VARIoT IoT vulnerabilities database
| VAR-200803-0332 | CVE-2008-1160 | ZyXEL ZyWALL Privilege Acquisition Vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra daemon processes. The device fails to change the default password when a legitimate user sets a new password.
Attackers can use this default password to gain unauthorized access to the device. By gaining administrative access to Quagga or Zebra, an attacker can modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. The attacker may also be able to exploit latent vulnerabilities in the daemon itself.
ZyWALL 1050 is vulnerable; other devices may also be affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
ZyXEL ZyWALL 1050 Undocumented Account Security Issue
SECUNIA ADVISORY ID:
SA29237
VERIFY ADVISORY:
http://secunia.com/advisories/29237/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
ZyXEL ZyWALL Series
http://secunia.com/product/147/
DESCRIPTION:
Pranav Joshi has reported a security issue in ZyXEL ZyWALL 1050,
which can be exploited by malicious people to bypass certain security
restrictions. This can be
exploited to gain access to the quagga daemon (TCP ports 2601, 2602,
and 2604) and e.g. view and manipulate routing information.
The security issue is reported in ZyXEL ZyWALL 1050.
SOLUTION:
Restrict network access to the affected services.
PROVIDED AND/OR DISCOVERED BY:
Pranav Joshi
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0282 | CVE-2008-0307 | SAP MaxDB of vserver Integer sign error vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. SAP MaxDB is prone to a heap-based memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.
This issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
MaxDB Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29312
VERIFY ADVISORY:
http://secunia.com/advisories/29312/
CRITICAL:
Highly critical
IMPACT:
Privilege escalation, System access
WHERE:
>From remote
SOFTWARE:
MaxDB 7.x
http://secunia.com/product/4012/
DESCRIPTION:
Some vulnerabilities have been reported in MaxDB, which can be
exploited by malicious, local users to gain escalated privileges, and
by malicious people to potentially compromise a vulnerable system.
2) An error exists within the "sdbstarter" program when handling
environment variables.
Successful exploitation requires that the attacker is a member of the
"sdba" group.
PROVIDED AND/OR DISCOVERED BY:
An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY:
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. iDefense Security Advisory 03.10.08
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 10, 2008
I. BACKGROUND
SAP's MaxDB is a database software product. MaxDB was released as open
source from version 7.5 up to version 7.6.00. Later versions are no
longer open source but are available for download from the SAP SDN
website (sdn.sap.com) as a community edition with free community
support for public use beyond the scope of SAP applications. The
"vserver" program is responsible for accepting and handling
communication with remote database clients. For more information, visit
the product's website at the following URL.
https://www.sdn.sap.com/irj/sdn/maxdb
II.
After accepting a connection, the "vserver" process forks and reads
parameters from the client into various structures. When doing so, it
trusts values sent from the client to be valid. By sending a specially
crafted request, an attacker can cause heap corruption. This leads to a
potentially exploitable memory corruption condition.
III. In order to exploit this vulnerability, an
attacker must be able to establish a TCP session on port 7210 with the
target host. Additionally, the attacker must know the name of an active
database on the server.
Since this service uses the fork() system call once a connection has
been accepted, an attacker can repeatedly attempt to exploit this
vulnerability. Some exploitation attempts may result in the database
process ceasing to run, in which case further exploitation attempts
will not be possible.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in SAP AG's
MaxDB version 7.6.0.37 on Linux.
V. WORKAROUND
Employing firewalls to limit access to the affected service will
mitigate exposure to this vulnerability.
VI. VENDOR RESPONSE
SAP AG has addressed this vulnerability by releasing a new version of
MaxDB. For more information, consult SAP note 1140135.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-0307 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
12/06/2007 Initial vendor notification
12/10/2007 Initial vendor response
03/10/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-200803-0062 | CVE-2008-1266 | D-Link DI-524 On the router Web Interface buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. (1) Excessively long username (2) Have an overly large name and a blank value HTTP header. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks.
The D-Link DI-524 router does not properly handle the login request sent to the web interface. collapse.
The D-Link DI-604 router did not properly filter the input passed to the rf parameter in prim.htm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session.
The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
D-Link DI-524 Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA29366
VERIFY ADVISORY:
http://secunia.com/advisories/29366/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
D-Link DI-524
http://secunia.com/product/8028/
DESCRIPTION:
laurent has reported two vulnerabilities in D-Link DI-524, which can
be exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
laurent
ORIGINAL ADVISORY:
http://www.gnucitizen.org/projects/router-hacking-challenge/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0281 | CVE-2008-0306 |
SAP MaxDB of sdbstarter Vulnerable to arbitrary command execution
Related entries in the VARIoT exploits database: VAR-E-200803-0463 |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. SAP MaxDB is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.
This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue. iDefense Security Advisory 03.10.08
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 10, 2008
I. BACKGROUND
SAP's MaxDB is a database software product. MaxDB was released as open
source from version 7.5 up to version 7.6.00. Later versions are no
longer open source but are available for download from the SAP SDN
website (sdn.sap.com) as a community edition with free community
support for public use beyond the scope of SAP applications. The
"sdbstarter" program is set-uid root and installed by default. For more
information, visit the product's website at the following URL.
https://www.sdn.sap.com/irj/sdn/maxdb
II. DESCRIPTION
Local exploitation of a design error in the "sdbstarter" program, as
distributed with SAP AG's MaxDB, could allow attackers to elevate
privileges to root.
