From security@caldera.com Fri Mar 29 16:56:19 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com Date: Fri, 29 Mar 2002 10:49:04 -0800 Subject: Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: CUPS buffer overflow when reading names of attributes Advisory number: CSSA-2002-008.0 Issue date: 2002, March 14 Cross reference: ______________________________________________________________________________ 1. Problem Description The authors of CUPS, the Common UNIX Printing System, have found a potential buffer overflow bug in the code of the CUPS daemon where it reads the names of attributes. 2. Vulnerable Supported Versions System Package ----------------------------------------------------------- OpenLinux Server 3.1 All packages previous to cups-1.1.10-5 OpenLinux Workstation 3.1 All packages previous to cups-1.1.10-5 OpenLinux Server 3.1.1 All packages previous to cups-1.1.10-5 OpenLinux Workstation All packages previous to 3.1.1 cups-1.1.10-5 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 3.1 Server 4.1 Location of Fixed Packages The 3.1 version of this package is not yet available. An updated advisory will be published when the package is released. 5. OpenLinux 3.1 Workstation 5.1 Location of Fixed Packages The 3.1 version of this package is not yet available. An updated advisory will be published when the package is released. 6. OpenLinux 3.1.1 Server 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 6.2 Verification 54c460f1858c9ae1d3c4057812825cbd RPMS/cups-1.1.10-5.i386.rpm 1caf530d29b5387d2da32e2bc31340c7 RPMS/cups-client-1.1.10-5.i386.rpm 45b44112561c92cfbb7e8bd11840697e RPMS/cups-devel-1.1.10-5.i386.rpm 13cbec00ffd614f696f905c35ed63b7b RPMS/cups-ppd-1.1.10-5.i386.rpm 556f0a1bd6ff629a32c9812d5a31ced1 SRPMS/cups-1.1.10-5.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh cups-1.1.10-5.i386.rpm \ cups-client-1.1.10-5.i386.rpm \ cups-devel-1.1.10-5.i386.rpm cups-ppd-1.1.10-5.i386.rpm 7. OpenLinux 3.1.1 Workstation 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 7.2 Verification 54c460f1858c9ae1d3c4057812825cbd RPMS/cups-1.1.10-5.i386.rpm 1caf530d29b5387d2da32e2bc31340c7 RPMS/cups-client-1.1.10-5.i386.rpm 45b44112561c92cfbb7e8bd11840697e RPMS/cups-devel-1.1.10-5.i386.rpm 13cbec00ffd614f696f905c35ed63b7b RPMS/cups-ppd-1.1.10-5.i386.rpm 556f0a1bd6ff629a32c9812d5a31ced1 SRPMS/cups-1.1.10-5.src.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh cups-1.1.10-5.i386.rpm \ cups-client-1.1.10-5.i386.rpm \ cups-devel-1.1.10-5.i386.rpm cups-ppd-1.1.10-5.i386.rpm 8. References Specific references for this advisory: none Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incidents sr860818, fz520280, erg711981. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ______________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]