VARIoT IoT vulnerabilities database

VAR-200804-0396 | CVE-2008-1736 | Comodo Firewall Pro Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. This vulnerability CVE-2007-0709 Is a different vulnerability.Service disruption by local users via: ( System crash ) There is a possibility of being put into a state. (1) NtDeleteFile Crafted in a call to a function OBJECT_ATTRIBUTES Through the structure ZwQueryObject Trigger improper validation of results (2) NtCreateFile Call to function (3) NtSetThreadContext Call to function. Comodo Firewall Pro is prone to multiple local vulnerabilities. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.
Comodo Firewall Pro 2.4.18.184 is vulnerable; other versions may also be affected. The NtDeleteFile, NtCreateFile, and NtSetThreadContext functions of the Comodo firewall do not validate parameters correctly. … . ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated. These
can be exploited to cause a DoS by calling the affected functions with
specially crafted arguments.
The vulnerabilities are reported in version 2.4.18.184.
SOLUTION:
Upgrade to version 3.0.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Insufficient argument validation of hooked SSDT functions on
multiple Antivirus and Firewalls
*Advisory Information*
Title: Insufficient argument validation of hooked SSDT functions on
multiple Antivirus and Firewalls
Advisory ID: CORE-2008-0320
Advisory URL: http://www.coresecurity.com/?action=item&id=2249
Date published: 2008-04-28
Date of last update: 2008-04-28
Vendors contacted: BitDefender, Comodo, Sophos and Rising
Release mode: Coordinated release (BitDefender, Comodo, Rising), User
release (Sophos)
*Vulnerability Information*
Class: Invalid memory reference
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 28741, 28742, 28743, 28744
CVE Name: CVE-2008-1735, CVE-2008-1736, CVE-2008-1737, CVE-2008-1738
*Vulnerability Description*
Insufficient argument validation of hooked SSDT functions on multiple
Antivirus and Firewalls (BitDefender Antivirus [1], Comodo Firewall [2],
Sophos Antivirus [3] and Rising Antivirus [4]) have been found that
could lead to a Denial of Service (DoS) and possibly to code execution
attacks. An attacker, utilizing these flaws, could be able to locally
reboot the whole system shutting down the firewall or anti-virus
protection.
*Vulnerable Packages*
. BitDefender Antivirus 2008 Build 11.0.11
. Sophos Antivirus 7.0.5
. Rising Antivirus 19.60.0.0 and 19.66.0.0
. Older versions may be affected, but were not checked.
*Non-vulnerable Packages*
. BitDefender Antivirus 2008 builds available through automatic updates,
posterior to January 18th. Rising Antivirus 20.38.20
*Vendor Information, Solutions and Workarounds*
1) BITDEFENDER ANTIVIRUS (BID 28741, CVE-2008-1735)
According to BitDefender, the flaw was not exploited by any malicious
application, and it was corrected through automatic updates. Information
on this issue can be found on BitDefender website at this location:
http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html.
Non-vulnerable products from Sophos are earlier versions of Sophos
Anti-Virus for Windows, Sophos Anti-Virus for non-Windows platforms and
all other Sophos products.
The vulnerability is only exploitable if Runtime Behavioural Analysis is
switched on. Even then the exploit will only be effective if the end
user is using security settings that are lower than the defaults for
most web browsers today, or if the end user agrees to activate an
ActiveX or Java Applet from the webpage hosting the exploit.
Workarounds to avoid this vulnerability include:
a. Using the default security settings or higher on the latest version
of your chosen web browser. In line with general security best practice
we would also encourage end users not to download ActiveX or Java
Applets unless confident about their content.
b. Turning off the Runtime Behavioural Analysis functionality within
Sophos Anti-Virus (customers will still benefit from Sophos Behavioural
Genotype protection and other means of protecting endpoints against
malware).
N.B. Should an exploit be released into the wild, Sophos will deploy
protection against that exploit.
The fix for this vulnerability requires customers to reboot their
endpoints. Given the low severity of the vulnerability, to minimise
disruption to our customers Sophos will release the fix at the earliest
opportunity that coincides with a necessary reboot of the product."
4) RISING ANTIVIRUS (BID 28744, CVE-2008-1738)
A fixed version of Rising Antivirus can be downloaded from:
http://rsdownload.rising.com.cn/for_down/rsfree/ravolusrfree.exe
All Rising customers can also update up to a patched version through
automatic updates.
*Credits*
These vulnerabilities (except the Rising one) were discovered by Damian
Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco
y Rodrigo Carvalho from Core Security Technologies, during Bugweek 2007.
The Rising vulnerability was discovered by Anibal Sacco from Core
Security Technologies exploit writers team.
These vulnerabilities were researched by Anibal Sacco and Damian Saura
from Core Security Technologies.
*Technical Description / Proof of Concept Code*
We have found that BitDefender Antivirus, Rising Antivirus, Comodo
Firewall and Sophos Antivirus have hooks that do not properly validate
the arguments of the hooked functions before accessing them, and lead to
the program trying to reference some invalid memory, leading in some
scenarios to a BSOD (Blue Screen of Death).
In our tests we used the kernel hooks probing tool BSODhook [5] in order
to find any kind of insufficient argument validation of hooked SSDT
functions. From Matousec paper [6]:
"Hooking kernel functions by modifying the System Service Descriptor
Table (SSDT) is a very popular method of implementation of additional
security features and is used frequently by personal firewalls and other
security and low-level software. Although undocumented and despised by
Microsoft, this technique can be implemented in a correct and stable
way. However, many software vendors do not follow the rules and
recommendations for kernel-mode code writing and many drivers that
implement SSDT hooking do not properly validate the parameters of the
hooking functions."
"Hooking SSDT functions requires extra caution. SSDT function handlers
are executed in the kernel mode but their callers are executed in the
user mode. Hence all function arguments come from the user mode. This is
why it is necessary to validate these arguments properly. Otherwise a
simple user call can easily crash the whole system. This bug usually
results in a system crash. However, it may happen that this bug is even
more dangerous and may lead to the execution of an arbitrary code in the
privileged kernel mode."
A local DoS attack, despite not being a very sophisticated intrusion
attack, could be used as an accessory under several scenarios. It is
commonly used by viruses as added feature, when the specific AV is
detected on the infected machine, crashing the system just to annoy. Or
by a human attacker, after a succesful remote intrusion with
unprivileged credentials to make a computer resource unavailable to its
intended users. Besides, this could be a very valuable resource when
trying to fake some service that answers broadcasts request like a DHCP,
allowing to start the service in another location replacing the original
one.
1) BITDEFENDER ANTIVIRUS (BID 28741, CVE-2008-1735)
BitDefender fails to validate the pointer to the 'CLIENT_ID' structure
provided to 'NtOpenProcess'. So, if we pass an invalid pointer, we will
crash the whole system.
/-----------
NtOpenProcess(PHANDLE ProcessHandle,
ACCESS_MASK AccessMask,
POBJECT_ATTRIBUTES ObjectAttributes,
PCLIENT_ID ClientId )
.text:00010ADE push 0Ch
.text:00010AE0 push offset stru_114E8
.text:00010AE5 call __SEH_prolog
.text:00010AEA call KeGetCurrentThread
.text:00010AEF xor ebx, ebx
.text:00010AF1 cmp [eax+140h], bl
.text:00010AF7 jz short loc_10B0D
.text:00010AF9 call PsGetCurrentProcessId
.text:00010AFE call PsGetCurrentProcessId
.text:00010B03 push eax
.text:00010B04 call sub_10724
.text:00010B09 test eax, eax
.text:00010B0B jnz short loc_10B12
.text:00010B0D
.text:00010B0D loc_10B0D: ; CODE XREF: sub_10ADE+19_j
.text:00010B0D push [ebp+ClientId]
.text:00010B10 jmp short loc_10B73
.text:00010B12 ;
-
---------------------------------------------------------------------------
.text:00010B12
.text:00010B12 loc_10B12: ; CODE XREF: sub_10ADE+2D_j
.text:00010B12 mov edi, [ebp+ClientId]
.text:00010B15 cmp edi, ebx ; Little check to avoid a
Null Pointer
- -----------/
Here it gets the pointer to the 'ClientId' value, and if it is non zero
('!= 0') it does not care where it is pointing to.
/-----------
.text:00010B17 jnz short loc_10B1C
.text:00010B19 push ebx
.text:00010B1A jmp short loc_10B73
.text:00010B1C ;
-
---------------------------------------------------------------------------
.text:00010B1C
.text:00010B1C loc_10B1C: ; CODE XREF: sub_10ADE+39_j
.text:00010B1C mov [ebp+ms_exc.disabled], ebx
.text:00010B1F mov esi, [edi] ; Here it crashes
- -----------/
It access to that memory, and if that is invalid memory the system will
crash.
/-----------
.text:00010B21 mov [ebp+var_1C], esi
.text:00010B24 or [ebp+ms_exc.disabled], 0FFFFFFFFh
.text:00010B28 jmp short loc_10B3B
.text:00010B28 sub_10ADE endp
- -----------/
2) COMODO FIREWALL PRO (BID 28742, CVE-2008-1736)
In Comodo there are problems in the arguments validation of
'NtDeleteFile', 'NtCreateFile' and 'NtSetThreadContext' functions.
'NtDeleteFile' receives just one parameter, a pointer to an
'OBJECT_ATTRIBUTES' structure. These attributes would include the
'ObjectName' and the 'SECURITY_DESCRIPTOR', for example. This is the
hook placed by Comodo at 'NtDeleteFile'.
/-----------
NTDeleteFile (POBJECT_ATTRIBUTES ObjectAttributes)
.text:0001ACB0 push 1Ch
.text:0001ACB2 push offset stru_1E3F0
.text:0001ACB7 call __SEH_prolog
.text:0001ACBC xor ebx, ebx
.text:0001ACBE inc ebx
.text:0001ACBF mov [ebp+var_1C], ebx
.text:0001ACC2 xor esi, esi
.text:0001ACC4 mov [ebp+var_24], esi
.text:0001ACC7 mov [ebp+var_20], ebx
.text:0001ACCA mov [ebp+var_28], esi
.text:0001ACCD mov [ebp+ms_exc.disabled], esi
.text:0001ACD0 call ds:ExGetPreviousMode
.text:0001ACD6 mov edi, [ebp+ObjectAttributes]
- -----------/
Here it does a lot of 'ProbeForRead' checks to see if the pointers of
the structure are valid. Nice! ('EDI' still has a pointer to the
'OBJECT_ATTRIBUTES' structure)
/-----------
....
sub_1A692
.text:0001A692 push 28h
.text:0001A694 push offset stru_1E3C0
.text:0001A699 call __SEH_prolog
.text:0001A69E xor edi, edi
....
.text:0001A6B3 mov [ebp+ms_exc.disabled], edi
.text:0001A6B6 push 72747052h ; Tag
.text:0001A6BB mov ebx, 400h
.text:0001A6C0 push ebx ; NumberOfBytes
.text:0001A6C1 push 1 ; PoolType
.text:0001A6C3 call ds:ExAllocatePoolWithTag ; Allocates memory to
hold the data retrieved by ZwQueryObject
.text:0001A6C9 mov esi, eax
.text:0001A6CB mov [ebp+var_28], esi
.text:0001A6CE cmp esi, edi
.text:0001A6D0 jz short loc_1A74F
.text:0001A6D2 mov edi, [ebp+ObjectAttributes]
.text:0001A6D5 mov eax, [edi+OBJECT_ATTRIBUTES.RootDirectory] ;
Here, the code retrieves the RootDirectory's field value from the
structure, controled by us.
.text:0001A6D8 test eax, eax
.text:0001A6DA jz short loc_1A71B
.text:0001A6DC push 0 ; ReturnLength
.text:0001A6DE push ebx ; ObjectInformationLength
.text:0001A6DF push esi ; ObjectInformation
; buffer where ZwQueryObject will put the object information
.text:0001A6E0 push 1 ; ObjectInformationClass
; Specifies an OBJECT_INFORMATION_CLASS value that determines the type
; of information returned in the ObjectInformation buffer. It's using
; an undocumented type (OBJECT_NAME_INFORMATION) which returns an
UNICODE_STRING structure
.text:0001A6E2 push eax ; ObjectHandle
; Now, the user-controlled handle 'll be used here to identify the
object by ZwQueryObject,
.text:0001A6E3 call ds:ZwQueryObject
.text:0001A6E9 mov [ebp+var_20], eax
.text:0001A6EC test eax, eax
.text:0001A6EE jl short loc_1A746
- -----------/
Here is where the problem shows up. The code does not properly validates
the data retrieved by 'ZwQueryObject', expecting an 'UNICODE_STRING'
structure. But it is possible to make multiple calls to the function
using different handlers to obtain a null structure crashing the system
when the code tries to dereference its 'Buffer' field.
/-----------
.text:0001A6F0 movzx eax, [esi+UNICODE_STRING.Length]
.text:0001A6F3 shr eax, 1
.text:0001A6F5 mov ecx, [esi+UNICODE_STRING.Buffer]
.text:0001A6F8 movzx eax, word ptr [ecx+eax*2-2] ; Here is the problem
.text:0001A6FD mov [ebp+var_30], eax
.text:0001A700 cmp ax, 5Ch
.text:0001A704 jz short loc_1A725
- -----------/
3) SOPHOS ANTIVIRUS (BID 28743, CVE-2008-1737)
Insufficient argument validation of hooked SSDT functions on Sophos lead
to a DoS. An attacker, utilizing this flaw, would be able to locally
reboot the whole system shutting down the Firewall or AV protection.