This vulnerability exists due to a design error in the handling of
certain environment variables. These variables are used to specify the
configuration settings to be used by various MaxDB components.
III. To exploit this vulnerability, an attacker must be able to
execute the "sdbstarter" program. In a default installation, this
requires that the attacker be a member of the "sdba" group.
It is important to note that this vulnerability is not architecture
dependent.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in SAP AG's
MaxDB version 7.6.0.37 on both Linux and Solaris. Windows releases do
not include the "sdbstarter" program.
V. WORKAROUND
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
SAP AG has addressed this vulnerability by releasing a new version of
MaxDB. For more information, consult SAP note 1140135.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-0306 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
12/05/2007 Initial vendor notification
12/06/2007 Initial vendor response
03/10/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was discovered by Joshua J. Drake of VeriSign
iDefense Labs.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
MaxDB Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29312
VERIFY ADVISORY:
http://secunia.com/advisories/29312/
CRITICAL:
Highly critical
IMPACT:
Privilege escalation, System access
WHERE:
>From remote
SOFTWARE:
MaxDB 7.x
http://secunia.com/product/4012/
DESCRIPTION:
Some vulnerabilities have been reported in MaxDB, which can be
exploited by malicious, local users to gain escalated privileges, and
by malicious people to potentially compromise a vulnerable system.
1) A signedness error within the "vserver" component can be exploited
to cause a heap corruption via a specially crafted packet sent to the
port, which "vserver" is listening on (port 7210/TCP by default).
PROVIDED AND/OR DISCOVERED BY:
An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY:
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
| VAR-200803-0165 | CVE-2008-1242 | Belkin F5D7230-4 Vulnerability that bypasses authentication in router control panel |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802.
Attackers can exploit this issue to gain access to affected routers using the account of a previously authenticated user.
Belkin F5D7230-4 running firmware 9.01.10 is vulnerable; other devices and firmware versions may also be affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Belkin Wireless G Router Security Bypass and Denial of Service
SECUNIA ADVISORY ID:
SA29345
VERIFY ADVISORY:
http://secunia.com/advisories/29345/
CRITICAL:
Less critical
IMPACT:
Security Bypass, DoS
WHERE:
>From local network
OPERATING SYSTEM:
Belkin Wireless G Router
http://secunia.com/product/6130/
DESCRIPTION:
Some security issues and a vulnerability have been reported in the
Belkin Wireless G Router, which can be exploited by malicious people
to bypass certain security restrictions or cause a DoS (Denial of
Service).
2) An error exists within the enforcing of permissions in
cgi-bin/setup_dns.exe. This can be exploited to perform restricted
administrative actions by directly accessing the vulnerable script.
3) An error exists in the cgi-bin/setup_virtualserver.exe script when
processing HTTP POST data. This can be exploited to deny further
administrative access to an affected device via specially a crafted
HTTP POST request with a "Connection: Keep-Alive" header.
The security issues and the vulnerability are reported in model
F5D7230-4, firmware version 9.01.10.
SOLUTION:
Restrict network access to the router's web interface.
PROVIDED AND/OR DISCOVERED BY:
loftgaia
ORIGINAL ADVISORY:
http://www.gnucitizen.org/projects/router-hacking-challenge/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0065 | CVE-2008-1269 | Alice Gate 2 Plus Wi-Fi On the router admin panel In Wi-Fi Vulnerability that disables encryption |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. Alice Gate2 Plus Wi-Fi is prone to a remote security vulnerability
| VAR-200803-0457 | CVE-2008-1471 | Panda Internet Security Such as cpoint.sys Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Panda Products cpoint.sys Privilege Escalation Vulnerabilities
SECUNIA ADVISORY ID:
SA29311
VERIFY ADVISORY:
http://secunia.com/advisories/29311/
CRITICAL:
Less critical
IMPACT:
Privilege escalation, DoS
WHERE:
Local system
SOFTWARE:
Panda Internet Security 2008
http://secunia.com/product/17681/
Panda Antivirus + Firewall 2008
http://secunia.com/product/17905/
DESCRIPTION:
Tobias Klein has reported some vulnerabilities in Panda products,
which can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain escalated privileges.
Input validation errors in the cpoint.sys driver when handling
certain IOCTL requests (e.g.
The vulnerabilities affect the following products:
* Panda Internet Security 2008
* Panda Antivirus + Firewall 2008
SOLUTION:
Apply hotfix.
Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe
Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe
PROVIDED AND/OR DISCOVERED BY:
Tobias Klein
ORIGINAL ADVISORY:
Panda:
http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp
http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp
http://www.trapkit.de/advisories/TKADV2008-001.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0187 | CVE-2008-1207 | Fujitsu Interstage Smart Service disruption in the repository (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value. Fujitsu Interstage Product Fujitsu Intersatage Smart The repository contains service disruptions ( daemon crash ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Daemon crash ) There is a possibility of being put into a state.
Remote attackers can exploit these issues to deny service to legitimate users.
