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 15484 43c09fdbefed85969f3f6d054430ad2d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 143344 75724699fc6ef3dc024e6a46ae64e149 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 60104 2dc0b769bbbb0e63ecd68141081a3bb1 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_amd64.deb Size/MD5: 34374 8b1f343d3fd80752df58ab617eba2419 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 37286 21c169642cf1b5f83374c31e96830050 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 117050 9a9cf41b1af5da52f27127b68ed3bfe0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 89440 e6ddf27ef78e89267bee1161bff21fcd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 1882242 5bfb3b88fe626622ee7843b66756081e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 200122 90e025459b2b40244469176fd3faf094 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 213344 fc3f43cee2859a0d5dca7a4ad64fe236 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 103168 719c581429133911d299fca40cf31786 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 32886 f4d23719c54775cefb8ef165f3a2b125 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 90904 037a85ef22bf3255f4217b4ed344a3a6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 22052 1ab1001a9de6b5643b1c6ab5d0557ef2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 60308 cd86a721fae0e804e357ea8be15b8d3d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 52416 3dad186c766628012f10da03b4cbdea8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 81608 49be79645ac3a1affd133e8dc53440cc http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 15206 1802f658765b5bd06a47bb5a275af445 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 142068 8ee3ed8c5eb979403723a17c4b227bf1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 61450 ac39821bde93f141da4cf8786456403a http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_i386.deb Size/MD5: 32526 70084580929abb8ad9c4f257096bb712 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 37978 5f4a03698c5dc60020543e02c4fc744d http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 117672 b494b5b52cb80b426008a9f928a41a7d http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 89822 9283b7ca6abeb2253468d913ad6fc334 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 1897494 02556e86cd938e3892bd1851660bcb49 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 195160 646653b357b4dd90cefe4b952e30dcfa http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 205302 af31b0d2fb519a99226b75cc54d0ef11 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 102880 b44083cd6d720d72022eef0311bebece http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 31136 e1b2169d8e706dab0a7643b15ff34063 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 89648 789d5ddf4a6a5669e23be7acb52ce36e http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 21928 7cfe612958e8d2ef3711169b503a4e81 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 52686 1cda15b69f54ec26d04eeea53023e451 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 48162 28cea786ab5a377b1874f5ae4bc6d189 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 80988 5d5dfc2bc5f111b4c0032f0550d55c2a http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 13984 714b0eb833084a7f457e679318cb2898 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 138554 50eef4a06b3e5b74a050bd95f0556f7c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 56110 4b29313354067415452e1e760187bd2b http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_armel.deb Size/MD5: 32832 6a9c80e0ce9eeb8011e95420369dbaa1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 35434 902d95777dd5fc98f3f9f7c38a446602 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 115160 c86250128ac38b19372a976255e5d5fd http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 89260 4e27b67b6ca60aa0c04d9e042bd785c1 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 1865328 ea244b4660a5a6489bfd9f934dd62219 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 197118 cba43bd0bfc6410ffe3351897c4cc09a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 212234 d58e79fabdc8f69dfb9709016b3479ab http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 102368 a53fcae18e1e86337d00305fceb51fc3 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 32670 ebd2bf68935b201520f755f0ecc5db39 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 90228 05600fad0a6cc8a732e2e2cdc13d2298 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 21774 b30240e0da5de6e6d82dd439abaa8e0e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 59958 f85c3e38a6b0a7f536745f6dd58721e6 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 52572 90713089934ea4117421483602696710 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 81456 53f77f6091e1474f6baed9166845b1ba http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 15306 3d067351f9e10ffef1088d9b7681fa91 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 142280 5dfac22d9c8a0ff554bfd1ae99f1afdb http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 62670 7c144c60946d1b787661d0b7ac62b64b http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_lpia.deb Size/MD5: 33266 5a704d19ff0f52a0fcf0ebc553af3758 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 37004 c8d55909847e1b7a9d4c8dec0a851329 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 121658 2829186cb12bcac3406edf2ef49c9cd9 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 89882 2cd5145084a2fad3f5c2f0b666c54e93 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 1931058 6427f23d2f314c6e644cff1e3ab59c56 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 203970 5b0ee44f701db4ae4a384850a125d579 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 224120 6b21e913300af6989a6588affb079e53 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 103124 c08a41f0626eb765927ab68696be4e74 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 35072 582207cc4aff88b082f3cebbfddbf68f http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 90002 c4c86e49d2e130baadca43b07961148e