Although neither the vendor nor Core Security has found a means of
exploiting the flaw to execute arbitrary code, it has not been possible
to rule this out.
In Sophos AV there is a problem in the arguments validation of
'NtCreateKey' function.
/-----------
int __cdecl NtCreateKeyHook(PHANDLE pKeyHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
ULONG TitleIndex,PUNICODE_STRING Class,
ULONG CreateOptions,
PULONG Disposition)
[...]
.text:0001C01C push 4 ; Alignment
.text:0001C01E push 18h ; Length
.text:0001C020 mov esi, [ebp+ObjectAttributes]
.text:0001C023 push esi ; Address
.text:0001C024 call ds:ProbeForRead
- -----------/
Here it checks for 'ObjectAttributes' to be pointing to a valid address.
/-----------
.text:0001C02A mov eax, [esi+OBJECT_ATTRIBUTES.RootDirectory]
.text:0001C02D mov [ebp+Handle], eax
.text:0001C030 mov esi, [esi+OBJECT_ATTRIBUTES.ObjectName]
.text:0001C033 mov [ebp+pUnicodeString], esi
- -----------/
Now, it gets from 'OBJECT_ATTRIBUTES' a handle and a pointer to an
'UNICODE_STRING' structure.
/-----------
.text:0001C095 push 4
.text:0001C097 push 8
.text:0001C099 push esi
.text:0001C09A mov ebx, ds:ProbeForRead
.text:0001C0A0 call ebx ; ProbeForRead, it checks the
pointer before the dereference.
.text:0001C0A2 mov eax, dword ptr [esi+UNICODE_STRING.Length]
.text:0001C0A4 mov dword ptr [ebp+stUnicodeString.Length], eax
.text:0001C0A7 mov esi, [esi+UNICODE_STRING.Buffer] ; And gets
from the UNICODE_STRING structure
; a pointer to the unicode buffer.
.text:0001C0AA mov [ebp+stUnicodeString.Buffer], esi
.text:0001C0AD push 2 ; Alignment
.text:0001C0AF shr eax, 10h
.text:0001C0B2 push eax ; Length
.text:0001C0B3 push esi ; Address
.text:0001C0B4 call ebx ; ProbeForRead
- -----------/
It does the check, but here is the problem
/-----------
.text:0001C0B6 push gdwValue
.text:0001C0BC lea eax, [ebp+stUnicodeString]
.text:0001C0BF push eax
.text:0001C0C0 push [ebp+Object]
.text:0001C0C3 call sub_1cb40
- -----------/
The problem relies in the function not properly checking the 'Length'
field of the 'UNICODE_STRING' structure. When doing the check,
'ProbeForRead' receives the length field of the structure as a parameter
without any kind of validation.
So, if we set this field to 0, 'ProbeForRead' will not raise any
exception even though we were passing it an invalid address. And it will
crash when trying to access to the desired invalid memory.
/-----------
sub_1cb40
[...]
.text:0001CB5E xor esi, esi
.text:0001CB60 mov [ebp+ms_exc.disabled], esi
.text:0001CB63 mov edi, [ebp+pUnicodeString]
.text:0001CB66 mov eax, [edi+UNICODE_STRING.Buffer]
- -----------/
And here is where it will crash:
/-----------
.text:0001CB69 cmp word ptr [eax], '\' ; Reference the first
pointed byte
- -----------/
4) RISING ANTIVIRUS (BID 28744, CVE-2008-1738)
In Rising antivirus the code of the 'NtOpenProcess' hook does not
validates if the pointer to the structure
/-----------
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;}
- -----------/
is really pointing to mapped memory. So, when the code tries to
dereference the pointer to check the 'CLIENT_ID->UniqueProcess' value,
if it is pointing to invalid memory, will crash.
/-----------
NtOpenProcess( OUT PHANDLE ProcessHandle,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId )
.text:00010EAA push ebp
.text:00010EAB mov ebp, esp
.text:00010EAD push esi
.text:00010EAE mov esi, offset Addend
.text:00010EB3 push edi
.text:00010EB4 mov ecx, esi ; Addend
.text:00010EB6 call ds:InterlockedIncrement
.text:00010EBC call PsGetCurrentProcessId
.text:00010EC1 cmp eax, dword_11C8C
.text:00010EC7 jnz short loc_10ECE
.text:00010EC9
.text:00010EC9 loc_10EC9: ; CODE XREF: sub_10EAA+37_j
.text:00010EC9 push [ebp+ClientId]
.text:00010ECC jmp short loc_10EF0
.text:00010ECE ;
-
---------------------------------------------------------------------------
.text:00010ECE
.text:00010ECE loc_10ECE: ; CODE XREF: sub_10EAA+1D_j
.text:00010ECE call PsGetCurrentProcessId
.text:00010ED3 mov ecx, dword_11C80
.text:00010ED9 push eax
.text:00010EDA call sub_11070
.text:00010EDF test al, al
.text:00010EE1 jnz short loc_10EC9
.text:00010EE3 call PsGetCurrentProcessId
.text:00010EE8 mov edi, [ebp+ClientId] ; Here is the bug, if
ClientId is pointing to an invalid address
.text:00010EEB cmp eax, [edi] ; it will crash.
.text:00010EED jnz short loc_10F0D
- -----------/
*Report Timeline*
. 2008-01-11: Core Security Technologies found a security vulnerability
in BitDefender antivirus. 2008-01-14: BitDefender team is contacted by Core. 2008-01-15: BitDefender team asks Core for technical description of
the vulnerability. 2008-01-15: Technical details are sent to BitDefender team by Core. 2008-01-22: BitDefender notifies Core that a fix has been produced and
the flaw was corrected through automatic updates. 2008-02-04: According to the original schedule, the CORE-2008-0320
advisory would be released at this date, but similar flaws in other
antivirus products were discovered by Core exploit writers team.
Considering all BitDefender users are patched, Core Security
Technologies does not release the advisory and continues the research of
this issue in other products. 2008-03-20: Core analyzes similar vulnerabilities in Comodo Firewall,
Sophos Antivirus and Rising Antivirus. 2008-03-25: Core notifies the Comodo, Sophos and Rising teams of the
vulnerabilities. 2008-03-27: Comodo team asks Core for technical description of the
vulnerability. 2008-03-27: Technical details are sent to Comodo team by Core. 2008-03-31: Rising team asks Core for technical description of the
vulnerability. 2008-04-01: Technical details are sent to Rising team by Core. 2008-04-02: Rising team inform Core that the flaw has been fixed in
the Rising AV 2008 version. 2008-04-02: Sophos team asks Core for technical description of the
vulnerability. 2008-04-07: Technical details are sent to Sophos team by Core. 2008-04-11: Sophos team informs that the flaw is found in one of the
antivirus drivers, and fixing it will require a reboot for all of Sophos
Windows customers. Sophos would like to fix the bug in the next major
version (second quarter 2009), in particular considering the fact that
they were unable to come up with any practical use of this vulnerability. 2008-04-14: Comodo notifies Core that a fix has been produced. 2008-04-14: Sophos informs Core that they will be able to release a
fix to the vulnerability at the end of October 2008. 2008-04-21: Core responds that they will reschedule the publication to
April 24th, 2008. Since the vulnerability is not critical, and has been
found using publicly available tools, like the other vulnerabilities
included in the advisory, Core doesn't see a reason to postpone the
publication of the Sophos bug until October 2008. 2008-04-21: Sophos asks Core not to release details of the
vulnerability until a fix is available, and not to publish Proof of
Concept code. Sophos informs that they do not believe that arbitrary
code execution is possible. 2008-04-24: Core responds that the advisory does not contain Proof of
Concept code. Core confirms its intention of publishing the advisory,
including the technical description, but decides to postpone it to April
28th, to give the participants more time to coordinate the release of
public information. 2008-04-25: Sophos provides additional information, included in the
"vendor information" section of the advisory. 2008-04-28: CORE-2008-0320 advisory is published.
*References*
[1] http://www.bitdefender.com
[2] http://www.comodo.com
[3] http://www.sophos.com
[4] http://www.rising-global.com
[5] http://www.matousec.com/downloads
[6]
http://www.matousec.com/info/articles/plague-in-security-software-drivers.php
*About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs/.
*About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Security Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
*Disclaimer*
The contents of this advisory are copyright (c) 2008 Core Security
Technologies and (c) 2008 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
*GPG/PGP Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIFj4WyNibggitWa0RAkUcAJ9yUGXQQV5ZQ1J0R2U+MSTMRuHa4wCgkXh1
UGe5qGGTXrCSFfFX3JH6ovE=
=3mt3
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-200804-0231 | CVE-2008-2000 | Apple Safari Service disruption in ( Application crash ) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Safari is prone to a denial-of-service vulnerability
VAR-200804-0230 | CVE-2008-1999 | Apple Safari Vulnerable to address bar spoofing |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Safari is prone to a remote security vulnerability. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
4 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Safari Address Bar URL Spoofing Security Issue
SECUNIA ADVISORY ID:
SA29900
VERIFY ADVISORY:
http://secunia.com/advisories/29900/
CRITICAL:
Less critical
IMPACT:
Spoofing
WHERE:
>From remote
SOFTWARE:
Safari 3.x
http://secunia.com/product/17989/
Safari for Windows 3.x
http://secunia.com/product/17978/
DESCRIPTION:
Juan Pablo Lopez Yacubian has discovered a security issue in Safari,
which can be exploited by malicious people to display a fake URL in
the address bar.
The security issue is confirmed in version 3.1.1 on Mac OS X and
Vista. Other versions may also be affected.
SOLUTION:
Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
Juan Pablo Lopez Yacubian
ORIGINAL ADVISORY:
http://es.geocities.com/jplopezy/pruebasafari3.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200804-0154 | CVE-2008-2010 | Windows XP and Vista of Apple QuickTime Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple QuickTime is prone to an unspecified remote code-execution vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Successful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application. This may facilitate a compromise of affected computers.
This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected
VAR-200804-0150 | CVE-2008-2001 | Apple Safari Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. Safari is prone to a denial-of-service vulnerability
VAR-200804-0173 | CVE-2008-2030 | F5 FirePass 4100 SSL VPN of installControl.php3 Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
FirePass 4100 SSL VPN Firmware 5.4.2-5.5.2 and 6.0-6.2 are vulnerable. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
3 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Input passed via the URL to the "installControl.php3" script is not
properly sanitised before being returned to the user.
SOLUTION:
Do not follow untrusted links. Filter malicious characters and
character sequences using a proxy.
PROVIDED AND/OR DISCOVERED BY:
Alberto Cuesta Partida, 514.es
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200804-0458 | No CVE | Thomson SpeedTouch and BT Home Hub Router Default WEP/WPA Key Algorithm Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Both BT Home Hub and Speedtouch are home wireless Internet routers. The default WEP/WPA key algorithm used by BT Home Hub and Speedtouch routers is predictable, and remote attackers can predict keys based on some public information (such as MAC address or SSID) so that they can completely invade the router. For Speedtouch router router: S/N: CP0615JT109 (53) Delete CC and PP values: CP0615109 converts XXX value to hexadecimal: CP0615313039 through SHA-1 processing: 742da831d2b657fa53d347301ec610e1ebf8a3d0 converts the last 3 bytes into 6-byte characters The string, then added to SpeedTouch, becomes the default SSID: SpeedTouchF8A3D0 converts the first 5 bytes into a 10-byte string and becomes the default WEP/WPA key: 742DA831D2 for BT Home Hub, the only difference is Use the last 2 bytes of the SHA1 hash to get the SSID: S/N: CP0647EH6DM (BF) Delete CC and PP values: CP06476DM16 encoding XXX: CP064736444DSHA1 encryption: 06f48a28eba1ab896a396077d772fd65503b8df3 Default SSID: BTHomeHub-8DF3 default encryption key: 06f48a28eb. Multiple wireless routers are prone to a vulnerability that can allow an attacker to predict their default WEP/WPA encryption keys.
Attackers can exploit this issue to bypass authentication to an affected device, which can allow them to completely compromise the device or to gain access to the private network
VAR-200807-0073 | CVE-2008-2934 | Mac OS X for Mozilla Firefox Vulnerability that allows arbitrary code execution in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox for Mac OS X is prone to a memory-corruption vulnerability.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.
This issue affects Firefox 3.0. Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
13 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Mozilla Firefox Javascript Garbage Collector Vulnerability
SECUNIA ADVISORY ID:
SA29787
VERIFY ADVISORY:
http://secunia.com/advisories/29787/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/
DESCRIPTION:
A vulnerability has been reported in Mozilla Firefox, which can
potentially be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to an error in the Javascript Garbage
Collector and can be exploited to cause a memory corruption via
specially crafted Javascript code.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 2.0.0.13. Prior versions may
also be affected.
SOLUTION:
Update to version 2.0.0.14.
http://www.mozilla.com/en-US/firefox/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
For more information:
SA30761
SA30911
SA31120
SA31132
SA31984
SA32007
SA32192
SA32693
SA32713
SA33203
SOLUTION:
Apply patches.
-- SPARC Platform --
Firefox 2.0 for Solaris 10:
Apply patch 125539-06 or later.