Currently, very little is known about these issues. We will update this BID as more information emerges. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Fujitsu Interstage Smart Repository Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA29250
VERIFY ADVISORY:
http://secunia.com/advisories/29250/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
Interstage Job Workload Server 8.x
http://secunia.com/product/13686/
Interstage Apworks 8.x
http://secunia.com/product/15987/
Interstage Apworks 7.x
http://secunia.com/product/13689/
Interstage Application Server 8.x
http://secunia.com/product/13685/
Interstage Application Server 7.x
http://secunia.com/product/13692/
Interstage Business Application Server 8.x
http://secunia.com/product/13687/
DESCRIPTION:
Some vulnerabilities have been reported in various Fujitsu products,
which can be exploited by malicious people to cause a DoS (Denial of
Service). sending incorrect requests or sending overly large
data.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Please see the vendor's advisory for patch details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0188 | CVE-2008-1208 | Check Point VPN-1 UTM Edge W Embedded type NGX Login page cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects Check Point VPN-1 UTM Edge firmware 7.0.48x. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Input passed to the "user" parameter in the login page is not
properly sanitised before being returned to the user. Other versions may also be affected.
SOLUTION:
Update to firmware version 7.5.48.
PROVIDED AND/OR DISCOVERED BY:
Henri Lindberg, Louhi Networks
ORIGINAL ADVISORY:
http://www.louhi.fi/advisory/checkpoint_080306.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0001 | CVE-2007-6702 | Rooter VDSL Device goform/QuickStart_c0 Password acquisition vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. GoAhead WebServer is prone to a remote security vulnerability. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications
| VAR-200803-0511 | No CVE | Livebox TP Router Remote Overflow Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Livebox TP is a broadband router widely used in Poland. The Livebox TP has an input validation vulnerability when processing malformed user requests, and a remote attacker could exploit this vulnerability to control the server. The ADI Convergence Galaxy FTP server embedded in the Livebox TP does not properly validate user input parameters. If a remote attacker sends a specially crafted message to the router's FTP service, it may trigger a buffer overflow, causing the service to crash.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Livebox TP Router ADI Convergence Galaxy FTP Server Denial of Service
SECUNIA ADVISORY ID:
SA29199
VERIFY ADVISORY:
http://secunia.com/advisories/29199/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Livebox TP Router
http://secunia.com/product/17862/
DESCRIPTION:
0in has reported a vulnerability in Livebox TP routers, which can be
exploited by malicious people to cause a DoS (Denial of Service). Other versions may also be
affected.
SOLUTION:
Restrict network access to the FTP service.
PROVIDED AND/OR DISCOVERED BY:
0in
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0167 | CVE-2008-1244 | Belkin F5D7230-4 On the router cgi-bin/setup_dns.exe Vulnerable to management operations |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. Belkin F5D7230-4 On the router cgi-bin/setup_dns.exe Is vulnerable to performing administrative operations because it does not require authentication.A third party may perform management operations. The Belkin F5D7230-4 Wireless G Router is prone to a vulnerability because of a lack of authentication when users access 'cgi-bin/setup_dns.exe'.
Attackers can exploit this issue to perform administrative functions without authorization. Belkin Wireless G Router is a home wireless router produced by Belkin Corporation of the United States. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Belkin Wireless G Router Security Bypass and Denial of Service
SECUNIA ADVISORY ID:
SA29345
VERIFY ADVISORY:
http://secunia.com/advisories/29345/
CRITICAL:
Less critical
IMPACT:
Security Bypass, DoS
WHERE:
>From local network
OPERATING SYSTEM:
Belkin Wireless G Router
http://secunia.com/product/6130/
DESCRIPTION:
Some security issues and a vulnerability have been reported in the
Belkin Wireless G Router, which can be exploited by malicious people
to bypass certain security restrictions or cause a DoS (Denial of
Service).
1) An error in the implementation of authenticated sessions can be
exploited to gain access to the router's control panel by
establishing a session from a previously authenticated IP address.
2) An error exists within the enforcing of permissions in
cgi-bin/setup_dns.exe.
3) An error exists in the cgi-bin/setup_virtualserver.exe script when
processing HTTP POST data. This can be exploited to deny further
administrative access to an affected device via specially a crafted
HTTP POST request with a "Connection: Keep-Alive" header.
The security issues and the vulnerability are reported in model
F5D7230-4, firmware version 9.01.10.
SOLUTION:
Restrict network access to the router's web interface.
PROVIDED AND/OR DISCOVERED BY:
loftgaia
ORIGINAL ADVISORY:
http://www.gnucitizen.org/projects/router-hacking-challenge/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0168 | CVE-2008-1245 | Belkin F5D7230-4 On the router cgi-bin/setup_virtualserver.exe Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. The Belkin F5D7230-4 Wireless G Router is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to deny access to the device's control center for legitimate users.