http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 22328 70597bc1f9c1dd07597fad5c900c8e6b http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 60620 7363d34cfc15c325f8677e57939421c2 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 55376 9c8019771957d2a25b7c3161194bc699 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 81966 0ed00d6c8ae67b6ff666a7c2d207221e http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 15798 ab6b9800336598e58b5b26cf0a0bbd23 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 141556 fe7be77dc862fb4ba908cd573b092c46 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 64966 30eea4d79b2ab02ddc55d6e971aca8bd http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_powerpc.deb Size/MD5: 34780 a3eb64f64564877244faf048010d6f1e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 36056 aace49174c745376f17a6b91a5e89dbe http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 117794 6ce05e8aaee7dd6a2e1adb05802cd288 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 89744 85a62cac8fd8572071146fe6f5362035 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 1954414 5b1390bda44d3abc1ef7a49274cdd200 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 201894 b0589a54aa07f2b4801bc9c15cb44815 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 211292 fbc73a736c6763cd6082602c5e81a20a http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 104786 03de1211e6cf72118afa7be89a570bd2 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 32992 f109f25be22ab172c2a1403ac8c6214b http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 90212 4cbcc14e66e2b3436bff7fedd6ce13d7 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 21384 22a06d54fa23d1d2553517e7bff00649 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 58160 70b1d7c9c37982aaa4021797edcaaa3a http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 50284 681bf952147baca7731e0de295386f66 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 80736 8352547bdc17ee25fb560de46ec404d9 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 14386 e584a929f90a8934f3971a5b4a82e85f http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 144684 a111bd52c9988eeb0db9b59fa507a5cc http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 61444 154b65e9ba61832a211a9281f52677f4 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.7_sparc.deb Size/MD5: 33870 b79480aa250bc02fd399c69fc7f9f4b7 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3.diff.gz Size/MD5: 497262 402b8b828f8dac2398f5c7f5fac6e914 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3.dsc Size/MD5: 2913 70cea45f1aea610b3fe7a95cef1b3d28 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.3_all.deb Size/MD5: 1489516 dbb34d911404c74782e537187561e675 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.3_all.deb Size/MD5: 73614 9132a178b2f8abce38f114f95a9a66dc http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.3_all.deb Size/MD5: 73574 8afd8722fc907a914bf5be7f66c0fbaa http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.3_all.deb Size/MD5: 73610 c95a6c706a48607516d1c78f8b036cb1 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.3_all.deb Size/MD5: 73618 ffcdd590135bff148be34b6c2e717184 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.3_all.deb Size/MD5: 4548 052c5af48a76a8d5420419c7534c22f3 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.3_all.deb Size/MD5: 73596 e1ad77992fbcfd6be4de9dc0b9a95391 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 44790 242116e48bf3cc622691101b0277f659 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 140600 54050a2dcea4b8484fcca0f970986e5d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 93976 febaf07a13aefda49fbef667e19f6964 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 1973814 a4a1179e95981ee33f731c0f7275cfe4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 213008 3e1b2f73e006f42f1c0ab9979602797a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 223614 dbe8143413ad9618f7da72d83119309b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 107858 3ca69611fb817298304fef07886de0f6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 33100 fe4d4d21d773f3758b861d12174f8f7f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 94268 0959f088466524a11c8039802852754d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 22084 27054a044a383c678ad2ff53da17cfbb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 61446 055cdfce662880faab429cb476f15194 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 53106 7ef361c3d916a793112dc9e736b2c98a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 85378 6b3c328c4db7790798c7cf034e4e5e83 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 15446 0870a9212a91a998c52b79cea221658b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 147198 423f1e9aec9e7face65983742436171b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 59978 2c3ee0c112d06f14dc4227f04cb04627 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_amd64.deb Size/MD5: 34598 c3026d5b5df66fe6348d1913a03b9eb9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 45142 7ed212c4b4c8792b253c649c77dbd57d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 137536 e727a18f5b0cdf25d3270a04ed669375 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 93332 b9e91cefc925fe4c4a77ce35f3a9d864 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 1942698 8c6c0cc4c614b8c597a7ff2b9c9652dc http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 202960 b9dec04dbcb2fa3379b0495a854b049b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 217496 24351ef3ab6779790cf5d21a3d1710d1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 107088 48a5a5f31fe1e556c8f10371b9fdd7d3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 32960 ebded948a5de9aa7e04936edde92ce2f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 94470 8619c4d74aa99de9331dbafd041f4922 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 21768 b9295c7f8fc0c4259e84eaf01ec5a1e0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 60186 d50e8e03d25e78bd654f27a08ad629b6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 52274 dda10e8a1e2f37dc031cda1db7125cec