OpenSolaris:
Fixed in build snv_95 or later.
-- x86 Platform --
Firefox 2.0 for Solaris 10:
Apply patch 125540-06 or later.
OpenSolaris:
Fixed in build snv_95 or later. ===========================================================
Ubuntu Security Notice USN-626-1 July 29, 2008
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2008-2785, CVE-2008-2933, CVE-2008-2934
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
firefox-3.0 3.0.1+build1+nobinonly-0ubuntu0.8.04.3
xulrunner-1.9 1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3
After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the
necessary changes.
Details follow:
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz
Size/MD5: 105875 20bf75de131b805b31602d03f76edcdb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc
Size/MD5: 1605 0a4c85fb6f3771e494cb2596eb174f42
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz
Size/MD5: 10830088 546304d00e486587023418bef4c8c17e
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz
Size/MD5: 77642 dd673f6d7523c5129df6775c369f55b1
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc
Size/MD5: 1669 7fbd2e794a99288141e6c5fd6ca7bb8b
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz
Size/MD5: 40083410 802b0c07675ba0d1cc1819a6dac22c94
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65808 9fb1bd4f57c4ddaf255dec745cfb6394
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65824 9352e1cba510bcaed37478516413e41a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65784 3ef3e033acca41bf431e196289ff3075
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65776 30a60ceed5a490065dddb86dcbc44917
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65926 093d9772c250695694846c4a862151e4
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65832 2f47d1abc1cfee76a537e665c2a961e3
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65782 852eac738d3bf243f6f3ab707cab7de1
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 8978 4ee6943368ba1582827914b014aa0b12
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 8964 9df1e05f125072a41decae2f03ed796d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65808 4cdc3a9a27af41bd6fadf4f9f1271af0
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65774 a12883abab5cdc8fd1be41abec1d2553
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65768 d30e21a3afcf4897450a2220b0448c52
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 8944 ddb77e423b0d2fa01775998de6d16074
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65792 662c3740f2451030de9dbeef8915cd53
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 8938 19647a69ea1a19fb20c3d832efb3f667
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 65762 2948beefbc937ce8014246761aa5c42f
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 125048 61ddef6346ed04823e4e08cb8b5915ad
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
Size/MD5: 235166 7dcc225d1e6a35d1c72d83478b264b03
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 9030 51c56b6eb17a90596664e5de1efcfaf0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 29598 bdb8fd33fbb551fba94829b6de8f48c8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 1086692 9e85d93762021da9663079eb43a806ec
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 4034992 ded5cd52011190445b8cdbbc387dbb0e
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 48708 63a365a1ed33bdd9f3e86c704639c54b
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
Size/MD5: 9020046 ce8df3e6a4d09ac7c1429f63a69bb164
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 9032 9655df6f35d580fcd316fdbe35b25c44
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 25740 b449c8c524b7cb50e05a5092bb1692ad
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 1064456 58ffa05cc64086c5c51ff694beca780d
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 4016584 3c8e123c09ff04f63cde52effc867f0d
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 38500 8934fc3c6cdfa988ad9dee140be7373d
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
Size/MD5: 7749536 7ef6da6f25b7e0878419acccc052da3f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 9028 fdd61fb530a3339c1fffbd9ece833d8e
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 25344 7666413c6a56eb14c3708ad2e16470c7
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 1062684 ec46a573876b24eb4748bd01a2bb5435
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 4012106 243d516f2dc244758d3568e4ead4839f
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 37592 d9c551a6e990c7e63b457d7c6166113a
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
Size/MD5: 7639310 ff4c7144795f6fa0a38b0f065c04db8e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 9032 5ffb1ce496a65cc0cfa57405a249426c
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 27506 ee4f59f65df53fdf3e09fa271e290dbc
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 1078404 8ee97515994e3deac2fe7aabbbbe15ab
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 4023136 5342ffc1f46ff68174dca7b3621eeab0
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 43654 649fa96e5214857fff22b53455e99bac
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
Size/MD5: 8595530 7a92e064fe96a000b0d9a507c0827555
. This can be exploited to free an uninitialised
pointer via a specially crafted GIF file. This fixes
some vulnerabilities, which can be exploited by malicious people to
bypass certain security restrictions, potentially conduct spoofing
attacks, or compromise a user's system
VAR-200804-0274 | CVE-2008-1155 | Cisco Network Admission Control (NAC) Appliance Information disclosure vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. Cisco Network Admission Control (NAC) Appliance Contains an information disclosure vulnerability. This may facilitate the complete compromise of the device and may lead to further attacks. This issue is documented in Cisco Bug ID CSCsj33976.
This issue affects the following versions of the NAC appliance software:
- all 3.5 versions
- all 3.6 versions prior to 3.6.4.4
- all 4.0 versions prior to 4.0.6
- all 4.1 versions prior to 4.1.2.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml. No other Cisco products are currently
known to be affected by this vulnerability.
Details
=======
The Cisco NAC Appliance solution allows network administrators to
authenticate, authorize, evaluate, and remediate wired, wireless,
and remote users and their machines prior to allowing users onto the
network. The solution identifies whether machines are compliant with
security policies and repairs vulnerabilities before permitting access
to the network. Obtaining this
information could enable an attacker to gain complete control of the CAS
remotely over the network.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS
at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
* NAC Appliance Shared Secret Vulnerability (CSCsj33976)
CVSS Base Score - 10.0
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability could allow an attacker to
take complete control of the CAS remotely over the network.
Software Versions and Fixes
===========================
Each row of the following software table (below) describes the earliest
possible releases that contain the fix for this vulnerability. These are
shown in the "First Fixed Release" column. A device running a release in
the given train that is earlier than the release in a specific column
(less than the First Fixed Release) is known to be vulnerable. The
release should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).
+---------------------------------------+
| Affected Releases | First Fixed |
| | Releases |
|----------------------+----------------|
| NAC Appliance | Vulnerable - |
| software version | Contact TAC |
| 3.5.x | |
|----------------------+----------------|
| NAC Appliance | |
| software version | 3.6.4.4 |
| 3.6.x | |
|----------------------+----------------|
| NAC Appliance | |
| software version | 4.0.6 |
| 4.0.x | |
|----------------------+----------------|
| NAC Appliance | |
| software version | 4.1.2 |
| 4.1.x | |
+---------------------------------------+
You can download NAC Appliance software from
http://www.cisco.com/public/sw-center/ciscosecure/cleanaccess.shtml.
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Workarounds
===========
There are no workarounds for this vulnerability.
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software
upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through prior
or existing agreements with third-party support organizations, such
as Cisco Partners, authorized resellers, or service providers should
contact that support organization for guidance and assistance with the
appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or fix
is the most appropriate for use in the intended network before it is
deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service
contract, and customers who purchase through third-party vendors but are
unsuccessful in obtaining fixed software through their point of sale
should acquire upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to a
free upgrade. Free upgrades for non-contract customers must be requested
through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+-----------------------------------------------------+
| Revision | 2008-April-16 | Initial public |
| 1.0 | | release. |
+-----------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in
Cisco products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/ go/psirt.
+----------------------------------------------------------------------
All contents are Copyright (C) 2006-2008 Cisco Systems, Inc. All rights
reserved.
+----------------------------------------------------------------------
Updated: Apr 16, 2008 Document ID: 100782
+----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIBhW586n/Gc8U/uARArhVAJ945/SIFFcZfqjuVRNl+8R4CTYgZACfVfYh
3tRLhF0zXPh/7NL9INMpM8s=
=OAQT
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
13 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
VAR-200804-0037 | CVE-2008-1024 | Apple Safari fails to properly handle a file name |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default
VAR-200902-0559 | CVE-2009-0577 | CUPS of WriteProlog Integer overflow vulnerability in functions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.
Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges.
Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
These issues affect versions prior to CUPS 1.3.9. Common Unix Printing System (CUPS) is a common Unix printing system and a cross-platform printing solution in the Unix environment. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The Silicon Graphics Image (SGI) file format parsing module of CUPS has a heap overflow vulnerability when parsing malformed Run Length Encoded (RLE) data. The cause of the vulnerability is that the read_rle16() function does not properly validate the value of the line read from the file and uses this value to control how many 16-bit integers are stored in the heap buffer. If a small graphics dimension and a large number of lines are provided, it will May trigger a heap overflow. The WriteProlog() function of the CUPS texttops application uses multiple values obtained from attacker-controlled content in the multiplication operation when calculating the page size used to store PostScript data. This calculation may overflow, resulting in an incorrect total page size. size. This value is then used to allocate a heap buffer filled with attacker-controlled content, triggering a heap overflow. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise
a vulnerable system.
This is related to:
SA29809
SOLUTION:
Updated packages are available via Red Hat Network.
1) Two boundary errors exist in the implementation of the HP-GL/2
filter.
2) A boundary error exists within the "read_rle16()" function when
processing SGI (Silicon Graphics Image) files.
PROVIDED AND/OR DISCOVERED BY:
1) regenrecht, reported via ZDI
2, 3) regenrecht, reported via iDefense
CHANGELOG:
2008-10-10: Updated CVE reference list.
For more information:
SA32226
The vulnerabilities affect all Avaya Messaging Storage Server
versions. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
15 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
CUPS PNG Filter Integer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA29809
VERIFY ADVISORY:
http://secunia.com/advisories/29809/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
CUPS 1.x
http://secunia.com/product/921/
DESCRIPTION:
Thomas Pollet has reported a vulnerability in CUPS, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to two integer overflow errors in
filter/image-png.c when processing PNG files. These can be exploited
to cause a heap-based buffer overflow via overly large width and
height PNG fields.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.3.7. Other versions may
also be affected.
SOLUTION:
Fixed in the SVN repository.
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Thomas Pollet
ORIGINAL ADVISORY:
http://www.cups.org/str.php?L2790
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200810-0137 | CVE-2008-3640 | CUPS of texttops In PostScript Integer overflow vulnerability in file handling |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges.
Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
These issues affect versions prior to CUPS 1.3.9. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The WriteProlog() function of the CUPS texttops application uses multiple values obtained from attacker-controlled content in the multiplication operation when calculating the page size used to store PostScript data. This calculation may overflow, resulting in an incorrect total page size. size. ===========================================================
Ubuntu Security Notice USN-656-1 October 15, 2008
cupsys vulnerabilities
CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.11
Ubuntu 7.04:
cupsys 1.2.8-0ubuntu8.6
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.8
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the SGI image filter in CUPS did not perform
proper bounds checking. If a user or automated system were tricked
into opening a crafted SGI image, an attacker could cause a denial
of service. (CVE-2008-3639)
It was discovered that the texttops filter in CUPS did not properly
validate page metrics. If a user or automated system were tricked into
opening a crafted text file, an attacker could cause a denial of
service. (CVE-2008-3640)
It was discovered that the HP-GL filter in CUPS did not properly check
for invalid pen parameters. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by
the AppArmor CUPS profile. (CVE-2008-3641)
NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the
the fix for CVE-2008-1722 applied. This update includes fixes for the
problem. We apologize for the inconvenience.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.diff.gz
Size/MD5: 102981 403c1494b264696702f055fc5cdcc60d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.dsc
Size/MD5: 1052 cc47231c220e8d0e1659cf83d9e08445
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.11_all.deb
Size/MD5: 994 8b094f8389b70e0153d7bbfcd23ed912
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 36226 ddea26501964356559ee3a11124acd8b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 81902 670924b1b9a36db787e3b4cc6a7f1782
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 2286676 455fe7748b3ab167658bb5b42ef0363a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 6086 dc0bd3799366e32503466ba4588fc4df
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 77226 31e781bf2c8f0f4140799b21b9d0484a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 25742 6812b0831f37474b50607e4c6eb83fe5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 129960 88a0b954c9f50df6aa37824b3da7041b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 34768 d04de29dfcca09a4dc70a385e8a0766b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 77974 efed93511d0ee579706e5cf538378dbd
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 2253974 30ac219c7cd66460df6fa2b76c147ae8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 6090 648459c3b58ddaf1fc646c8cd476e9f8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 76350 d044f4fa44a792c81bca198f44687a1e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 25740 4c97e6e30f95bd3c3a32c761db4f5183
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 122178 7298a6d762d2edbe6fd107656932f32a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 40468 24cf01572a6f790296c1accba097352c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 89528 0172b346d78458df1a6cd91a371b3b67
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 2301292 f1a755a88fde554fdabbfb8081a88e52
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 6098 f3e962ddc060712ed3ba78bb5625d5e4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 79004 de095980afadd9352e5d7e92600d75b5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 25744 21a4d908ae8de551cda885d4835d69c0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 127932 6e50fa3fa4185c781551e5744331f20b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 35392 ede504cfaaf1e068c68b3fa759777098
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 78712 49f458e339846bcc2eb9ffdc482de5be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 2287588 864ab74a020db94ab2acc1283720a05c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 6092 58c6f56f79c35af1b0ca47eaeedd7ea3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 76262 759f3df1a04440d71ae6634109045bf6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 25740 8bbdc7b4842df909bdfb95b96fd9f884
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 123662 4c4f4a4faae61a0c3901c63fe58bbf26
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.diff.gz
Size/MD5: 160216 80696d47933857b9665da1492f9a801b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.dsc
Size/MD5: 1143 0dbd641692767f4e2e5b7f390c412a9f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz
Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.6_all.deb
Size/MD5: 926804 41e6c60357740e668198976afcce6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 37404 2d7cb4cb3bfeeeb5af3db756f1a0a5be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 83230 361cd5ffca4125245798312c3a9c7eaa
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 1638902 a502a4f981385dcba50ed5b6fc8fe969
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 56598 a9f413ff725abe42af63312ea6e826e7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 104860 7bfc0e70546baa2c98421a9dd7a373e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 144852 9d30fa04e2aa415fb126188aa4d32349
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 182728 0ed6d4f8c813e2c36bcaa7b7ca98ccad
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 36712 014d51e184b4435a28c1e820455fb0a1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 80752 4d29ca2e6d3de00e3a10c55c677c8cd6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 1621450 551c9d7c9836efe7a927a609699976ad
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 55720 b70e3b3a1c86aa782a42fcf1a40ff197
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 104592 ececfa4f50e077d5049116a47cc44965
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 139320 b5c4606316c175feac7dd9a8f78acc56
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 179030 b2bb50b90caac66408739e67ecc9fdb5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 46766 ad2b053736a2165b39f1749b7e3409e0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 101094 bea4c45325710b1e2d5e67dceb7853bb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 1696124 7e3469aa52e2de4e93352e44f7623305
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 56398 47755a89a609e4401d70f6adcfcfb9a5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 110478 94a5f78770c410fce9a0c88a187fe9c4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 141178 69f22a6730b291c9df2b0541c07223d6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 188650 634498a8eb5ab4c75eab74e1655234b1
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 37778 cde58d9fa7d256698ef6ba128b16a799
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 83740 072c6f65496619d5808c542d3a2ebe97
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 1659626 a5b6c19a436e9737af44cbaee93d093c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 54928 5a8347021b82084600e0d08971cb41a3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 104156 ca7b062c097aa7f92a9085615fc3e828
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 141756 299acfe9e1964d21e7ba2fc3a390ded8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 178292 02e3059c98fb42cb83173e0b3a08d469
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.diff.gz
Size/MD5: 128977 cc7a79b80d0cc2caa8f9c5aea2f9397b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.dsc
Size/MD5: 1218 4f603d11b93e600bd82009983bc88580
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz
Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.8_all.deb
Size/MD5: 1080404 6419c157fd22fcfb2e1563ccced2fcae
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 37204 88b05a4cbb9f5714951edade3dd0609b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 89506 cb352043a1985e24614dc27ffa5ded01
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 2034890 3a2c4daded2923691da8fe3f60d93f3e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 60020 5007c193bb8416754a9d7e7ad09c4808
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 46884 9a2fd628887a01cc2fcb49131ec8ed0f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 152014 7a9debd353faa26803f0e8707a97697a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 186418 13e510e27e1025732d203a933ded8ade
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 36486 05cb382029ccb2285530af9de662b686
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 86494 80b08f6080ed3c46e4fc954da05d9e6d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 2018384 16b0a7b694a38e4616fce6415116a7e9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 58882 8572d274d06e1a650d2d5199ea5dcf6f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 46280 158a4aef965ef1c697c5c7aef53f9e90
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 145692 36b5af34074b13e44e2d2ae5f76fa6fc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 183190 fe12de8de5a779538844e2aecd5ccedb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 36570 f73b632b59630a2727e45be083730c23
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 88054 07cfc2fdf8615471278b10550f713a3e
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 2020696 d97dab5d5a099884f7bca77dd118233a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 59624 d582e3100eaf68e9b10585ca6ce0a078
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 47662 a2e2c5cc101d720249efd108b1a724ca
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 142426 8e91390ca3bb0bd98ab7a43017e38a90
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 181382 0806d0e1be2fdb48b873ea977107b759
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 46502 1f2a7db4dd6dfc7910a9c84f28425537
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 107736 9a34baee6e8356d911d637e52fcb0747
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 2099614 b0f8237ccff1e54e070645e79e085794
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 59494 c3c1a6f415dacee7b5f0e63e0f83ca6c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 51856 91fcaca5686ce2070e654699b60514f4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 146952 205fedd96bd614314b2e9ecb18e78f53
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 192204 0033c62b251a505fb7d80b5b8c96f6b6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 37558 f568ceabe0e419d263b75a5c852eb10a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 89606 d916d0d9478082000a0f698347613387
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 2061026 a1b9da985d3d0211790f170443e74ac9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 58098 dc5d816068b451c8926dd06a25e1715b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 45572 9976f70a905893735ee445cca7ecda7f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 148486 48954d641e131708913530887d28c064
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 182218 074755797d588b92f7030c0a9562cb67
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.diff.gz
Size/MD5: 133549 8146f7a668701caad4379707ccedf538
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.dsc
Size/MD5: 1433 de3ffa5e20bdbc0bd61cf543cc2d351f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.1_all.deb
Size/MD5: 1143834 7230e79bb0d6a1435f3ce0de114e1ad3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 37530 0362fc9c1260486e4d1dcccca8dc60a3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 89982 9a1ac844025f66fb85357e1807256331
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 1880646 233fbeadff826a6b6f22347559fe8bf5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 60892 98a65443be4d97fb1de2f8580dd67e40
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 50356 89ca2e97385912ebf2ffe8a0871610d5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 344926 631f297ea0a13321c61ee211d65fceab
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 177500 8dd137567dbc9644bda3b0a799cb2f6a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 36952 deba752b21bdf04393626cf35ebb79eb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 88408 2e76b5856bde6afe82da9a6b03a98026
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 1862954 aaa0817cb6b67729276e799275ad3346
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 60090 b37d935af9661002730cd5cb2b3f11d3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 49838 a1d85e18616340eed3778b5286890c08
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 339344 f3d29993795e7172667356c8d255f296
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 174354 b1d7b741729749c6a3249fbcd0babe56
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 36676 c46beddd8f227e1ee0b1c9a80d41b19a
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 88734 c8b70c2665734c45caa22ae41f60b486
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 1865262 27de39c2fbe2471f11b7756b5bc02cc3
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 60540 b54c6711e74c55777f0e509f642c42f0
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 50860 64989632d1f49f5d25209bb9a68809d5
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 337020 ca60ea21ad93aca447e1ae04e0ad818f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 173276 6e0af5026f452171993817fbd6e6b4e7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 46932 d8e051bd4e95f28090036d7087437127
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 110808 44e0741ccd8b9edab092b835c6831aca
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 1949134 0facca356ce9e5ffdacffde23d0713e3
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 59924 367a29bd4545906374eb27c511d33658
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 54940 d762741ddd48f75e0e54ffd0efc45645
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 341670 0958081b22a680ccf1f30abc36c06054
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 183238 e303094f36fcc1af0ac40321411bd90a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 38028 a8ee904a732a7392314b9b4f2faf5557
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 91034 832edccd7ed2eec51759bbcce97536b1
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 1897904 31192c6d2b5a6dca4eaf065c541795fc
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 57856 398dadf7e1ee5075e4d3e2a4766b4580
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 48242 cc45265b41fd932d084a6bce9888e67f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 341388 9411fb065604b882530faf47a0a85d4e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 173184 4a5e9e3508932262eefe3b08f94019d0
.
For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch5.
For the unstable distribution (sid) and the upcoming stable distribution
(lenny), these problems have been fixed in version 1.3.8-1lenny2 of
the source package cups.
We recommend that you upgrade your cupsys package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz
Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc
Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb
Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb
Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 48742 9c6f61fb9c5af3f1496c249eb79542ce
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 1569620 943fdc257cdf387c1a161adff88623bd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 85468 3e9d699071d741d86c5e2fbcc91a5241
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 35940 0bb609f5c990c932c0fed843bb659062
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 84800 df6569c3eaad919b7f7768a75277838f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 91988 08040e0dcc8cc99298d40aa370be50cc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 1624214 e5d55a0aeacee0d85d7899018725b3d3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 153956 e11bfd3cb812f0892238a676a3453967
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 171790 5b483d2f739ed456d94cf28047b2b2f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 39548 181a14e58af274287bf02f8a758b70b5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 57398 715a6f4bb1b68b8a384a85ac384de668
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 1032836 e1d9158ff6134678b976331566db0076
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 999302 2ccf6ae0ef6f3d3dd56e484ba2199313
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 160638 f22f7da23cd3dea82d49cc9900d62512
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 138276 392028f61da2c29dcab1ffe3b4fe072f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 1548856 e1e04e47f556586eb83aff005d4870d2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 36474 9bea3cd926f04da508b6a714f0a1daac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 86776 f3188eafaa1bd01a7b92d9403aab03a1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 79878 ba1ed2b707101da54b3990b33ee1d877
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 53276 346cdebc7980089b28610ceb30f65519
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 106226 829b2e5f435c8fb5eee03513654ee12f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 106998 08fcec24b8c165542d986a1fd174ddd3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 46336 32d29b5c2986070f5d5b909864952dc3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 1771030 e7b261b4627ee20a3083a4f18a382e24
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 192370 576e218a37e677170e9201946f24da5a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 1108310 bdee8fbcfd10ba2847ab81ced8e9cc73
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 204232 d5eb2138a8584813643dfe4e39d2fefb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 74224 846a87584f78285569aee9c037b677d9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 158560 74bc73b9eb3c7494ce762f7beb9ab4cd
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 1553460 cd35f3de34290840be09b1b10729d7b3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 150900 150e5405933cef2a8cf9147d88c9a4fb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 57860 2b7cdd4399e2893d2df0b5568d766239
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 86996 d4776eace76cb37f72557a44d053a677
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 1085494 429194a44228d669ecfa2acdeadf55e6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 36058 f28b3f705fd293fc82a256d571119452
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 77448 4a9be71b3fc25253b1e77c2594e7f508
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 51880 d1b872415002b54aba1ef54833cd5564
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 90008 fe2be6aba034693532a01b653781f501
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 1576600 d954a84710f9671d34eca72922f8d1d8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 136868 ee633edb72a9d6d74481d9fe17d887d5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 1143388 320529a907596704df487d89978e1948
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 41296 8e0fed6ae1645411f4daa52842ead589
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 163206 d0fc59550e27b346adb422e4d82cecaf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 88476 dfe47fbfeef0a714d6397ec9467165af
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 1037260 a151e36916ffd7eae88e6b82cc0c08d7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 37420 b095022e25c603ee57748795c4ec423b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 82338 3417e5562b6aa064ab5d3d11f15a69fb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 87928 6eea10e5b223fbd5f5a8d524bb03ab8e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 1587330 8b66abd7e3156f3beeaa27fbd971cbde
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 166710 10f172f4c48ab9981d7c48564a2142a4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 144932 3955c00c6293f7aec0a7cb9edb28a16d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 52524 b4e639621d58f91a8ec32043534c008f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 51826 8e3613f9041774f1dd42586782780fb5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 159434 d2352f19b51feab43fc17b5e3f17bb2b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 138734 8b53d144485267cb99ec8a32262446e8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 1577758 748b77d9e54a363d46cd61548e72df7c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 996834 0ad8037cbb3959581a0aeb29eb84a853
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 85790 16bf4ce2378a68fc9b0ce4052e463e5d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 36062 426fe5dbac939828393d99e561abf0e3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 78608 f469105c5d9f121c333d5e4ac315c7be
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj8vewACgkQXm3vHE4uylo3VQCfe5/oLteemHII7TUL80ybcnZd
REIAn1hdR3STx867KCMafAi58O1fia05
=T/kw
-----END PGP SIGNATURE-----
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:211
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 10, 2008
Affected: 2007.1, 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer overflow in the SGI image format decoding routines used by the
CUPS image converting filter imagetops was discovered.
An integer overflow flaw leading to a heap buffer overflow was found
in the Text-to-PostScript texttops filter.
Finally, an insufficient buffer bounds checking flaw was found in
the HP-GL/2-to-PostScript hpgltops filter.