Belkin F5D7230-4 running firmware 9.01.10 is vulnerable; other devices and firmware versions may also be affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Belkin Wireless G Router Security Bypass and Denial of Service
SECUNIA ADVISORY ID:
SA29345
VERIFY ADVISORY:
http://secunia.com/advisories/29345/
CRITICAL:
Less critical
IMPACT:
Security Bypass, DoS
WHERE:
>From local network
OPERATING SYSTEM:
Belkin Wireless G Router
http://secunia.com/product/6130/
DESCRIPTION:
Some security issues and a vulnerability have been reported in the
Belkin Wireless G Router, which can be exploited by malicious people
to bypass certain security restrictions or cause a DoS (Denial of
Service).
1) An error in the implementation of authenticated sessions can be
exploited to gain access to the router's control panel by
establishing a session from a previously authenticated IP address.
2) An error exists within the enforcing of permissions in
cgi-bin/setup_dns.exe. This can be exploited to perform restricted
administrative actions by directly accessing the vulnerable script.
3) An error exists in the cgi-bin/setup_virtualserver.exe script when
processing HTTP POST data.
The security issues and the vulnerability are reported in model
F5D7230-4, firmware version 9.01.10.
SOLUTION:
Restrict network access to the router's web interface.
PROVIDED AND/OR DISCOVERED BY:
loftgaia
ORIGINAL ADVISORY:
http://www.gnucitizen.org/projects/router-hacking-challenge/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200803-0353 | CVE-2008-1181 | Juniper Networks Secure Access 2000 Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability.
Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks.
Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. The request will display the path in the \"Execution Failed\" error message
| VAR-200803-0352 | CVE-2008-1180 | Juniper Networks Secure Access 2000 Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Juniper Networks Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Input passed to the "delivery_mode" parameter in
dana-na/auth/rdremediate.cgi is not properly sanitised before being
returned to the user.
The vulnerability is reported in version 5.5R1 (build 11711). Other
versions may also be affected.
SOLUTION:
The vulnerability is reportedly fixed in version 5.5R3.
PROVIDED AND/OR DISCOVERED BY:
Richard Brain, ProCheckUp Ltd
ORIGINAL ADVISORY:
http://www.procheckup.com/Vulnerability_PR07-41.php
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200802-0532 | No CVE | Multiple Vendor IP Camera ActiveX Control URL Parameter Stack Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
D-Link MPEG4 SHM Audio Control, 4XEM VatCtrl Class and Vivotek RTSP MPEG4 SP Control are all ActiveX controls installed by the IP cameras of their respective manufacturers.
A buffer overflow vulnerability exists in the implementation of the above-mentioned ActiveX control of the network camera. A remote attacker may use this vulnerability to control the user system.
VATDecoder.VatCtrl.1 ActiveX control (VATDecoder.dll), RtspVaPgCtrl Class ActiveX control (RtspVapgDecoderNew.dll), and VAPgDecoder.VaPgCtrl.1 ActiveX control (VAPGDecoder.dll) does not properly validate the string assigned to the Url parameter if the user is deceived If a malicious webpage is accessed and a long string is passed to this parameter, it may trigger a stack overflow and cause arbitrary instructions to be executed.
| VAR-200802-0295 | CVE-2008-1049 | Parallels H-Sphere Used in Parallels SiteStudio Vulnerability in |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. H-Sphere SiteStudio is prone to an unspecified vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Successful attacks can compromise the application.
Versions prior to H-Sphere SiteStudio 1.8b are affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
H-Sphere SiteStudio Unspecified Vulnerability
SECUNIA ADVISORY ID:
SA29084
VERIFY ADVISORY:
http://secunia.com/advisories/29084/
CRITICAL:
Moderately critical
IMPACT:
Unknown
WHERE:
>From remote
SOFTWARE:
H-Sphere 2.x
http://secunia.com/product/935/
SiteStudio 1.x
http://secunia.com/product/5069/
DESCRIPTION:
A vulnerability with unknown impact has been reported in H-Sphere
SiteStudio.
SOLUTION:
Update to H-Sphere version 2.5 Patch 11 and SiteStudio version 1.7.2
(see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.psoft.net/misc/hs_ss_technical_update.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200810-0446 | CVE-2008-4771 | Various IP Security Camera ActiveX Controls 'url' Attribute Buffer Overflow Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information. Various IP Security Camera ActiveX controls are prone to a remote buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of applications that use the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
4XEM VatCtrl Class ('VATDecoder.dll') 1.0.0.51.
Vivotek RTSP MPEG4 SP Control ('RtspVapgDecoderNew.dll') 2.0.0.39.
UPDATE (March 25, 2008): D-Link MPEG4 SHM Audio Control ('VAPGDecoder.dll') 1.7.0.5 identified by CLSID: A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C is being actively exploited in the wild. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property Buffer
Overflow
SECUNIA ADVISORY ID:
SA29146
VERIFY ADVISORY:
http://secunia.com/advisories/29146/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
4XEM VatDecoder 1.x
http://secunia.com/product/17836/
DESCRIPTION:
rgod has discovered a vulnerability in 4XEM VatDecoder, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the
VATDecoder.VatCtrl.1 ActiveX control (VATDecoder.dll) when handling
strings assigned to the "Url" property. This can be exploited to
cause a stack-based buffer overflow by assigning an overly long
string to the affected property.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in VATDecoder.dll version 1.0.0.27 and
reported in version 1.0.0.51. Other versions may also be affected.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
rgod
ORIGINAL ADVISORY:
http://www.milw0rm.com/exploits/5193
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200802-0286 | CVE-2008-1040 | Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. Fujitsu Interstage Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.