http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 85408 f1f47a00f8eb742e5d1a81e5b43a4039 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 15132 7a032e31bc8ce62d92f1516d3cf22604 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 145788 250f235fa4f1a25060b08b5e27e4ef50 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 61264 fdad338c274792ff064c7d69d3dec313 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_i386.deb Size/MD5: 32580 2c93034e121df35cf8e8fef2ad317ae2 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 44810 4287d914817d86e9a03e41cb45dbea67 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 135130 12098871418f2d1effa3321da164ae1b http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 93018 372e9cf4ba84de5312459866b969627f http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 1917068 0d1d3d32007d0a7df70fe13d5e2ec014 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 190622 e774b10481d0541cd4ad3efd27ee8888 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 206474 51cc2bdbd7b5e8845dc1f93ab0550e9b http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 104474 c6d24643f9650ab5c82e20f83b838a37 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 30556 453856f1d44216cfc630ebd682303322 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 92276 e6d13799a791aa41ce3e2636980e592b http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 21278 e25b7341b9296913bd8ee837bcd82722 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 49716 f42838ac884d02678655ba186620022f http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 45240 56b42c628c5722bb103bfdaf554b4a79 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 83698 382269c8be922fb2c26ff045758002de http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 13836 f0f89c1bf0c2d3f7698c25766bf33771 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 139954 0e56338cfb6a130752f92d8306d64483 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 55464 2befcb0d74eb142d07a7e2ecb4546c14 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_armel.deb Size/MD5: 32974 0814021800f0e632f7b0b32b09996d07 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 44790 160eac0bd8a5a62314bd5be93f913782 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 142142 3059d78dd4e0cfc29292701cddeb5e34 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 93624 92cb289ff245d4455015d37f7e8500f6 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 1992798 a92d8fb1cc26dba20de0ef258a693392 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 206576 f3cde7c696d74d6329714f59dff6f3e9 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 228250 308837f01bf40036e91ddb7ed9b3485b http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 107108 c4374b4630da1f5e90cf061b763e3295 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 35028 2faef8178ef95971f9673ea25c290b3a http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 93790 28cdcd4d61d02d2d5eeb6822d7f917ab http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 22236 3ac091a89390ca3dbaa68d2443421ce5 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 60540 4f747b5f9b7220d506e78bd1dd8cc9e2 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 55300 263334c0c5169f2e5853a3158ed70084 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 85776 dd37c83db8830f9a81c8c5dd0327bf55 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 15708 60fd9a8032bc65aa11684f5df354bb03 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 145332 d24ad815c54875e76de513977285ba7b http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 64910 bcc74ea69a17fa2962eda3a9ad5512fe http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_powerpc.deb Size/MD5: 34774 39a3f1687db91032805c901284671941 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 44076 76c042fffb05ef0033819d8027d16d3b http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 140910 bb7ade567adb71b081fcf0926adfdb81 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 93306 74f17ac1c60e1687af57410ad552e9b5 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 2042536 4d02d83f10d49161de54e18441f3f4c7 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 210220 ca1199b2d2d926cf128ee8108ffa9152 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 220236 6a64e0abf994f10586d64a936430feb5 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 109564 8eb2ea7f36786bb19cdfa66f8810ece0 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 33838 64e772e9227cff9541f36d1f5013d3a5 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 94826 8dfe44749b7550946e7e221533040193 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 22048 9726a58f77d295194204628b4c12ab8a http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 59228 1fae603eaac97fd6079a2283dc941927 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 51356 ad13c6256b1a9002ea5775b8af9a904a http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 84828 d3c8b74968077c15c457819fd4aaeab9 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 14588 4d0b83a66a8c14a198b584ab57bc9f87 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 150982 7fae9f3e041bb685fbd9f3d0f4a01d46 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 62860 1e68d3736998f7bc15ac4590105327cd http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.3_sparc.deb Size/MD5: 34528 8f0a5a9acf6473eca3a63d917a763322 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2.diff.gz Size/MD5: 495635 73fb08d938763db6da0f3b42ff644958 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2.dsc Size/MD5: 2839 97d1e62017c70005246fee2d5e017df8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4.orig.tar.gz Size/MD5: 5384595 537d1cf3f1da6e41d7d7402b264ebffc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.4-6ubuntu2.2_all.deb Size/MD5: 1341676 ce0f9f35ebc3d604c79bb886c1a7aced http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.4-6ubuntu2.2_all.deb Size/MD5: 76408 fc61e3af37a0f80a7a46964dd7e26feb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 44264 142d5fafa4b5a00ca952c31c3b9e1656 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 135544 