The updated packages have been patched to prevent this issue; for
Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided
that corrects these issues and also provides other bug fixes.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
d8041b477aac8897e465fd7885c4f046 2007.1/i586/cups-1.2.10-2.8mdv2007.1.i586.rpm
85169e175683eee33f38c3dc6dca555d 2007.1/i586/cups-common-1.2.10-2.8mdv2007.1.i586.rpm
3838db5f9b5313587335232f4bdfadb7 2007.1/i586/cups-serial-1.2.10-2.8mdv2007.1.i586.rpm
4dac70286d0aaa55d0c585c4e485f4d6 2007.1/i586/libcups2-1.2.10-2.8mdv2007.1.i586.rpm
2647b541d7a80ea194d6cc4983342e14 2007.1/i586/libcups2-devel-1.2.10-2.8mdv2007.1.i586.rpm
5bf9cba238150a77016869b2b600e0bd 2007.1/i586/php-cups-1.2.10-2.8mdv2007.1.i586.rpm
3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
27098b09dc01c70600c55572cb928422 2007.1/x86_64/cups-1.2.10-2.8mdv2007.1.x86_64.rpm
fbd01859759af3a2e32244cfff7aaa33 2007.1/x86_64/cups-common-1.2.10-2.8mdv2007.1.x86_64.rpm
4197004f7a59cc90d8d51f8ff34e2997 2007.1/x86_64/cups-serial-1.2.10-2.8mdv2007.1.x86_64.rpm
6cc45d922f07d379db0de2e08eb1589e 2007.1/x86_64/lib64cups2-1.2.10-2.8mdv2007.1.x86_64.rpm
d7443db8a26f27b41c32c95dee129437 2007.1/x86_64/lib64cups2-devel-1.2.10-2.8mdv2007.1.x86_64.rpm
eca467e20954fea23fd050ee41d2ca4a 2007.1/x86_64/php-cups-1.2.10-2.8mdv2007.1.x86_64.rpm
3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm
Mandriva Linux 2008.0:
837c0714eef677dfcdb1befc56012db5 2008.0/i586/cups-1.3.6-1.3mdv2008.0.i586.rpm
cb8d17edacf1dc1dc5915fbb35745d9a 2008.0/i586/cups-common-1.3.6-1.3mdv2008.0.i586.rpm
635eb3405a6b5a4b93ca6373207093df 2008.0/i586/cups-serial-1.3.6-1.3mdv2008.0.i586.rpm
59939c1a2a730a0887750bafb4cabee1 2008.0/i586/libcups2-1.3.6-1.3mdv2008.0.i586.rpm
6183d24df353f4e8082374951636a657 2008.0/i586/libcups2-devel-1.3.6-1.3mdv2008.0.i586.rpm
0f1df17bf9cc86bb607ef28d4b29c6b2 2008.0/i586/php-cups-1.3.6-1.3mdv2008.0.i586.rpm
68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
5b73d5bfebbc66f8a56922c7b943f351 2008.0/x86_64/cups-1.3.6-1.3mdv2008.0.x86_64.rpm
a41d07d80c38b30ee5357b25f7b828ab 2008.0/x86_64/cups-common-1.3.6-1.3mdv2008.0.x86_64.rpm
34d6d4eb79b1ee5a9235843398301646 2008.0/x86_64/cups-serial-1.3.6-1.3mdv2008.0.x86_64.rpm
3157dcaafb55463d8ad149d99e4d0c55 2008.0/x86_64/lib64cups2-1.3.6-1.3mdv2008.0.x86_64.rpm
78b5f7fcedbbbef9c2318977b5f50264 2008.0/x86_64/lib64cups2-devel-1.3.6-1.3mdv2008.0.x86_64.rpm
082094f0923f72890f6dbb47eb9072b4 2008.0/x86_64/php-cups-1.3.6-1.3mdv2008.0.x86_64.rpm
68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
c22f4c131005e05768b0c45e931015c7 2008.1/i586/cups-1.3.6-5.2mdv2008.1.i586.rpm
8f1ad7b01f0d48aa920cb2378f5fce0a 2008.1/i586/cups-common-1.3.6-5.2mdv2008.1.i586.rpm
763dfee5def4727b34769298beb5c9fe 2008.1/i586/cups-serial-1.3.6-5.2mdv2008.1.i586.rpm
dadd48446b97869372535fb2ef02a471 2008.1/i586/libcups2-1.3.6-5.2mdv2008.1.i586.rpm
cf48ae8c17120d7d83b638f432620797 2008.1/i586/libcups2-devel-1.3.6-5.2mdv2008.1.i586.rpm
33d7dcb6b32e58bc38e847f827447b54 2008.1/i586/php-cups-1.3.6-5.2mdv2008.1.i586.rpm
25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
3804ff0deea819d375cdee86b1d98bf4 2008.1/x86_64/cups-1.3.6-5.2mdv2008.1.x86_64.rpm
9f8550ffbb7778636b18c33c6854e163 2008.1/x86_64/cups-common-1.3.6-5.2mdv2008.1.x86_64.rpm
077652b9f481f72873b6e94a0f54fe17 2008.1/x86_64/cups-serial-1.3.6-5.2mdv2008.1.x86_64.rpm
569bcdcf971b564d3ad3cec8b6281fec 2008.1/x86_64/lib64cups2-1.3.6-5.2mdv2008.1.x86_64.rpm
05ce67f5f2bf9f27b69963bbc0ba3f6e 2008.1/x86_64/lib64cups2-devel-1.3.6-5.2mdv2008.1.x86_64.rpm
8a48fbfa84679702c496744f394ac4f6 2008.1/x86_64/php-cups-1.3.6-5.2mdv2008.1.x86_64.rpm
25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
3480a3533f163c8559254c7dc7dccca4 2009.0/i586/cups-1.3.9-0.1mdv2009.0.i586.rpm
2eda3ae527a0d6477bf2f52f57f37297 2009.0/i586/cups-common-1.3.9-0.1mdv2009.0.i586.rpm
1b0849a0dcd6cc52debfdc23ca347e60 2009.0/i586/cups-serial-1.3.9-0.1mdv2009.0.i586.rpm
9ef6a24d1e8155bea9e7e148252dc4e7 2009.0/i586/libcups2-1.3.9-0.1mdv2009.0.i586.rpm
2a8be000df9a71f506a039e58faaf1b4 2009.0/i586/libcups2-devel-1.3.9-0.1mdv2009.0.i586.rpm
7f04461fd982b387144f73612b3cbd86 2009.0/i586/php-cups-1.3.9-0.1mdv2009.0.i586.rpm
1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
926221e97b7c4c52562468b26066f049 2009.0/x86_64/cups-1.3.9-0.1mdv2009.0.x86_64.rpm
96abb10e235084a80cd17c79cc31a360 2009.0/x86_64/cups-common-1.3.9-0.1mdv2009.0.x86_64.rpm
cb817300fa6d8c9b40a0f8a01572d691 2009.0/x86_64/cups-serial-1.3.9-0.1mdv2009.0.x86_64.rpm
d56cea0645b26b668f9b8a66f2dc090f 2009.0/x86_64/lib64cups2-1.3.9-0.1mdv2009.0.x86_64.rpm
f4a04369ad8d202d87ea49a3da4ab67c 2009.0/x86_64/lib64cups2-devel-1.3.9-0.1mdv2009.0.x86_64.rpm
85124180f179ae504ad2f27ef814683d 2009.0/x86_64/php-cups-1.3.9-0.1mdv2009.0.x86_64.rpm
1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm
Corporate 3.0:
d235e680a70a94ce2c32a556a1fea6d5 corporate/3.0/i586/cups-1.1.20-5.19.C30mdk.i586.rpm
eccffd52489f0aca14a11b6b88a5c59f corporate/3.0/i586/cups-common-1.1.20-5.19.C30mdk.i586.rpm
743aad40e707a1c6ec8de19e6ba19668 corporate/3.0/i586/cups-serial-1.1.20-5.19.C30mdk.i586.rpm
931bd82e26396ef7109369893e8fb740 corporate/3.0/i586/libcups2-1.1.20-5.19.C30mdk.i586.rpm
007b156ceb1f78c107a05bba499f544d corporate/3.0/i586/libcups2-devel-1.1.20-5.19.C30mdk.i586.rpm
685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm
Corporate 3.0/X86_64:
c57219da87ef50832e74efbfd3471f64 corporate/3.0/x86_64/cups-1.1.20-5.19.C30mdk.x86_64.rpm
6f9772a800e70f1e3766d76de8dcf6e3 corporate/3.0/x86_64/cups-common-1.1.20-5.19.C30mdk.x86_64.rpm
e1221063527caed05a6e94f9cebed9ab corporate/3.0/x86_64/cups-serial-1.1.20-5.19.C30mdk.x86_64.rpm
a0b15b24cfc995a7a769c1e87d53a696 corporate/3.0/x86_64/lib64cups2-1.1.20-5.19.C30mdk.x86_64.rpm
aaabff95ac9a30ff1d9ce224612bcb50 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.19.C30mdk.x86_64.rpm
685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm
Corporate 4.0:
56f3e394ac8e4b4e7d423c7989d2e6af corporate/4.0/i586/cups-1.2.4-0.10.20060mlcs4.i586.rpm
dcb4425723e63a2d094305cde05890f3 corporate/4.0/i586/cups-common-1.2.4-0.10.20060mlcs4.i586.rpm
348427ebb4f1f1f530c3c129850de957 corporate/4.0/i586/cups-serial-1.2.4-0.10.20060mlcs4.i586.rpm
d0a8052949416c5ba260b48596cbf415 corporate/4.0/i586/libcups2-1.2.4-0.10.20060mlcs4.i586.rpm
ab7637abe249e4369cf39d37113ba37f corporate/4.0/i586/libcups2-devel-1.2.4-0.10.20060mlcs4.i586.rpm
86af12b21de1212e72286e9b2db23caa corporate/4.0/i586/php-cups-1.2.4-0.10.20060mlcs4.i586.rpm
5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
59784628a2385248e8d71c1476773071 corporate/4.0/x86_64/cups-1.2.4-0.10.20060mlcs4.x86_64.rpm
a7933ad29b9a77973fcf7feb02c381b9 corporate/4.0/x86_64/cups-common-1.2.4-0.10.20060mlcs4.x86_64.rpm
26da08a5da63053f418e47792cf26280 corporate/4.0/x86_64/cups-serial-1.2.4-0.10.20060mlcs4.x86_64.rpm
0614662f2661171ade097e562a94c635 corporate/4.0/x86_64/lib64cups2-1.2.4-0.10.20060mlcs4.x86_64.rpm
a899db16ce3db8ec71aaef67a6650616 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.10.20060mlcs4.x86_64.rpm
9e3dc91c4390d7ba60ca26dcc095b8d8 corporate/4.0/x86_64/php-cups-1.2.4-0.10.20060mlcs4.x86_64.rpm
5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI8DeJmqjQ0CJFipgRAmbxAKCxSRvJTtancZ/puQkgifGbRQnZIQCg6Bum
EnuxPIlaIiQWBIjMSk4WWoo=
=aMXC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200812-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 10, 2008
Bugs: #238976, #249727
ID: 200812-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Several remotely exploitable bugs have been found in CUPS, which allow
remote execution of arbitrary code.
Background
==========
CUPS is the Common Unix Printing System.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1
Description
===========
Several buffer overflows were found in:
* The read_rle16 function in imagetops (CVE-2008-3639, found by
regenrecht, reported via ZDI)
* The WriteProlog function in texttops (CVE-2008-3640, found by
regenrecht, reported via ZDI)
* The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641,
found by regenrecht, reported via iDefense)
* The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs)
Impact
======
A remote attacker could send specially crafted input to a vulnerable
server, resulting in the remote execution of arbitrary code with the
privileges of the user running the server.
Workaround
==========
None this time.
Resolution
==========
All CUPS users should upgrade to the latest version.
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1"
References
==========
[ 1 ] CVE-2008-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
[ 2 ] CVE-2008-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
[ 3 ] CVE-2008-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
[ 4 ] CVE-2008-5286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200812-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
15 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
CUPS PNG Filter Integer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA29809
VERIFY ADVISORY:
http://secunia.com/advisories/29809/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
CUPS 1.x
http://secunia.com/product/921/
DESCRIPTION:
Thomas Pollet has reported a vulnerability in CUPS, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to two integer overflow errors in
filter/image-png.c when processing PNG files. These can be exploited
to cause a heap-based buffer overflow via overly large width and
height PNG fields.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.3.7. Other versions may
also be affected.
SOLUTION:
Fixed in the SVN repository.
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Thomas Pollet
ORIGINAL ADVISORY:
http://www.cups.org/str.php?L2790
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200810-0144 | CVE-2008-3639 | CUPS of imagetops In SGI Buffer overflow vulnerability in image processing |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.
Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges.
Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
These issues affect versions prior to CUPS 1.3.9. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The cause of the vulnerability is that the read_rle16() function does not correctly validate the value of the line read from the file and uses this value to control how many 16-bit integers are stored in the heap buffer. If a small graphics dimension and a large number of lines are provided, it will May trigger a heap overflow. ===========================================================
Ubuntu Security Notice USN-656-1 October 15, 2008
cupsys vulnerabilities
CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.11
Ubuntu 7.04:
cupsys 1.2.8-0ubuntu8.6
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.8
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the SGI image filter in CUPS did not perform
proper bounds checking. If a user or automated system were tricked
into opening a crafted SGI image, an attacker could cause a denial
of service. (CVE-2008-3639)
It was discovered that the texttops filter in CUPS did not properly
validate page metrics. If a user or automated system were tricked into
opening a crafted text file, an attacker could cause a denial of
service. (CVE-2008-3640)
It was discovered that the HP-GL filter in CUPS did not properly check
for invalid pen parameters. If a user or automated system were tricked
into opening a crafted HP-GL or HP-GL/2 file, a remote attacker could
cause a denial of service or execute arbitrary code with user
privileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by
the AppArmor CUPS profile. (CVE-2008-3641)
NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the
the fix for CVE-2008-1722 applied. This update includes fixes for the
problem. We apologize for the inconvenience.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.diff.gz
Size/MD5: 102981 403c1494b264696702f055fc5cdcc60d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11.dsc
Size/MD5: 1052 cc47231c220e8d0e1659cf83d9e08445
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.11_all.deb
Size/MD5: 994 8b094f8389b70e0153d7bbfcd23ed912
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 36226 ddea26501964356559ee3a11124acd8b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 81902 670924b1b9a36db787e3b4cc6a7f1782
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 2286676 455fe7748b3ab167658bb5b42ef0363a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 6086 dc0bd3799366e32503466ba4588fc4df
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 77226 31e781bf2c8f0f4140799b21b9d0484a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 25742 6812b0831f37474b50607e4c6eb83fe5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_amd64.deb
Size/MD5: 129960 88a0b954c9f50df6aa37824b3da7041b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 34768 d04de29dfcca09a4dc70a385e8a0766b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 77974 efed93511d0ee579706e5cf538378dbd
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 2253974 30ac219c7cd66460df6fa2b76c147ae8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 6090 648459c3b58ddaf1fc646c8cd476e9f8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 76350 d044f4fa44a792c81bca198f44687a1e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 25740 4c97e6e30f95bd3c3a32c761db4f5183
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_i386.deb
Size/MD5: 122178 7298a6d762d2edbe6fd107656932f32a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 40468 24cf01572a6f790296c1accba097352c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 89528 0172b346d78458df1a6cd91a371b3b67
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 2301292 f1a755a88fde554fdabbfb8081a88e52
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 6098 f3e962ddc060712ed3ba78bb5625d5e4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 79004 de095980afadd9352e5d7e92600d75b5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 25744 21a4d908ae8de551cda885d4835d69c0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_powerpc.deb
Size/MD5: 127932 6e50fa3fa4185c781551e5744331f20b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 35392 ede504cfaaf1e068c68b3fa759777098
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 78712 49f458e339846bcc2eb9ffdc482de5be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 2287588 864ab74a020db94ab2acc1283720a05c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 6092 58c6f56f79c35af1b0ca47eaeedd7ea3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 76262 759f3df1a04440d71ae6634109045bf6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 25740 8bbdc7b4842df909bdfb95b96fd9f884
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.11_sparc.deb
Size/MD5: 123662 4c4f4a4faae61a0c3901c63fe58bbf26
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.diff.gz
Size/MD5: 160216 80696d47933857b9665da1492f9a801b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6.dsc
Size/MD5: 1143 0dbd641692767f4e2e5b7f390c412a9f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz
Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.6_all.deb
Size/MD5: 926804 41e6c60357740e668198976afcce6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 37404 2d7cb4cb3bfeeeb5af3db756f1a0a5be
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 83230 361cd5ffca4125245798312c3a9c7eaa
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 1638902 a502a4f981385dcba50ed5b6fc8fe969
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 56598 a9f413ff725abe42af63312ea6e826e7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 104860 7bfc0e70546baa2c98421a9dd7a373e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 144852 9d30fa04e2aa415fb126188aa4d32349
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_amd64.deb
Size/MD5: 182728 0ed6d4f8c813e2c36bcaa7b7ca98ccad
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 36712 014d51e184b4435a28c1e820455fb0a1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 80752 4d29ca2e6d3de00e3a10c55c677c8cd6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 1621450 551c9d7c9836efe7a927a609699976ad
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 55720 b70e3b3a1c86aa782a42fcf1a40ff197
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 104592 ececfa4f50e077d5049116a47cc44965
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 139320 b5c4606316c175feac7dd9a8f78acc56
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_i386.deb
Size/MD5: 179030 b2bb50b90caac66408739e67ecc9fdb5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 46766 ad2b053736a2165b39f1749b7e3409e0
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 101094 bea4c45325710b1e2d5e67dceb7853bb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 1696124 7e3469aa52e2de4e93352e44f7623305
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 56398 47755a89a609e4401d70f6adcfcfb9a5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 110478 94a5f78770c410fce9a0c88a187fe9c4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 141178 69f22a6730b291c9df2b0541c07223d6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_powerpc.deb
Size/MD5: 188650 634498a8eb5ab4c75eab74e1655234b1
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 37778 cde58d9fa7d256698ef6ba128b16a799
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 83740 072c6f65496619d5808c542d3a2ebe97
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 1659626 a5b6c19a436e9737af44cbaee93d093c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 54928 5a8347021b82084600e0d08971cb41a3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 104156 ca7b062c097aa7f92a9085615fc3e828
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 141756 299acfe9e1964d21e7ba2fc3a390ded8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.6_sparc.deb
Size/MD5: 178292 02e3059c98fb42cb83173e0b3a08d469
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.diff.gz
Size/MD5: 128977 cc7a79b80d0cc2caa8f9c5aea2f9397b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8.dsc
Size/MD5: 1218 4f603d11b93e600bd82009983bc88580
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz
Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.8_all.deb
Size/MD5: 1080404 6419c157fd22fcfb2e1563ccced2fcae
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 37204 88b05a4cbb9f5714951edade3dd0609b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 89506 cb352043a1985e24614dc27ffa5ded01
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 2034890 3a2c4daded2923691da8fe3f60d93f3e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 60020 5007c193bb8416754a9d7e7ad09c4808
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 46884 9a2fd628887a01cc2fcb49131ec8ed0f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 152014 7a9debd353faa26803f0e8707a97697a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_amd64.deb
Size/MD5: 186418 13e510e27e1025732d203a933ded8ade
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 36486 05cb382029ccb2285530af9de662b686
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 86494 80b08f6080ed3c46e4fc954da05d9e6d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 2018384 16b0a7b694a38e4616fce6415116a7e9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 58882 8572d274d06e1a650d2d5199ea5dcf6f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 46280 158a4aef965ef1c697c5c7aef53f9e90
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 145692 36b5af34074b13e44e2d2ae5f76fa6fc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_i386.deb
Size/MD5: 183190 fe12de8de5a779538844e2aecd5ccedb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 36570 f73b632b59630a2727e45be083730c23
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 88054 07cfc2fdf8615471278b10550f713a3e
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 2020696 d97dab5d5a099884f7bca77dd118233a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 59624 d582e3100eaf68e9b10585ca6ce0a078
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 47662 a2e2c5cc101d720249efd108b1a724ca
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 142426 8e91390ca3bb0bd98ab7a43017e38a90
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_lpia.deb
Size/MD5: 181382 0806d0e1be2fdb48b873ea977107b759
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 46502 1f2a7db4dd6dfc7910a9c84f28425537
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 107736 9a34baee6e8356d911d637e52fcb0747
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 2099614 b0f8237ccff1e54e070645e79e085794
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 59494 c3c1a6f415dacee7b5f0e63e0f83ca6c
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 51856 91fcaca5686ce2070e654699b60514f4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 146952 205fedd96bd614314b2e9ecb18e78f53
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_powerpc.deb
Size/MD5: 192204 0033c62b251a505fb7d80b5b8c96f6b6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 37558 f568ceabe0e419d263b75a5c852eb10a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 89606 d916d0d9478082000a0f698347613387
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 2061026 a1b9da985d3d0211790f170443e74ac9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 58098 dc5d816068b451c8926dd06a25e1715b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 45572 9976f70a905893735ee445cca7ecda7f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 148486 48954d641e131708913530887d28c064
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.8_sparc.deb
Size/MD5: 182218 074755797d588b92f7030c0a9562cb67
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.diff.gz
Size/MD5: 133549 8146f7a668701caad4379707ccedf538
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1.dsc
Size/MD5: 1433 de3ffa5e20bdbc0bd61cf543cc2d351f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.1_all.deb
Size/MD5: 1143834 7230e79bb0d6a1435f3ce0de114e1ad3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 37530 0362fc9c1260486e4d1dcccca8dc60a3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 89982 9a1ac844025f66fb85357e1807256331
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 1880646 233fbeadff826a6b6f22347559fe8bf5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 60892 98a65443be4d97fb1de2f8580dd67e40
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 50356 89ca2e97385912ebf2ffe8a0871610d5
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 344926 631f297ea0a13321c61ee211d65fceab
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_amd64.deb
Size/MD5: 177500 8dd137567dbc9644bda3b0a799cb2f6a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 36952 deba752b21bdf04393626cf35ebb79eb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 88408 2e76b5856bde6afe82da9a6b03a98026
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 1862954 aaa0817cb6b67729276e799275ad3346
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 60090 b37d935af9661002730cd5cb2b3f11d3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 49838 a1d85e18616340eed3778b5286890c08
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 339344 f3d29993795e7172667356c8d255f296
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_i386.deb
Size/MD5: 174354 b1d7b741729749c6a3249fbcd0babe56
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 36676 c46beddd8f227e1ee0b1c9a80d41b19a
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 88734 c8b70c2665734c45caa22ae41f60b486
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 1865262 27de39c2fbe2471f11b7756b5bc02cc3
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 60540 b54c6711e74c55777f0e509f642c42f0
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 50860 64989632d1f49f5d25209bb9a68809d5
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 337020 ca60ea21ad93aca447e1ae04e0ad818f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_lpia.deb
Size/MD5: 173276 6e0af5026f452171993817fbd6e6b4e7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 46932 d8e051bd4e95f28090036d7087437127
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 110808 44e0741ccd8b9edab092b835c6831aca
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 1949134 0facca356ce9e5ffdacffde23d0713e3
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 59924 367a29bd4545906374eb27c511d33658
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 54940 d762741ddd48f75e0e54ffd0efc45645
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 341670 0958081b22a680ccf1f30abc36c06054
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_powerpc.deb
Size/MD5: 183238 e303094f36fcc1af0ac40321411bd90a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 38028 a8ee904a732a7392314b9b4f2faf5557
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 91034 832edccd7ed2eec51759bbcce97536b1
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 1897904 31192c6d2b5a6dca4eaf065c541795fc
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 57856 398dadf7e1ee5075e4d3e2a4766b4580
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 48242 cc45265b41fd932d084a6bce9888e67f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 341388 9411fb065604b882530faf47a0a85d4e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.1_sparc.deb
Size/MD5: 173184 4a5e9e3508932262eefe3b08f94019d0
.
CVE-2008-3640
It was discovered that an integer overflow in the Postscript
conversion tool "texttops" may lead to the execution of arbitrary
code.
For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch5.
For the unstable distribution (sid) and the upcoming stable distribution
(lenny), these problems have been fixed in version 1.3.8-1lenny2 of
the source package cups.
We recommend that you upgrade your cupsys package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz
Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc
Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb
Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb
Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 48742 9c6f61fb9c5af3f1496c249eb79542ce
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 1569620 943fdc257cdf387c1a161adff88623bd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 85468 3e9d699071d741d86c5e2fbcc91a5241
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 35940 0bb609f5c990c932c0fed843bb659062
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 84800 df6569c3eaad919b7f7768a75277838f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 91988 08040e0dcc8cc99298d40aa370be50cc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 1624214 e5d55a0aeacee0d85d7899018725b3d3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 153956 e11bfd3cb812f0892238a676a3453967
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 171790 5b483d2f739ed456d94cf28047b2b2f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 39548 181a14e58af274287bf02f8a758b70b5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 57398 715a6f4bb1b68b8a384a85ac384de668
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb
Size/MD5 checksum: 1032836 e1d9158ff6134678b976331566db0076
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 999302 2ccf6ae0ef6f3d3dd56e484ba2199313
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 160638 f22f7da23cd3dea82d49cc9900d62512
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 138276 392028f61da2c29dcab1ffe3b4fe072f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 1548856 e1e04e47f556586eb83aff005d4870d2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 36474 9bea3cd926f04da508b6a714f0a1daac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 86776 f3188eafaa1bd01a7b92d9403aab03a1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 79878 ba1ed2b707101da54b3990b33ee1d877
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb
Size/MD5 checksum: 53276 346cdebc7980089b28610ceb30f65519
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 106226 829b2e5f435c8fb5eee03513654ee12f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 106998 08fcec24b8c165542d986a1fd174ddd3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 46336 32d29b5c2986070f5d5b909864952dc3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 1771030 e7b261b4627ee20a3083a4f18a382e24
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 192370 576e218a37e677170e9201946f24da5a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 1108310 bdee8fbcfd10ba2847ab81ced8e9cc73
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 204232 d5eb2138a8584813643dfe4e39d2fefb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb
Size/MD5 checksum: 74224 846a87584f78285569aee9c037b677d9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 158560 74bc73b9eb3c7494ce762f7beb9ab4cd
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 1553460 cd35f3de34290840be09b1b10729d7b3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 150900 150e5405933cef2a8cf9147d88c9a4fb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 57860 2b7cdd4399e2893d2df0b5568d766239
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 86996 d4776eace76cb37f72557a44d053a677
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 1085494 429194a44228d669ecfa2acdeadf55e6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 36058 f28b3f705fd293fc82a256d571119452
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb
Size/MD5 checksum: 77448 4a9be71b3fc25253b1e77c2594e7f508
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 51880 d1b872415002b54aba1ef54833cd5564
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 90008 fe2be6aba034693532a01b653781f501
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 1576600 d954a84710f9671d34eca72922f8d1d8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 136868 ee633edb72a9d6d74481d9fe17d887d5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 1143388 320529a907596704df487d89978e1948
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 41296 8e0fed6ae1645411f4daa52842ead589
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 163206 d0fc59550e27b346adb422e4d82cecaf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb
Size/MD5 checksum: 88476 dfe47fbfeef0a714d6397ec9467165af
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 1037260 a151e36916ffd7eae88e6b82cc0c08d7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 37420 b095022e25c603ee57748795c4ec423b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 82338 3417e5562b6aa064ab5d3d11f15a69fb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 87928 6eea10e5b223fbd5f5a8d524bb03ab8e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 1587330 8b66abd7e3156f3beeaa27fbd971cbde
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 166710 10f172f4c48ab9981d7c48564a2142a4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 144932 3955c00c6293f7aec0a7cb9edb28a16d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb
Size/MD5 checksum: 52524 b4e639621d58f91a8ec32043534c008f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 51826 8e3613f9041774f1dd42586782780fb5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 159434 d2352f19b51feab43fc17b5e3f17bb2b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 138734 8b53d144485267cb99ec8a32262446e8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 1577758 748b77d9e54a363d46cd61548e72df7c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 996834 0ad8037cbb3959581a0aeb29eb84a853
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 85790 16bf4ce2378a68fc9b0ce4052e463e5d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 36062 426fe5dbac939828393d99e561abf0e3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb
Size/MD5 checksum: 78608 f469105c5d9f121c333d5e4ac315c7be
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj8vewACgkQXm3vHE4uylo3VQCfe5/oLteemHII7TUL80ybcnZd
REIAn1hdR3STx867KCMafAi58O1fia05
=T/kw
-----END PGP SIGNATURE-----
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:211
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 10, 2008
Affected: 2007.1, 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer overflow in the SGI image format decoding routines used by the
CUPS image converting filter imagetops was discovered.