This issue affects the following applications:
Interstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Apworks Enterprise Edition 8.0.0
Interstage Apworks Standard-J Edition 8.0.0
Interstage Studio Enterprise Edition 8.0.1 and 9.0.0
Interstage Studio Standard-J Edition 8.0.1 and 9.0.0.
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Interstage Application Server Single Sign-On Buffer Overflow
SECUNIA ADVISORY ID:
SA29088
VERIFY ADVISORY:
http://secunia.com/advisories/29088/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Interstage Application Server 8.x
http://secunia.com/product/13685/
Interstage Application Server 9.x
http://secunia.com/product/15986/
DESCRIPTION:
A vulnerability has been reported in Interstage Application Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the Single
Sign-on function. This can be exploited to cause a buffer overflow by
sending a specially crafted request to the server.
Successful exploitation allows execution of arbitrary code.
Please see the vendor advisory for a list of affected products.
SOLUTION:
Please see the vendor advisory for a workaround.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200812-0322 | CVE-2008-5286 | CUPS of _cupsImageReadPNG Integer overflow vulnerability in functions |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务.
CUPS PNG过滤器的_cupsImageReadPNG()函数中执行了以下计算:
bufsize = img->xsize * img->ysize * 3;
if ((bufsize / (img->ysize * 3)) != img->xsize)
{
fprintf(stderr, \"DEBUG: PNG image dimensions (\\%ux\\%u) too large!\n\",
(unsigned)width, (unsigned)height);
fclose(fp);
return (1);
}
验证代码的img->ysize * 3可能会出现整数溢出,导致执行任意代码. CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.
Versions prior to CUPS 1.3.10 are vulnerable. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services.
For the stable distribution (etch) this problem has been fixed in
version 1.2.7-4etch6.
For testing distribution (lenny) this issue will be fixed soon.
For the unstable distribution (sid) this problem has been fixed in
version 1.3.8-1lenny4.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
Architecture independent components:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af
ARM architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa
EwALyW+6s+Lgp2d1GI2ong4=
=R0SH
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
CUPS "process_browse_data()" Double Free Vulnerability
SECUNIA ADVISORY ID:
SA28994
VERIFY ADVISORY:
http://secunia.com/advisories/28994/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
CUPS 1.x
http://secunia.com/product/921/
DESCRIPTION:
A vulnerability has been discovered in CUPS, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.
The vulnerability is caused due to an error within the
"process_browse_data()" function when adding printers and classes.
This can be exploited to free the same buffer twice by sending
specially crafted browser packets to the UDP port on which cupsd is
listening (by default port 631/UDP).
The vulnerability is confirmed in version 1.3.5.
SOLUTION:
Update to version 1.3.6.
PROVIDED AND/OR DISCOVERED BY:
Reported as a CUPS bug by h.blischke.
ORIGINAL ADVISORY:
http://www.cups.org/str.php?L2656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:028
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : January 24, 2009
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered and corrected in CUPS.
CUPS before 1.3.8 allows local users, and possibly remote attackers,
to cause a denial of service (daemon crash) by adding a large number
of RSS Subscriptions, which triggers a NULL pointer dereference
(CVE-2008-5183).
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the
guest username when a user is not logged on to the web server, which
makes it easier for remote attackers to bypass intended policy and
conduct CSRF attacks via the (1) add and (2) cancel RSS subscription
functions (CVE-2008-5184).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9ff1555139c59b89ea0623dfdfff4de5 2008.0/i586/cups-1.3.6-1.4mdv2008.0.i586.rpm
3cda60090d2108259f55cdbc6cf372e5 2008.0/i586/cups-common-1.3.6-1.4mdv2008.0.i586.rpm
1fbbbf89a0341cf430905757bdc6c355 2008.0/i586/cups-serial-1.3.6-1.4mdv2008.0.i586.rpm
f6eb5a73b984f77e851cb39826ba26a1 2008.0/i586/libcups2-1.3.6-1.4mdv2008.0.i586.rpm
e8279e8427ef9c3ec9536abe94038423 2008.0/i586/libcups2-devel-1.3.6-1.4mdv2008.0.i586.rpm
9974e6ad715a853706ec26acf9ca73c3 2008.0/i586/php-cups-1.3.6-1.4mdv2008.0.i586.rpm
6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
355ce3cfb79a4aebbdabedb206a32e05 2008.0/x86_64/cups-1.3.6-1.4mdv2008.0.x86_64.rpm
e3a2b95ac7138318d6cefab0fdf3face 2008.0/x86_64/cups-common-1.3.6-1.4mdv2008.0.x86_64.rpm
fb0abf9e3d492edd06876b7d4cebe784 2008.0/x86_64/cups-serial-1.3.6-1.4mdv2008.0.x86_64.rpm
5b5196b27e24fb6ad910563ed884ce2e 2008.0/x86_64/lib64cups2-1.3.6-1.4mdv2008.0.x86_64.rpm
e8b1cdbba7283ff2e9b76eb498f508d0 2008.0/x86_64/lib64cups2-devel-1.3.6-1.4mdv2008.0.x86_64.rpm
178ca59986af801a2c29611fa16ce2dd 2008.0/x86_64/php-cups-1.3.6-1.4mdv2008.0.x86_64.rpm
6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm
Mandriva Linux 2008.1:
93a94c922f72f8844e232ed779a8c66c 2008.1/i586/cups-1.3.6-5.3mdv2008.1.i586.rpm
eccb6a07dd53dbbeb490675c2cf311f0 2008.1/i586/cups-common-1.3.6-5.3mdv2008.1.i586.rpm
2ad9c7135f6d8a2217d34055ca8f57b3 2008.1/i586/cups-serial-1.3.6-5.3mdv2008.1.i586.rpm
62d4efcf07165da647db08d6636ac596 2008.1/i586/libcups2-1.3.6-5.3mdv2008.1.i586.rpm
f0779950606ab9fa83b9de410a7beb70 2008.1/i586/libcups2-devel-1.3.6-5.3mdv2008.1.i586.rpm
d0bd96dc1aec2dab736d538a7bd49a2b 2008.1/i586/php-cups-1.3.6-5.3mdv2008.1.i586.rpm
abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
64aca60db93cd3886f58823155e2f982 2008.1/x86_64/cups-1.3.6-5.3mdv2008.1.x86_64.rpm
2cb2d9467430c4619ed23d37099ad2cc 2008.1/x86_64/cups-common-1.3.6-5.3mdv2008.1.x86_64.rpm
69b5f842144013c41c946783c898c1db 2008.1/x86_64/cups-serial-1.3.6-5.3mdv2008.1.x86_64.rpm
243a0d7da4c4e24ac8c7571a202e1627 2008.1/x86_64/lib64cups2-1.3.6-5.3mdv2008.1.x86_64.rpm