12d15cb1768076d24ff265dab2345fa3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 97190 81f6206c1d355db2c2dfe26dbb666490 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 1975102 28b7000fc39385092fcc7f996d7d394c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 222624 bce72a79fb5e319039be1ab74a9b7e72 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 231892 f9d2b151e00be8c922b73bb5be334ab3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 110782 7a18dbc64f8a2f9eaad3f41d372aa2d8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 32636 910d06798100e2644ccb187f0c293ebb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 97278 7b4fc6c1762af750ff7ff9963cc30947 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 21932 fa4e2cc52a21a418cfd71a3821013156 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 61232 3e7220a9231c75ca921b7b753a219666 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 52406 536630b4dd36426ac1467e101d6e5b2a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 88474 e809bd9440142c134aa0a32ed1180e72 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 15280 bfc811b7d99615c885332d78e3931cb5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 150044 85a66060e7130b8b9cdc1160cf66a7cb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 59304 2ee7b50ae995f1566b2bc5dc32d2ade6 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_amd64.deb Size/MD5: 33994 b06bb215b6efcbd87f72579c8ab06edd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 42808 6ca99071a0e5db8db8afda1d57d501d6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 131672 42a732d03606b61e206c6fb66fdf4e23 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 96308 a2af26576a082cfaf38557aa1a27070f http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 1913984 24c777ce3787e4561a03af0acbf019f4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 211736 211779c9213503647d776f788c5b3580 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 226140 44367d2d74bd739e25f983685daff823 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 109998 0870942036e53f45529ccf1dca806589 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 32348 be93efacc44da73f922c6382d35ac209 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 97520 ed3c79fcd54f7623e53b6f90bcf6a687 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 21674 c06ea4a45f9f57333c31616813ef44d1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 59976 2535b265c1e982600f5c2eb09698eb8a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 51362 2462a012518bbba128e2d96bf553161f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 88434 d65bdc567e5c779e293a5c557c25f78e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 14982 74d2226e302531e22fc6922e1603e2a2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 148776 e1782e56fcfb81bf87aaff80b5a87069 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 60444 719b73f78ba0bc49c30c0e3534ba31ec http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_i386.deb Size/MD5: 32462 93d11d79b618711734a4c3679d9ffaea armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 44708 8790566e1b8bb099036d7ad01a9c6104 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 134932 f4c3e55e993e2b4c13dfc3818414d9ee http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 96548 4f6e9c6cb1f03caad79d2c62921c5298 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 1975062 8bce00da39e276c63c207a3aa74d0ade http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 211688 59d9cb4df82c25b95fe82a7b20aa4f5d http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 225548 bacb40fff23ea63de11ab9e2c651141b http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 108856 3590dfbf3a529ea7d2fe324316998f7d http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 31306 b3a5311b60acc22103842aa2abfaa253 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 103134 4dd02a625b228274ce00c5f9c4239270 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 28978 a8c9c37ae5576d0036811a3a513b6722 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 61004 e2d51f30b9805b9c76bbd66f6e51bf63 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 56536 ae93dc61f7a751a74ccb5b5ed5f7c226 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 89286 c7774932ca0edf857d747b880c335efe http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 16072 bcaa02010da1479a5f596befe77ccc60 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 145102 79ca8c190590dcb7fdf80d9b578b659b http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 57000 e1cdf28e431211c7b0fd23e51fcb4d8c http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_armel.deb Size/MD5: 32924 17bd991d66e4c508083b956fec55f73a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 44308 50612b5e973bf3393d641461cfd2a2d8 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 137932 fd46aff9f2f2eb954805d8162b5d313d http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 96882 b2628fa8fb21bbf91851fae15fe29130 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 1981964 abae78a84d4960ee4b69527c8bc93e48 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 215568 b52ba3713e6265a0908e0a78949bf062 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 237790 d292fa19017aa7b1c91eb8076ddd0778 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 110090 2fcfe3b7b8fe9c921359b3588796e982 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 34570 c16f0adb9dcf1fca4bbc62413259e188 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 96944 6d145792e1f3d5ea54b2bc114c68d9ca http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 22144 07ed1b6ce46129225c271cd9228a5929 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 60254 c2955489f46611df5f472a55b0011b7c http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 54612 e4495862aa42294d9f60b98b2910b2a8 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 88876 632d8c21f2b891dae8335d2c1e961fb3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 15532 9859929d04a9de022607d13e5631ed93 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 148410 27d0545832adc4f831684c5ffd8246b7 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 64006 db8c213b69c0a94c9bea4ce9c5f08777 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.4-6ubuntu2.2_powerpc.deb Size/MD5: 34312 0b47a66e7d3150ec0eed2fb4b66cb008 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA42009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42009 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40165 SA41706 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0811: https://rhn.redhat.com/errata/RHSA-2010-0811.