An integer overflow flaw leading to a heap buffer overflow was found
in the Text-to-PostScript texttops filter.
Finally, an insufficient buffer bounds checking flaw was found in
the HP-GL/2-to-PostScript hpgltops filter.
The updated packages have been patched to prevent this issue; for
Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided
that corrects these issues and also provides other bug fixes.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
d8041b477aac8897e465fd7885c4f046 2007.1/i586/cups-1.2.10-2.8mdv2007.1.i586.rpm
85169e175683eee33f38c3dc6dca555d 2007.1/i586/cups-common-1.2.10-2.8mdv2007.1.i586.rpm
3838db5f9b5313587335232f4bdfadb7 2007.1/i586/cups-serial-1.2.10-2.8mdv2007.1.i586.rpm
4dac70286d0aaa55d0c585c4e485f4d6 2007.1/i586/libcups2-1.2.10-2.8mdv2007.1.i586.rpm
2647b541d7a80ea194d6cc4983342e14 2007.1/i586/libcups2-devel-1.2.10-2.8mdv2007.1.i586.rpm
5bf9cba238150a77016869b2b600e0bd 2007.1/i586/php-cups-1.2.10-2.8mdv2007.1.i586.rpm
3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
27098b09dc01c70600c55572cb928422 2007.1/x86_64/cups-1.2.10-2.8mdv2007.1.x86_64.rpm
fbd01859759af3a2e32244cfff7aaa33 2007.1/x86_64/cups-common-1.2.10-2.8mdv2007.1.x86_64.rpm
4197004f7a59cc90d8d51f8ff34e2997 2007.1/x86_64/cups-serial-1.2.10-2.8mdv2007.1.x86_64.rpm
6cc45d922f07d379db0de2e08eb1589e 2007.1/x86_64/lib64cups2-1.2.10-2.8mdv2007.1.x86_64.rpm
d7443db8a26f27b41c32c95dee129437 2007.1/x86_64/lib64cups2-devel-1.2.10-2.8mdv2007.1.x86_64.rpm
eca467e20954fea23fd050ee41d2ca4a 2007.1/x86_64/php-cups-1.2.10-2.8mdv2007.1.x86_64.rpm
3762b10d3a6b962ec6932856d635a119 2007.1/SRPMS/cups-1.2.10-2.8mdv2007.1.src.rpm
Mandriva Linux 2008.0:
837c0714eef677dfcdb1befc56012db5 2008.0/i586/cups-1.3.6-1.3mdv2008.0.i586.rpm
cb8d17edacf1dc1dc5915fbb35745d9a 2008.0/i586/cups-common-1.3.6-1.3mdv2008.0.i586.rpm
635eb3405a6b5a4b93ca6373207093df 2008.0/i586/cups-serial-1.3.6-1.3mdv2008.0.i586.rpm
59939c1a2a730a0887750bafb4cabee1 2008.0/i586/libcups2-1.3.6-1.3mdv2008.0.i586.rpm
6183d24df353f4e8082374951636a657 2008.0/i586/libcups2-devel-1.3.6-1.3mdv2008.0.i586.rpm
0f1df17bf9cc86bb607ef28d4b29c6b2 2008.0/i586/php-cups-1.3.6-1.3mdv2008.0.i586.rpm
68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
5b73d5bfebbc66f8a56922c7b943f351 2008.0/x86_64/cups-1.3.6-1.3mdv2008.0.x86_64.rpm
a41d07d80c38b30ee5357b25f7b828ab 2008.0/x86_64/cups-common-1.3.6-1.3mdv2008.0.x86_64.rpm
34d6d4eb79b1ee5a9235843398301646 2008.0/x86_64/cups-serial-1.3.6-1.3mdv2008.0.x86_64.rpm
3157dcaafb55463d8ad149d99e4d0c55 2008.0/x86_64/lib64cups2-1.3.6-1.3mdv2008.0.x86_64.rpm
78b5f7fcedbbbef9c2318977b5f50264 2008.0/x86_64/lib64cups2-devel-1.3.6-1.3mdv2008.0.x86_64.rpm
082094f0923f72890f6dbb47eb9072b4 2008.0/x86_64/php-cups-1.3.6-1.3mdv2008.0.x86_64.rpm
68ac87937182de901cece9b93ba700fa 2008.0/SRPMS/cups-1.3.6-1.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
c22f4c131005e05768b0c45e931015c7 2008.1/i586/cups-1.3.6-5.2mdv2008.1.i586.rpm
8f1ad7b01f0d48aa920cb2378f5fce0a 2008.1/i586/cups-common-1.3.6-5.2mdv2008.1.i586.rpm
763dfee5def4727b34769298beb5c9fe 2008.1/i586/cups-serial-1.3.6-5.2mdv2008.1.i586.rpm
dadd48446b97869372535fb2ef02a471 2008.1/i586/libcups2-1.3.6-5.2mdv2008.1.i586.rpm
cf48ae8c17120d7d83b638f432620797 2008.1/i586/libcups2-devel-1.3.6-5.2mdv2008.1.i586.rpm
33d7dcb6b32e58bc38e847f827447b54 2008.1/i586/php-cups-1.3.6-5.2mdv2008.1.i586.rpm
25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
3804ff0deea819d375cdee86b1d98bf4 2008.1/x86_64/cups-1.3.6-5.2mdv2008.1.x86_64.rpm
9f8550ffbb7778636b18c33c6854e163 2008.1/x86_64/cups-common-1.3.6-5.2mdv2008.1.x86_64.rpm
077652b9f481f72873b6e94a0f54fe17 2008.1/x86_64/cups-serial-1.3.6-5.2mdv2008.1.x86_64.rpm
569bcdcf971b564d3ad3cec8b6281fec 2008.1/x86_64/lib64cups2-1.3.6-5.2mdv2008.1.x86_64.rpm
05ce67f5f2bf9f27b69963bbc0ba3f6e 2008.1/x86_64/lib64cups2-devel-1.3.6-5.2mdv2008.1.x86_64.rpm
8a48fbfa84679702c496744f394ac4f6 2008.1/x86_64/php-cups-1.3.6-5.2mdv2008.1.x86_64.rpm
25997a30a1fbc24e4a1a5017d15ac526 2008.1/SRPMS/cups-1.3.6-5.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
3480a3533f163c8559254c7dc7dccca4 2009.0/i586/cups-1.3.9-0.1mdv2009.0.i586.rpm
2eda3ae527a0d6477bf2f52f57f37297 2009.0/i586/cups-common-1.3.9-0.1mdv2009.0.i586.rpm
1b0849a0dcd6cc52debfdc23ca347e60 2009.0/i586/cups-serial-1.3.9-0.1mdv2009.0.i586.rpm
9ef6a24d1e8155bea9e7e148252dc4e7 2009.0/i586/libcups2-1.3.9-0.1mdv2009.0.i586.rpm
2a8be000df9a71f506a039e58faaf1b4 2009.0/i586/libcups2-devel-1.3.9-0.1mdv2009.0.i586.rpm
7f04461fd982b387144f73612b3cbd86 2009.0/i586/php-cups-1.3.9-0.1mdv2009.0.i586.rpm
1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
926221e97b7c4c52562468b26066f049 2009.0/x86_64/cups-1.3.9-0.1mdv2009.0.x86_64.rpm
96abb10e235084a80cd17c79cc31a360 2009.0/x86_64/cups-common-1.3.9-0.1mdv2009.0.x86_64.rpm
cb817300fa6d8c9b40a0f8a01572d691 2009.0/x86_64/cups-serial-1.3.9-0.1mdv2009.0.x86_64.rpm
d56cea0645b26b668f9b8a66f2dc090f 2009.0/x86_64/lib64cups2-1.3.9-0.1mdv2009.0.x86_64.rpm
f4a04369ad8d202d87ea49a3da4ab67c 2009.0/x86_64/lib64cups2-devel-1.3.9-0.1mdv2009.0.x86_64.rpm
85124180f179ae504ad2f27ef814683d 2009.0/x86_64/php-cups-1.3.9-0.1mdv2009.0.x86_64.rpm
1c16860c6f7af958cb6744dd60ffd63e 2009.0/SRPMS/cups-1.3.9-0.1mdv2009.0.src.rpm
Corporate 3.0:
d235e680a70a94ce2c32a556a1fea6d5 corporate/3.0/i586/cups-1.1.20-5.19.C30mdk.i586.rpm
eccffd52489f0aca14a11b6b88a5c59f corporate/3.0/i586/cups-common-1.1.20-5.19.C30mdk.i586.rpm
743aad40e707a1c6ec8de19e6ba19668 corporate/3.0/i586/cups-serial-1.1.20-5.19.C30mdk.i586.rpm
931bd82e26396ef7109369893e8fb740 corporate/3.0/i586/libcups2-1.1.20-5.19.C30mdk.i586.rpm
007b156ceb1f78c107a05bba499f544d corporate/3.0/i586/libcups2-devel-1.1.20-5.19.C30mdk.i586.rpm
685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm
Corporate 3.0/X86_64:
c57219da87ef50832e74efbfd3471f64 corporate/3.0/x86_64/cups-1.1.20-5.19.C30mdk.x86_64.rpm
6f9772a800e70f1e3766d76de8dcf6e3 corporate/3.0/x86_64/cups-common-1.1.20-5.19.C30mdk.x86_64.rpm
e1221063527caed05a6e94f9cebed9ab corporate/3.0/x86_64/cups-serial-1.1.20-5.19.C30mdk.x86_64.rpm
a0b15b24cfc995a7a769c1e87d53a696 corporate/3.0/x86_64/lib64cups2-1.1.20-5.19.C30mdk.x86_64.rpm
aaabff95ac9a30ff1d9ce224612bcb50 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.19.C30mdk.x86_64.rpm
685d93ef91df7b10faefae3d9c8a2e20 corporate/3.0/SRPMS/cups-1.1.20-5.19.C30mdk.src.rpm
Corporate 4.0:
56f3e394ac8e4b4e7d423c7989d2e6af corporate/4.0/i586/cups-1.2.4-0.10.20060mlcs4.i586.rpm
dcb4425723e63a2d094305cde05890f3 corporate/4.0/i586/cups-common-1.2.4-0.10.20060mlcs4.i586.rpm
348427ebb4f1f1f530c3c129850de957 corporate/4.0/i586/cups-serial-1.2.4-0.10.20060mlcs4.i586.rpm
d0a8052949416c5ba260b48596cbf415 corporate/4.0/i586/libcups2-1.2.4-0.10.20060mlcs4.i586.rpm
ab7637abe249e4369cf39d37113ba37f corporate/4.0/i586/libcups2-devel-1.2.4-0.10.20060mlcs4.i586.rpm
86af12b21de1212e72286e9b2db23caa corporate/4.0/i586/php-cups-1.2.4-0.10.20060mlcs4.i586.rpm
5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
59784628a2385248e8d71c1476773071 corporate/4.0/x86_64/cups-1.2.4-0.10.20060mlcs4.x86_64.rpm
a7933ad29b9a77973fcf7feb02c381b9 corporate/4.0/x86_64/cups-common-1.2.4-0.10.20060mlcs4.x86_64.rpm
26da08a5da63053f418e47792cf26280 corporate/4.0/x86_64/cups-serial-1.2.4-0.10.20060mlcs4.x86_64.rpm
0614662f2661171ade097e562a94c635 corporate/4.0/x86_64/lib64cups2-1.2.4-0.10.20060mlcs4.x86_64.rpm
a899db16ce3db8ec71aaef67a6650616 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.10.20060mlcs4.x86_64.rpm
9e3dc91c4390d7ba60ca26dcc095b8d8 corporate/4.0/x86_64/php-cups-1.2.4-0.10.20060mlcs4.x86_64.rpm
5a7d0a19238e8b654821bb87355f9f27 corporate/4.0/SRPMS/cups-1.2.4-0.10.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI8DeJmqjQ0CJFipgRAmbxAKCxSRvJTtancZ/puQkgifGbRQnZIQCg6Bum
EnuxPIlaIiQWBIjMSk4WWoo=
=aMXC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200812-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 10, 2008
Bugs: #238976, #249727
ID: 200812-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Several remotely exploitable bugs have been found in CUPS, which allow
remote execution of arbitrary code.
Background
==========
CUPS is the Common Unix Printing System.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1
Description
===========
Several buffer overflows were found in:
* The read_rle16 function in imagetops (CVE-2008-3639, found by
regenrecht, reported via ZDI)
* The WriteProlog function in texttops (CVE-2008-3640, found by
regenrecht, reported via ZDI)
* The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641,
found by regenrecht, reported via iDefense)
* The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs)
Impact
======
A remote attacker could send specially crafted input to a vulnerable
server, resulting in the remote execution of arbitrary code with the
privileges of the user running the server.