2d4bbbd60d026d3bc272001d447dc5ae 2008.1/x86_64/lib64cups2-devel-1.3.6-5.3mdv2008.1.x86_64.rpm
e1a2d953fdc0dbb7eda2097f0e4c38e9 2008.1/x86_64/php-cups-1.3.6-5.3mdv2008.1.x86_64.rpm
abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJe0RhmqjQ0CJFipgRAsXFAKDBJeogydK5chEfSmEpHuVXDsC6xQCgq+vl
JbRgydRjIpXNqGzlnNrqXZI=
=2ydF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1
Description
===========
Several buffer overflows were found in:
* The read_rle16 function in imagetops (CVE-2008-3639, found by
regenrecht, reported via ZDI)
* The WriteProlog function in texttops (CVE-2008-3640, found by
regenrecht, reported via ZDI)
* The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641,
found by regenrecht, reported via iDefense)
* The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs)
Impact
======
A remote attacker could send specially crafted input to a vulnerable
server, resulting in the remote execution of arbitrary code with the
privileges of the user running the server.
Workaround
==========
None this time.
Resolution
==========
All CUPS users should upgrade to the latest version.
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1"
References
==========
[ 1 ] CVE-2008-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
[ 2 ] CVE-2008-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
[ 3 ] CVE-2008-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
[ 4 ] CVE-2008-5286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200812-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-707-1 January 12, 2009
cups, cupsys vulnerabilities
CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.12
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.9
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.3
Ubuntu 8.10:
cups 1.3.9-2ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that CUPS didn't properly handle adding a large number of RSS
subscriptions. A local user could exploit this and cause CUPS to crash, leading
to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and
8.10. (CVE-2008-5183)
It was discovered that CUPS did not authenticate users when adding and
cancelling RSS subscriptions. An unprivileged local user could bypass intended
restrictions and add a large number of RSS subscriptions. This issue only
applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)
It was discovered that the PNG filter in CUPS did not properly handle certain
malformed images. In Ubuntu 7.10, 8.04 LTS, and 8.10,
attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)
It was discovered that the example pstopdf CUPS filter created log files in an
insecure way. Local users could exploit a race condition to create or overwrite
files with the privileges of the user invoking the program. This issue only
applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.diff.gz
Size/MD5: 100650 effacab03a0a75663148e730badca56e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.dsc
Size/MD5: 1060 e320589ea4731d43a927b6ea986e2ca9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.12_all.deb
Size/MD5: 996 01d1b0dbc0bf6fed042b103b81d91293
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 36230 ac91b545a2f40de7c165f160928334be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 81912 f3ec3b95abadf43c3642d422bb1d8d64
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 2286872 779f854a26f5670c1183aac0a9adf15b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 6092 e4f7e6b58bbcf3656487d779ada528d1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 77434 f7789b8cca7ea8f57ca2ca14f4cc1a9b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 25748 e2a92ba2421bafc00df0a6c1f99bcda8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_amd64.deb
Size/MD5: 130184 6a0808bf1ea2650d8a97fc50ceee0aa6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 34766 ec9c0af53c98f9d904a8241331179a6d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 77990 c582e927e8d8bbdd29c5c111bc0dd162
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 2254158 f9e7ba99ce5ff49546a8922df47d0005
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 6092 969b76527edef12a2f3c77a77c97480e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 76550 2e653b4dac7063a7d290918bdafd43cf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 25748 cfff840b4e9984245fcd15d845183810
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_i386.deb
Size/MD5: 122384 ec7ddfb032ee70d393c65d9d90060ea0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 40466 119cafd93458295da6a6c8c12b35a262
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 89530 bc52672d7f4903f7ec745cbe778e4da2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 2301402 e3bf63715dbebb29410ce13098b645f1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 6088 68fd62d76fc0a4e2e515f5a644852e60
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 79208 b83506e935ffd0ac4c1311f003424f2b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 25744 cb2ca08057f83b9b40b60960712d8766
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_powerpc.deb
Size/MD5: 128150 597300fc1511305508b9c0e62c061660
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 35388 afe7217a6f8ebe6fba8f7668f8a6d5bf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 78722 0f5be23fb63000b5fb2945f4a40ad70a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 2287758 3b8180329fa4c55ece2b828e07d3366c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 6090 aee18e619e301cdd7472d6f6a326655c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 76468 398ecfef9fff03f088e4964ad0e76c71
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 25748 22655777c70067f973fef557c9196bdf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_sparc.deb
Size/MD5: 123876 99879b6877338c254ae31dcd0f4bae29
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.diff.gz
Size/MD5: 129791 3e27f46f569ec5719b5fe13fb78a9f14
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.dsc
Size/MD5: 1226 3a8eb42c55eb55163497543c39f23124