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Adobe Flash Contains a vulnerability that allows arbitrary code execution. Adobe Flash Contains a memory corruption vulnerability that could allow arbitrary code execution. Attack activity using this vulnerability has been confirmed.Crafted Flash By browsing a document with embedded content, arbitrary code may be executed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201101-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: January 21, 2011 Bugs: #336508, #343091 ID: 201101-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.4.1 >= 9.4.1 Description =========== Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1" References ========== [ 1 ] APSB10-21 http://www.adobe.com/support/security/bulletins/apsb10-21.html [ 2 ] APSB10-28 http://www.adobe.com/support/security/bulletins/apsb10-28.html [ 3 ] CVE-2010-2883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883 [ 4 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 5 ] CVE-2010-2887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887 [ 6 ] CVE-2010-2889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889 [ 7 ] CVE-2010-2890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890 [ 8 ] CVE-2010-3619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619 [ 9 ] CVE-2010-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620 [ 10 ] CVE-2010-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621 [ 11 ] CVE-2010-3622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622 [ 12 ] CVE-2010-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625 [ 13 ] CVE-2010-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626 [ 14 ] CVE-2010-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627 [ 15 ] CVE-2010-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628 [ 16 ] CVE-2010-3629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629 [ 17 ] CVE-2010-3630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630 [ 18 ] CVE-2010-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632 [ 19 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 20 ] CVE-2010-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656 [ 21 ] CVE-2010-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657 [ 22 ] CVE-2010-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658 [ 23 ] CVE-2010-4091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201101-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. Cisco CiscoWorks Common Services is prone to a buffer-overflow vulnerability because it fails to properly bounds check user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. CiscoWorks Common Services versions prior to 3.0.5, and versions 4.0 and later are not affected. This issue is tracked by Cisco bug id CSCti41352. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42011 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a buffer overflow via a specially crafted packet sent to certain TCP ports (e.g. 443 or 1741). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Mitigations that limit the attack surface of this vulnerability are available. Administrators can check version details and licensing information about CiscoWorks Common Services by clicking the About button located in the top right corner of the CiscoWorks home page. The following CiscoWorks products with the default Common Services installed are affected by this vulnerability, due to their underlying Common Services version: +-------------------------------------------------------------------+ | | | Common | | Product | Product Version | Services | | | | Version | |-------------------------------+------------------+----------------| | Cisco Unified Operations | 2.0.1 | 3.0.5 | | Manager | | | |-------------------------------+------------------+----------------| | Cisco Unified Operations | 2.0.2 | 3.0.5 | | Manager | | | |-------------------------------+------------------+----------------| | Cisco Unified Operations | 2.0.3 | 3.0.5 | | Manager | | | |-------------------------------+------------------+----------------| | Cisco Unified Service Monitor | 2.0.1 | 3.0.5 | |-------------------------------+------------------+----------------| | CiscoWorks QoS Policy Manager | 4.0, 4.0.1, and | 3.0.5 | | | 4.0.2 | | |-------------------------------+------------------+----------------| | CiscoWorks LAN Management | 2.6 Update | 3.0.5 | | Solution | | | |-------------------------------+------------------+----------------| | CiscoWorks LAN Management | 3.0 | 3.1 | | Solution | | | |-------------------------------+------------------+----------------| | CiscoWorks LAN Management | 3.0 (December | 3.1.1 | | Solution | 2007 Update) | | |-------------------------------+------------------+----------------| | CiscoWorks LAN Management | 3.2 | 3.3.0 | | Solution | | | |-------------------------------+------------------+----------------| | Cisco Security Manager | 3.0.2 | 3.0.5 | |-------------------------------+------------------+----------------| | Cisco Security Manager | 3.1 and 3.1.1 | 3.0.5 | |-------------------------------+------------------+----------------| | Cisco Security Manager | 3.2 | 3.1 | |-------------------------------+------------------+----------------| | Cisco TelePresence Readiness | 1.0 | 3.0.5 | | Assessment Manager | | | +-------------------------------------------------------------------+ Note: CiscoWorks products could be vulnerable if their underlying Common Services versions were upgraded to a vulnerable version. The following CiscoWorks products with the default Common Services installed are not affected by this vulnerability, due