Workaround
==========
None this time.
Resolution
==========
All CUPS users should upgrade to the latest version.
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1"
References
==========
[ 1 ] CVE-2008-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
[ 2 ] CVE-2008-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
[ 3 ] CVE-2008-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
[ 4 ] CVE-2008-5286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200812-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
15 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
CUPS PNG Filter Integer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA29809
VERIFY ADVISORY:
http://secunia.com/advisories/29809/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
CUPS 1.x
http://secunia.com/product/921/
DESCRIPTION:
Thomas Pollet has reported a vulnerability in CUPS, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to two integer overflow errors in
filter/image-png.c when processing PNG files. These can be exploited
to cause a heap-based buffer overflow via overly large width and
height PNG fields.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 1.3.7. Other versions may
also be affected.
SOLUTION:
Fixed in the SVN repository.
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Thomas Pollet
ORIGINAL ADVISORY:
http://www.cups.org/str.php?L2790
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200804-0377 | CVE-2008-1905 | Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. Nero MediaHome is a media server component in the Nero suite that allows media files to be shared on a local area network. Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.
This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
17 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Nero MediaHome Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA29808
VERIFY ADVISORY:
http://secunia.com/advisories/29808/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
Nero MediaHome 3.x
http://secunia.com/product/17236/
DESCRIPTION:
Luigi Auriemma has discovered a vulnerability in Nero MediaHome,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to a NULL-pointer dereference error
in NMMediaServer.exe and can be exploited to cause the process to
crash via e.g. sending an overly long string to default port
54444/TCP.
SOLUTION:
Use in a trusted network environment only.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/neromedia-adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200804-0326 | CVE-2008-1846 | SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. SAP NetWeaver is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks
VAR-200903-0109 | CVE-2008-6474 | F5 BIG-IP Any in the management interface of Perl Code injection vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. F5 BIG-IP Web Management Interface is prone to a remote code-injection vulnerability because the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary code with the privileges of the user running the affected application.
This issue affects F5 BIG-IP 9.4.3; other versions may also be affected. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The vulnerability is caused by using Perl EP3 with templates similar to the following without escaping the single quotes in NEW_VALUE: $val=&\'\'NEW_VALUE&\'\'; For example, the SNMP community string configuration accepts The following value is an SNMP request: \"none\'\'.`touch /etc/foo`.\'\'\" An attacker can create a specially crafted URL link that can inject an HTTP GET request through cross-site scripting in BIG-IP Make any changes on the device
VAR-200804-0422 | CVE-2008-1775 | ManageEngine Firewall Analyzer 'mindex.do' Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
ManageEngine Firewall Analyzer 4.0.3 is vulnerable; other versions may be affected as well. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Input passed to the "displayName" parameter in mindex.do is not
properly sanitised before being returned to a user.
Successful exploitation requires that the target user is logged in to
the application.
The vulnerability is reported in version 4.0.3.
SOLUTION:
Filter malicious characters and character sequences using a web
proxy.
The vendor will reportedly fix this in the next release.
PROVIDED AND/OR DISCOVERED BY:
Jason Rhodes
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200804-0273 | CVE-2008-1154 | Cisco Unified Communications Disaster Recovery Framework Remote Command Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. network Requests received from do not require authentication, which could allow a remote attacker to execute arbitrary code via an unknown route.Please refer to the “Overview” for the impact of this vulnerability. Multiple Cisco Unified Communications products are prone to a remote command-execution vulnerability. This issue occurs in the Disaster Recovery Framework.
An attacker can exploit this issue to execute arbitrary commands with full administrative privileges. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Successful exploitation allows execution of arbitrary commands.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits VoIPshield Systems.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. There is a
workaround for this vulnerability.
Cisco has released free software updates that address this
vulnerability. DRF allows administrators to backup and restore a system
configuration to a local tape drive or remote server.
The DRF Master server is responsible for performing backup and
restoration requests. A remote, unauthenticated user can connect
to the DRF Master server and may be able to perform any DRF-related
tasks. These tasks include:
* Modifying or deleting a scheduled backup
* Copying a system backup to a remote, user-specified server
* Restoring a user-specified configuration from a remote server
* Execute arbitrary operating system commands
An attacker could exploit this vulnerability to cause a denial of
service condition, obtain sensitive configuration information,
overwrite configuration parameters, or execute arbitrary commands
with full administrative privileges. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCso53771 - Unauthenticated Access to Disaster Recovery Framework
CVSS Base Score - 10
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS Temporal Score - 8.3
Exploitability: Functional
Remediation Level: Official-Fix
Report Confidence: Confirmed
Impact
======
Successful exploitation of this vulnerability could allow a remote,
unauthenticated attacker to cause a denial of service condition,
obtain sensitive configuration information, overwrite configuration
parameters or execute arbitrary commands with full administrative
privileges.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Fixed software is available for the following Cisco products. This
advisory will be updated as additional fixes are available. The filename is
ciscocm.CSCso53771.security.patch.cop and can be downloaded at the
following link:
http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr-utilpage?psrtdcat20e2
Please consult the COP file Readme for installation instructions.
Workarounds
===========
Administrators can mitigate this vulnerability by disabling the DRF
Master service. However, administrators should exercise caution when
disabling the DRF Master service, as system backups will not occur
while the service is stopped. Administrators are encouraged to
perform a complete system backup before employing this workaround and
use care when making configuration changes until the DRF Master
service can be safely re-enabled.
Instructions for disabling the DRF Master service on Cisco Unified
Communications Manager systems are available at the following link:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/5_0_1/ccmsrva/sasrvact.html#wp1048220
The vulnerability may be mitigated by restricting access to the DRF
Master service (TCP port 4040). For a Cisco Unified Communications
Manager cluster, access to the port should be restricted to valid
cluster nodes.
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080403-drf.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound by
the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any malicious use of the
vulnerability described in this advisory.
This vulnerability was reported to Cisco by VoIPshield Systems.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-April-03 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
- ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFH9P4/86n/Gc8U/uARAgP1AKCYJS+NnmfcbOa6X/bOGX//WtZ9bQCdE8eQ
ujmH9JrSK7JatP5eShSBxvQ=
=uxdK
-----END PGP SIGNATURE-----
VAR-200804-0027 | CVE-2008-1014 | Apple QuickTime Outside in URL Information disclosure vulnerability due to poor handling |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. Apple QuickTime On the outside of the video URL There is an information disclosure vulnerability due to incomplete handling.There is a possibility that important information may be taken by a third party.
These issues arise when the application handles specially crafted Java applets, image files, and movie files.
Versions prior to QuickTime 7.4.5 are affected by these vulnerabilities. Apple QuickTime is a very popular multimedia player. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
1) An implementation error in QuickTime for Java allows untrusted
Java applets to deserialize objects provided by QTJava. This can be
exploited to disclose sensitive information or execute arbitrary code
e.g. when a user visits a malicious web page.
2) An unspecified error in the handling of external URLs embedded in
movie files can lead to information disclosure.
3) An input validation error in the handling of data reference atoms
within movie files can be exploited to cause a buffer overflow when a
specially crafted movie is viewed.
4) An unspecified error in the handling of movie media tracks can be
exploited to cause a memory corruption when a specially crafted movie
is viewed.
5) A boundary error in the parsing of "crgn" atoms can be exploited
to cause a heap-based buffer overflow when a specially crafted movie
file is viewed.
6) A boundary error in the parsing of "chan" atoms can be exploited
to cause a heap-based buffer overflow when a specially crafted movie
file is viewed.
7) A boundary error in the handling of PICT records can be exploited
to cause a heap-based buffer overflow when a specially crafted PICT
image is viewed.
8) A boundary error in the handling of error messages when processing
PICT images can be exploited to cause a heap-based buffer overflow.
NOTE: This vulnerability does not affect Mac OS X systems.
9) A boundary error in the handling of Animation codec content can be
exploited to cause a heap-based buffer overflow when a specially
crafted movie file is viewed.
NOTE: This vulnerability does not affect Mac OS X systems.
10) A boundary error in the parsing of "obji" atoms can be exploited
to cause a stack-based buffer overflow when a specially crafted
QuickTime VR movie file is viewed.
11) A boundary error in the parsing of the Clip opcode can be
exploited to cause a heap-based buffer overflow when a specially
crafted PICT image file is viewed.
Successful exploitation of these vulnerabilities may allow execution
of arbitrary code.
SOLUTION:
Update to version 7.4.5.
QuickTime 7.4.5 for Windows:
http://www.apple.com/support/downloads/quicktime745forwindows.html
QuickTime 7.4.5 for Leopard:
http://www.apple.com/support/downloads/quicktime745forleopard.html
QuickTime 7.4.5 for Panther:
http://www.apple.com/support/downloads/quicktime745forpanther.html
QuickTime 7.4.5 for Tiger:
http://www.apple.com/support/downloads/quicktime745fortiger.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Adam Gowdiak
2) Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul
Mohandas of McAfee Avert Labs
3) Chris Ries of Carnegie Mellon University Computing Services
5) Sanbin Li working with ZDI
6) An anonymous researcher working with ZDI
7) bugfree working with ZDI
8) Ruben Santamarta of Reversemode.com working with ZDI
9) An anonymous researcher working with ZDI
10) An anonymous researcher working with ZDI
11) Wei Wang of McAfee AVERT labs
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1241
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-094A
Apple Updates for Multiple Vulnerabilities
Original release date: April 3, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.4.5
* Microsoft Windows running versions of QuickTime prior to 7.4.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the
Apple Knowledgebase article HT1241.
I. Description
Apple QuickTime 7.4.5 vulnerabilities in the way different types of
image and media files are handled. An attacker could exploit these
vulnerabilities by convincing a user to access a specially crafted
image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes
may be vulnerable.
II. For
further information, please see Apple knowledgebase article HT1241
about the security content of QuickTime 7.4.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4.5.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.4.5 Update -
<http://support.apple.com/kb/HT1241>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 3, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5
SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP
iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX
Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA
HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+
WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==
=cONM
-----END PGP SIGNATURE-----
VAR-200804-0036 | CVE-2008-1023 | Apple QuickTime of Clip Instruction code buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
These issues arise when the application handles specially crafted Java applets, image files, and movie files. Successful exploits may allow attackers to obtain sensitive information, gain remote unauthorized access in the context of a vulnerable user, and trigger a denial-of-service condition.
Versions prior to QuickTime 7.4.5 are affected by these vulnerabilities. Apple QuickTime is a very popular multimedia player. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
1) An implementation error in QuickTime for Java allows untrusted
Java applets to deserialize objects provided by QTJava. This can be
exploited to disclose sensitive information or execute arbitrary code
e.g. when a user visits a malicious web page.
2) An unspecified error in the handling of external URLs embedded in
movie files can lead to information disclosure.
3) An input validation error in the handling of data reference atoms
within movie files can be exploited to cause a buffer overflow when a
specially crafted movie is viewed.
4) An unspecified error in the handling of movie media tracks can be
exploited to cause a memory corruption when a specially crafted movie
is viewed.
8) A boundary error in the handling of error messages when processing
PICT images can be exploited to cause a heap-based buffer overflow.
NOTE: This vulnerability does not affect Mac OS X systems.
9) A boundary error in the handling of Animation codec content can be
exploited to cause a heap-based buffer overflow when a specially
crafted movie file is viewed.
NOTE: This vulnerability does not affect Mac OS X systems.
Successful exploitation of these vulnerabilities may allow execution
of arbitrary code.
SOLUTION:
Update to version 7.4.5.
QuickTime 7.4.5 for Windows:
http://www.apple.com/support/downloads/quicktime745forwindows.html
QuickTime 7.4.5 for Leopard:
http://www.apple.com/support/downloads/quicktime745forleopard.html
QuickTime 7.4.5 for Panther:
http://www.apple.com/support/downloads/quicktime745forpanther.html
QuickTime 7.4.5 for Tiger:
http://www.apple.com/support/downloads/quicktime745fortiger.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Adam Gowdiak
2) Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul
Mohandas of McAfee Avert Labs
3) Chris Ries of Carnegie Mellon University Computing Services
5) Sanbin Li working with ZDI
6) An anonymous researcher working with ZDI
7) bugfree working with ZDI
8) Ruben Santamarta of Reversemode.com working with ZDI
9) An anonymous researcher working with ZDI
10) An anonymous researcher working with ZDI
11) Wei Wang of McAfee AVERT labs
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1241
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-094A
Apple Updates for Multiple Vulnerabilities
Original release date: April 3, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.4.5
* Microsoft Windows running versions of QuickTime prior to 7.4.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the
Apple Knowledgebase article HT1241.
I. Description
Apple QuickTime 7.4.5 vulnerabilities in the way different types of
image and media files are handled. An attacker could exploit these
vulnerabilities by convincing a user to access a specially crafted
image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes
may be vulnerable.
II. For
further information, please see Apple knowledgebase article HT1241
about the security content of QuickTime 7.4.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4.5.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.4.5 Update -
<http://support.apple.com/kb/HT1241>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 3, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5
SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP
iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX
Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA
HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+
WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==
=cONM
-----END PGP SIGNATURE-----