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz
Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.9_all.deb
Size/MD5: 1080428 2a130e02392de2ce721ac25a9a71ef0f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 37202 8a68cf9bfa98bda7cf30f6bfba41dd2e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 89510 e721173ffa8c31fc92703b908140e84c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 2034862 f512c15b34be6e169e9f947ca916ca93
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 60018 4f4e8635956b4b882074cc2760ebcb5e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 46878 197a3efe70b9864efe397bb27e455933
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 152008 c05765a56717613f12ca4e47dd751864
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_amd64.deb
Size/MD5: 186748 03cda4eef301db2a8f2cb6f5344c9f02
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 36480 6742a1d19a47e85b583bfc6cc8e5bef1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 86482 33d1e6cc218245db992e2b8337d63fad
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 2018562 6217c3d4a08b575b0fd01a2f0b6d9965
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 58836 228f15292895fb6714cf83ac08376530
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 46256 a2a663a767af4beccac469b36af692b4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 145696 099603137d153ed2f50e0154fde6811f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_i386.deb
Size/MD5: 183548 69d7d5292ed78f5a5dca16d9be7d9ebe
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 36670 2f95875950737fb3b29d8170e0e842be
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 88296 51a1b00b3aa778300d6be240ca814448
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 2021580 ec2e3b013c825e7b1c269778d722c41f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 59622 38519a455e3dca46fdc55980903ef527
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 47694 2a305b565e33a52d5cfe71bb09d3fbc0
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 142418 b0423e069760ca141c0e73f07b7049fb
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_lpia.deb
Size/MD5: 181750 8e286ae296e7b3fd216d7137a4c21c19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 46502 a1296168b5d3706b8870d2aca19cfc4a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 107760 d98d3f88cf3706b28ca9706e4f21897e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 2099848 088263da7a0baba49e4b28f000070cdf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 59484 85a44c9e70aadd41bdcb9401af938361
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 51846 4442245f4cf71913bbd642f5185f93a0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 146944 ca2f12efe3d8b1ef0711019a6f4be4a3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_powerpc.deb
Size/MD5: 192530 47b0cc559fb4548701addb4e389beda1
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 37568 441cbf24d055107a408220ea945357e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 89612 42f545e2092863afc31a6beb921ba803
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 2061116 df2be5541017e5a11f265dc0420d1de4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 58094 4602a5ee17eae8d0769901ffff089eac
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 45560 fce319567830955760626e98a52bd9e0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 148474 0fa2f0010fbd4b08d91b1c62765ed46e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_sparc.deb
Size/MD5: 182570 ef1eec9c88b499b3cea8742fc31d8edf
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.diff.gz
Size/MD5: 134438 a4a1876673e461e35cfec8952ca054f5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.dsc
Size/MD5: 1441 2ced31d2fde396439410f30e758d7db2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.3_all.deb
Size/MD5: 1144166 4893a05510da7c9b5434d00fc29e455f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 37532 480443df9d0723c844c0c0f6408169a2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 89978 0d287573cdcc4701998ce53af56dd3f9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 1880612 2314ea0930f6d00794e0176916b6da35
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 60906 9042974135c36a37171a424b7d4a202d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 50368 3cd1eb8125943eaa9ee6dde601f4422e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 344934 c5aec8c571564cbd0c895145a875d02a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_amd64.deb
Size/MD5: 177930 36d56cb0664534f425871d13d77e4b1a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 36968 6f01ef27169dfc9aa944c5049acbbe63
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 88402 dd874fead670a6d57e90176ad1facc94
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 1863008 ff961e2dbb46de7be8722d88178a38e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 60100 0881e753bb681af3463d6ed8d11c09cf
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 49846 07a541a01b7e231c9988e779a3f602d0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 339346 d5efe383bc97ce56837e36806bfba341
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_i386.deb
Size/MD5: 174778 a578d4f7a0fe9195167e7a0cafc37974
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 36678 3176e400d418ca744825919b30d1a248
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 88752 998f5ae89f57c5a3874a2bec71f435af
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 1865256 715aafc333b7d070b516950843cdf664
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 60548 39aa25aae6614a78a0b3c29e30d464f9
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 50860 1ba114f3487de2725c3704efbaf6a5c5
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 337010 98f33df59e831f8213370b533c9a6f7b
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_lpia.deb
Size/MD5: 173708 dca1c947f9af44e5d4c6bc2c604aa371
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 46930 5baf8d502a2bdca9954d98a542e92f1b
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 110824 b0aab96be927c4d4924df4c45049f8a0
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 1949124 d53346f89338971030ed9a202726849c
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 59928 0c7f0193cfee10e401ca8304bc6a20bb
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 54930 694817b2babba26327d4b021a36f938a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 341674 78be76c752899ff02d96f7d9f4c8cbc1
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_powerpc.deb
Size/MD5: 183682 2dfb517ad5388b6471fc3f33148110c7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 38030 018dbd428bea31bff3efe42c650ab930
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 91034 0cdf41119c49465205ec9d85e0fcedcb
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 1897932 265d337f28fada008fdf22034c76d43b
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 57852 5ebf07d4d87d5c0ba46bb52b0cabe6bd
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 48224 ed14b7888ad80c70678b20881c6b9606
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 341382 ed914dcee1d36a7437ebdb46d44fba62
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_sparc.deb
Size/MD5: 173608 98ee538398dcf7c112099d3e398b686e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.diff.gz
Size/MD5: 328034 b25d444f40ebc1f17984cb538172480c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.dsc
Size/MD5: 2043 3b36a5cadfe85ed62bf8b28de6ec7591
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 1162340 88ad6900549400af9f75f927227d45cb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57652 7a33348b800c156e43a83e9083436bd5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57660 6c89ff2b1f7fe264b5caaaf986b36d9c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57652 ee1e3c3d68c190281678d7c1e7adadc9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57656 2e8d25c423fbc2e265b0d56633ebc67d
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57670 b0c0e0f336be70d0c458b45936f98d0d
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 4530 23fb36af369fe018cd11fb3291dcc3cc
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu6.1_all.deb
Size/MD5: 57656 46de04530c997f729b7dce967559c8b3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 37318 7c4c4cadb4f9b7f6e2c6080b790e6ee1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 119788 72cab9079aeefee51e09a3b31ae592fa
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 1682518 3180c4e3fa3d5cfe0b2b894898485fdd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 2172420 d7928f5c71b128511a0864db35ba6fe9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 352208 ba6478c9d8f3712b0c1e648e48bbb0c3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 172690 b2f7befc45ccf3bcd176186f9c48ceb1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 61404 a16ecd777aca26b88c24d16b69e5f193
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_amd64.deb
Size/MD5: 52392 7a9f6aabf047ad3225f8ec44d2fb5540
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 36216 b4999abd3bf22b2963db0969b40da8e1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 115352 9ec804831b4557a4ada56602384ecc39
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 1542016 c120e8f977f4b19be21e3b3067ca0df5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 2139174 18db7072b040bc4f3319b3b51361a239
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 345996 53a7bdb95ee0b5d3b0f96c463710dadd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 169534 efa2f12acaf19bfab23d60478b5586cd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 60536 ceb4ded5423c0a25ddcc924d29e390f5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_i386.deb
Size/MD5: 51750 cf8f8190d6281a5881b8cc1922035758
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 36030 95ca36c48f733f3d709e94c2202e97db
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 114514 c44f5a21e630c130008be55aa258cb42
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 1571226 37ce539f88c38ba11a89515ddc188d2c
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 2135890 46cb00e52f60f8adc58496bc550a5ad9
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 342976 e14329c1e782470735f35422c592b473
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 167800 9cbad1fe09d9904ae6e026987d85731a
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 60672 8a5ca81cd3803ad98afe963360242177
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_lpia.deb
Size/MD5: 52440 07bf6935608f398215f2880d5be9fd25
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 43578 6876bb9233cf8352dfbf66bc95ddf7e9
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 138186 b3868a2e0d935a95e9083773859f1cbe
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 1663458 2bf2dae0699cf7dc45889dc678f20fcc
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 2264178 b5b51d8116a46689275f98ea94e946af
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 347972 af66fd54a390946c7b676cf54cb6e22e
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 176964 0605e8b21a449afea97a3f5060af63e1
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 61336 79c4d467e37c334effe0b5ee31238901
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_powerpc.deb
Size/MD5: 57492 a6d2f97d74132b1f2a40599398ecd9b1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 37220 31f862d50b31324596054730ea09f7d3
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 117632 b594a8cb5b194fef18a0393968fe0736
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 1490260 01fcb6d2d1c062dcdfd6cde440ef2a98
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 2200956 ebfffd46f41befdda3e30e3cb1ab521e
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 344800 6192418a2f2625f81551e9839d1187b4
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 165706 5804589b4f9bcc3bf016e3394f7acb7f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 57906 34fef3b4e0a01df4a76c92768a8c292e
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_sparc.deb
Size/MD5: 49792 24e09a0af0155fd8a13ca3f1db035c6d