to their underlying Common Services version: +-------------------------------------------------------------------+ | Product | Product | Common Services | | | Version | Version | |-----------------------------------+------------+------------------| | CiscoWorks IP Communications | 1.0 | 3.0 SP1 | | Operations Manager | | | |-----------------------------------+------------+------------------| | CiscoWorks IP Communications | 1.0 | 3.0 SP1 | | Service Monitor | | | |-----------------------------------+------------+------------------| | Cisco Unified Operations Manager | 1.1 | 3.0.3 | |-----------------------------------+------------+------------------| | Cisco Unified Operations Manager | 2.0 | 3.0.3 | |-----------------------------------+------------+------------------| | Cisco Unified Service Monitor | 1.1 | 3.0.3 | |-----------------------------------+------------+------------------| | Cisco Unified Service Monitor | 2.0 | 3.0.4 | |-----------------------------------+------------+------------------| | CiscoWorks LAN Management | 2.5, | 3.0.3 | | Solution | 2.5.1, 2.6 | | |-----------------------------------+------------+------------------| | CiscoWorks LAN Management | 4.0 | 4.0 | | Solution | | | |-----------------------------------+------------+------------------| | Cisco Security Manager | 3.0 | 3.0.3 | |-----------------------------------+------------+------------------| | Cisco Security Manager | 3.0.1 | 3.0.4 | +-------------------------------------------------------------------+ No other Cisco products are currently known to be affected by this vulnerability. Details ======= CiscoWorks Common Services is a set of management services that are shared by network management applications in a CiscoWorks solution set. CiscoWorks Common Services provides the foundation for CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, security protocols, and navigation. It creates a standard user experience for all management functions. It also provides the common framework for all basic system level operations such as installation, data management (including backup-restoration and importing-exporting), event and message handling, job and process management, and software updates. The vulnerability could be exploited over TCP port 443 or 1741. Note: The default HTTP and HTTPS ports can be reconfigured on the server. The vulnerability affects both CiscoWorks Common Services for Oracle Solaris and Microsoft Windows. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-3036. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Cisco Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCti41352 - CiscoWorks Common Services Arbitrary Code Execution Vulnerability CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on the CiscoWorks server machine with the privileges of the system administrator. Software Versions and Fixes =========================== Cisco has released free software updates that address this vulnerability. Prior to deploying software updates, customers should consult their maintenance provider or check the software for featureset compatibility and known issues specific to their environment. This vulnerability has been resolved in CiscoWorks Common Services version 4.0 and in the following software patches: cwcs33-sol-CSCti41352.tar - for Oracle Solaris versions cwcs33-win-CSCti41352.zip - for Microsoft Windows versions These CiscoWorks Common Services patches can be downloaded from: http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=268439477 and navigating through the tree to "Routing and Switching Management > CiscoWorks LAN Management Solution Products > CiscoWorks Common Services Software > CiscoWorks Common Services Software 3.3" and then the choice of Solaris or Windows, depending on your operating system. When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== Filters such as transit access control lists (tACLs) can be used to allow access to the Administration Workstation only from trusted hosts. This mitigation limits the attack surface of the vulnerability. Filters that deny HTTPS packets using TCP port 443 and TCP port 1741 should be deployed throughout the network as part of a tACL policy to protect the network from traffic that enters at ingress access points. This policy should be configured to protect the network device where the filter is applied and other devices that are behind it. Filters for HTTPS packets that use TCP port 443 and TCP port 1741 should also be deployed in front of vulnerable network devices so that only traffic from a trusted client is allowed. Note: Additional information about tACLs is available in "Transit Access Control Lists: Filtering at Your Edge" at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: http://www.cisco.com/warp/public/707/cisco-amb-20101027-cs.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered while handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-October-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iFcDBQFMyDxIQXnnBKKRMNARCC+eAPwODq6zszCdkojQrJJmnycxMjFmlSHbdDB7 oNcMZgDOJQD+Kst+BQ9Lf1FopOdvkSfZutGixzb1pUhCkqJ0MFRx1e4= =jkSs -----END PGP SIGNATURE-----

The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the “xStatus SystemUnit” command. Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the “system info” menu option. The version number is displayed after the “Software Version” label in the System Info box. Alternatively the software version can be determined from the device's application programmer interface using the “xStatus SystemUnit” command. The software version running on the codec is displayed after the “SystemUnit Software Version” label. The output from “xStatus SystemUnit” will display a result similar to the following:” xStatus SystemUnit * *s SystemUnit ProductType: “Cisco TelePresence Codec” *s SystemUnit ProductId: “Cisco TelePresence Codec C90” *s SystemUnit ProductPlatform: “C90” *s SystemUnit Uptime: 597095 *s SystemUnit Software Application: “Endpoint” *s SystemUnit Software Version: “TC4.0” *s SystemUnit Software Name: “s52000” *s SystemUnit Software ReleaseDate: “2010-11-01” *s SystemUnit Software MaxVideoCalls: 3 *s SystemUnit Software MaxAudioCalls: 4 *s SystemUnit Software ReleaseKey: “true” *s SystemUnit Software OptionKeys NaturalPresenter: “true” *s SystemUnit Software OptionKeys MultiSite: “true” *s SystemUnit Software OptionKeys PremiumResolution: “true” *s SystemUnit Hardware Module SerialNumber: “B1AD25A00003” *s SystemUnit Hardware Module Identifier: “0” *s SystemUnit Hardware MainBoard SerialNumber: “PH0497201” *s SystemUnit Hardware MainBoard Identifier: “101401-3 [04]“ *s SystemUnit Hardware VideoBoard SerialNumber: “PH0497874” *s SystemUnit Hardware VideoBoard Identifier: “101560-1 [02]“ *s SystemUnit Hardware AudioBoard SerialNumber: “N/A” *s SystemUnit Hardware AudioBoard Identifier: ”“ *s SystemUnit Hardware BootSoftware: “U-Boot 2009.03-65” *s SystemUnit State System: Initialized *s SystemUnit State MaxNumberOfCalls: 3 *s SystemUnit State MaxNumberOfActiveCalls: 3 *s SystemUnit State NumberOfActiveCalls: 1 *s SystemUnit State NumberOfSuspendedCalls: 0 *s SystemUnit State NumberOfInProgressCalls: 0 *s SystemUnit State Subsystem Application: Initialized *s SystemUnit ContactInfo: “helpdesk@company.com” ** endA third party who has access to the product may gain administrator privileges. Cisco's multiple TANDBERG products have security vulnerabilities that allow local malicious users to gain control of the product. Determine the version of Tandberg. An attacker can exploit this issue to gain unauthorized root access to the affected devices. Successful exploits will result in the complete compromise of the affected device. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TANDBERG Products Root Default Password Security Issue SECUNIA ADVISORY ID: SA43158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43158 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple TANDBERG products, which can be exploited by malicious people to compromise a vulnerable system. PROVIDED AND/OR DISCOVERED BY: Reported by xorcist in an article of the 2600 magazine (volume 27, #3). ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml. Details ======= Tandberg devices are part of the Cisco TelePresence Systems that provide Cisco TelePresence endpoints for immersive environments, conference rooms, individual desktops and home offices. These devices contain a root user that is enabled for advanced debugging that is unnecessary during normal operations. The root account is not the same as the admin and user accounts. The default configuration prior to TC 4.0.0 does not set a password for the root user. When a device is upgraded to TC 4.0.0, the root user is disabled. This vulnerability has been assigned the CVE ID CVE-2011-0354. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * Root account enabled by default with no password CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may allow an unauthorized user to modify the application configuration and the operating system settings or gain complete administrative control of the device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== The root user is disabled in the default configuration starting in the TC4.0.0 software version. To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user. The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]". To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user. The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]". The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command "xCommand SystemUnit AdminPassword Set Password: [password]. The password for the root account is the same as the administrator password. The administrator password is set with the command "xCommand SystemUnit AdminPassword Set Password: [password]". Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== This vulnerability has been discussed in the article "Hacking and Securing the Tandberg C20" published in Volume 27, Number 3 of the 2600 Magazine. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2011-Feb-02 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- All contents are Copyright 2011-2007 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Feb 02, 2011 Document ID: 112247 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iF4EAREIAAYFAk1JjBQACgkQQXnnBKKRMNDwoAD/drZn3b3jiAKxHxsn8YUdNzOu KgtSit4dAjrrKx41AXkA/29dkXOf0nZu4y00cBHOGhKMkyj5DAZrkT6aqyvgnZmA =4vVm -----END PGP SIGNATURE-----

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Operations Orchestration is an operation and maintenance manual automation platform that automates the transformation and deployment of client devices and data center infrastructure. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to HP Operations Orchestration 9.0 are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Operations Orchestration Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Operations Orchestration, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being returned to the user. SOLUTION: Upgrade to version 9.0 (contact HP Support for update information). PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Schratt, WienIT. ORIGINAL ADVISORY: HPSBMA02588 SSRT100001: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02541822 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. Apple iPhone is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can exploit this issue to bypass the passcode and make calls to numbers in the address book. The following iOS are vulnerable: iOS version 4.2 beta iOS version 4.1 iOS version 4.0

The Netgear CG3000/CG3100 Cable Gateway is a wired gateway device. The Netgear CG3000/CG3100 Cable Gateway has multiple security vulnerabilities that allow an attacker to escalate privileges or perform denial of service. Access rights are handled incorrectly, allowing the logged in user to load the interface of the \"NETGEAR_SE\" user. The device does not verify the SSH passwords for the \"NETGEAR_SE\" and \"MSO\" users, providing a blank password to bypass the authentication access device. There is an error in the print server. Submitting a special message to the TCP 1024 or 9100 port can cause the device to reset.

Microsoft Windows Mobile is prone to a denial-of-service vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this issue to crash a device running Windows Mobile, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. Windows Mobile versions 6.1 and 6.5 are vulnerable; other versions may also be affected.

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. Pyftpdlib (Python FTP server library) provides an advanced portable programming interface for implementing asynchronous FTP server functions. An input validation vulnerability exists in the ftp_QUIT function in the ftpserver.py file in versions prior to pyftpdlib 0.5.0

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. Pyftpdlib (Python FTP server library) provides an advanced portable programming interface for implementing asynchronous FTP server functions

Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) wbtrv32.dll Or (2) w3btrv7.dll It may be possible to get permission through the file. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Phoenix Project Manager Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Phoenix Project Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wbtrv32.dll and w3btrv7.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PPX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.1.0.8. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/phoenix-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. Moxa is committed to the development and manufacture of information networking products, providing customers with cost-effective and stable serial communication solutions, serial device networking solutions, and industrial Ethernet solutions. Failed exploit attempts will result in a denial-of-service condition. Moxa ActiveX SDK 2.2.0.5 is vulnerable; other versions may also be affected

Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense).". Symantec Norton Antivirus 2011 is prone to a security-bypass vulnerability that may allow an attacker to bypass virus scans. Successful exploits will allow attackers to bypass virus scanning, possibly allowing malicious files to escape detection

Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests. RealFlex RealWin HMI service (912/tcp) Contains multiple stack buffer overflow vulnerabilities. RealFlex RealWin HMI service (912/tcp) Contains two stack buffer overflow vulnerabilities. The first one is, SCPC_INITIALIZE() and SCPC_INITIALIZE_RF() In the function sprintf() Use, the second is SCPC_TXTEVENT() In the function strcpy() Due to the use of each.RealFlex RealWin HMI Service disruption by a third party with access to the service (DoS) An attacker may be attacked or execute arbitrary code. RealWin is a data acquisition and monitoring control system (SCADA) server product running on the Windows platform. - A boundary error occurred while processing the \"SCPC_INITIALIZE\" and \"SCPC_INITIALIZE_RF\" messages. Sending a specially constructed message to the TCP 912 port triggered a stack-based buffer overflow. - Handling \"SCPC_TXTEVENT\" messages with boundary errors, sending specially constructed messages to the TCP 912 port can trigger a stack-based buffer overflow. Failed exploit attempts will cause a denial-of-service condition. DATAC RealWin versions 2.0 and prior are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealWin Packet Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in RealWin, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are confirmed in RealWin 2.1 Build 6.1.8.10. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/realwin_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. Openconnect is prone to a denial-of-service vulnerability. OpenConnect is an open client for Cisco AnyConnect VPN. An unspecified vulnerability exists in versions prior to OpenConnect 2.23

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. is prone to a local security vulnerability. Cisco Secure Desktop (CSD) is an endpoint security solution that integrates firewall, access control, intrusion prevention, and application control

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. Attackers can exploit this issue to overwrite arbitrary files with root privileges. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco AnyConnect VPN Client Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in versions prior to 2.3 running on Linux and Mac. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: Reported in the description of the OpenConnect client. ORIGINAL ADVISORY: http://www.infradead.org/openconnect.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: * display a fraudulent web page over a legitimate web page * steal cookies stored in browser * place arbitrary cookies into browserA remote attacker could display a fraudulent web page over a legitimate one, steal cookies stored in browser or place arbitrary cookies into browser.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JobServer.exe process which listens by default on several TCP ports above 1024. When parsing a GIOP request, the process trusts a user-supplied 32-bit value and allocates a buffer on the heap. The process then proceeds to copy the string following this value from the packet until it finds a NULL byte. By crafting a specifically sized packet a remote attacker can overflow the buffer and gain code execution under the context of the SYSTEM user. SAP Crystal Reports is a powerful, dynamic, and actionable reporting solution that helps you design, navigate, and visualize report presentations, and deliver reports online or by embedding reports into enterprise applications. Failed exploit attempts will likely crash the application. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Two Vulnerabilities SECUNIA ADVISORY ID: SA41683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SAP Crystal Reports, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within CMS.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. 2) A boundary error within JobServer.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SAP: https://websmp130.sap-ag.de/sap/support/notes/1509604 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-195/ http://www.zerodayinitiative.com/advisories/ZDI-10-196/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: SAP states: A solution was provided via SAP note 1509604 (https://websmp130.sap-ag.de/sap/support/notes/1509604) -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi