From debian-security-announce@lists.debian.org Mon Feb 17 15:45:26 2003 From: debian-security-announce@lists.debian.org Resent-From: list@murphy.debian.org (SmartList) To: full-disclosure@lists.netsys.com Date: Mon, 17 Feb 2003 15:11:19 +0100 (CET) Reply-To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] [SECURITY] [DSA 232-2] New CUPS packages fix wrong libPNG dependency -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 232-2 security@debian.org http://www.debian.org/security/ Martin Schulze February 20th, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : cupsys Vulnerability : several Problem-type : remote Debian-specific: no CVE Id : CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384 This update corrects a library dependency for the libcupsys2 package which sneaked in with the last security update to CUPS for the stable distribution (woody). The original advisory DSA 232-1 stated: Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the problems listed above. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.dsc Size/MD5 checksum: 690 488a4f8ea7203fadde75d906e6cf64ea http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.diff.gz Size/MD5 checksum: 35455 de07347fda86dad071c45e6d932c97f4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_alpha.deb Size/MD5 checksum: 1899888 49dc42a554de6d65a87b6ae2e8ff9bc2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_alpha.deb Size/MD5 checksum: 73878 3f2a05f77006279df5a72a5e10f2567a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_alpha.deb Size/MD5 checksum: 92524 d7e288183671c27fa8fa09626d699380 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_alpha.deb Size/MD5 checksum: 2445346 c317555525b3afae1f1900e48f73ccb6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_alpha.deb Size/MD5 checksum: 137394 c772d3cb006f8e44738b349e24a5984b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_alpha.deb Size/MD5 checksum: 180182 a70ad0d886b74710d3b4106aabe55184 ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_arm.deb Size/MD5 checksum: 1821374 a6674c57f31308872e20499b17357c37 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_arm.deb Size/MD5 checksum: 68006 ab978ff099fdd7b37550106971454059 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_arm.deb Size/MD5 checksum: 85210 48f3e5ba501e1b38a1634a047d61d636 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_arm.deb Size/MD5 checksum: 2345388 7a8ac6e933aa3824afea3a0a228bb0dc http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_arm.deb Size/MD5 checksum: 112332 0d8f215879b74847ed5acf8e7fe7fff4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_arm.deb Size/MD5 checksum: 149736 b08a2c3bfae9b364969fee4521f8a601 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_i386.deb Size/MD5 checksum: 1788152 cc4758069a8aa1fa0e4958f131f0faa2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_i386.deb Size/MD5 checksum: 67532 739cb994c54cd11154f13a99d36edffb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_i386.deb Size/MD5 checksum: 83722 8f8fcd75c985a1e5f75d1170f21197c6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_i386.deb Size/MD5 checksum: 2311516 09a23d49459ca3effd505921a2f8d434 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_i386.deb Size/MD5 checksum: 110408 86ece906e4f6bf1607758894a217c9bd http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_i386.deb Size/MD5 checksum: 135864 50e2bd585535a49a53f518178dedaa12 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_ia64.deb Size/MD5 checksum: 2007920 a5789e5d38b90613aea9b5a458714b95 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_ia64.deb Size/MD5 checksum: 76944 18f4cf8775b1bf950b7db673f6be26d2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_ia64.deb Size/MD5 checksum: 96686 10d076494a77ebda207b3f4ccbb4d2fb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_ia64.deb Size/MD5 checksum: 2656320 898d58fa392cf145466c7c035eeb0126 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_ia64.deb Size/MD5 checksum: 155146 d472d99b98d3df5b9a88934fa1325449 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_ia64.deb Size/MD5 checksum: 182086 f6b72a5972bddfa606e8369b1d6f4db0 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_hppa.deb Size/MD5 checksum: 1881350 c14a8d5cca984546202bff3b3a5cfbc8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_hppa.deb Size/MD5 checksum: 70332 737ad34c1337a351f850e5a09dd27173 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_hppa.deb Size/MD5 checksum: 89344 894cd4fe76e427b09ba7e30288a69394 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_hppa.deb Size/MD5 checksum: 2455558 56a4e578951ffbcf6c9c7be6234c5fb7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_hppa.deb Size/MD5 checksum: 126020 cfc0ba6b024a6bf627e2bc57aecf9dac http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_hppa.deb Size/MD5 checksum: 158844 ac79946225c6f83d2fa5f88e6c5b4fba Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_m68k.deb Size/MD5 checksum: 1755098 3c27c579b91cf890a47b98917461267f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_m68k.deb Size/MD5 checksum: 65798 48b9c5e7cea3e4f9c72a45cd925347d8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_m68k.deb Size/MD5 checksum: 80918 3fbdf5ad323a27d7cb3bfe73176c4afc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_m68k.deb Size/MD5 checksum: 2260938 85a91950c1bff5d447b51b8162d30d01 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_m68k.deb Size/MD5 checksum: 105630 b284987845a6eaa414f305756029a571 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_m68k.deb Size/MD5 checksum: 128180 cf0c3ebf9d4b5c3b98079d1ca07f76d6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mips.deb Size/MD5 checksum: 1811460 8494a7da26a892605955b91e7aec2752 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mips.deb Size/MD5 checksum: 67422 0146e8d156c0aa6b8813168e3d66feed http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mips.deb Size/MD5 checksum: 80874 d097c0c61fc2e8f0904109d432a233ab http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mips.deb Size/MD5 checksum: 2404196 41e947389ba9414f69a9c6cdbd5476a0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mips.deb Size/MD5 checksum: 112190 b51437fa6dedb0b7cc8178b550e3a95c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mips.deb Size/MD5 checksum: 150458 7007044bc2d13a922999ee4a0b2340fb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 1812312 9dbabaedf362d30cf0bfb8d5a6e1ac26 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 67416 0569cbc30da536cbca2639f0d5d1dcfc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 80902 8a0b296db80627b629711c87334ca13a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 2406512 3857a4490fca8ab736d5466c5a282fce http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 111910 119cb8711ce5c8d8198a5aa55047ea11 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mipsel.deb Size/MD5 checksum: 150300 a82267043aff30d615e6412b1419920b PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 1800642 2e8e32a8ad80d6537bba0f53b5e5d614 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 67434 330355b0de8fbe9942c3b45c86b8833b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 83012 eb02960a180f9a7b2c20f3acd30b8ac4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 2359336 e106d470424730249bd78e3627cd982e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 116116 15ec4592d5d69df82ef0bfc13af38470 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_powerpc.deb Size/MD5 checksum: 144438 6e07739403598c1fa4e547384027749e IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_s390.deb Size/MD5 checksum: 1795128 6d8293268c3b69e44c4b4fef02cdd41f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_s390.deb Size/MD5 checksum: 68818 a945b56e02744f098ae98a8b529d9e13 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_s390.deb Size/MD5 checksum: 85552 6569bf59c17d3bde8d723fd441060b5f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_s390.deb Size/MD5 checksum: 2337158 444e722e99e0207ba45a4a2782372492 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_s390.deb Size/MD5 checksum: 114702 766c671a3e0380d5ea79bd8908f222c4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_s390.deb Size/MD5 checksum: 140224 4706d66dd339c0bee9429c710053a86d Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_sparc.deb Size/MD5 checksum: 1844716 3148ba840c107efb91e9ae7ec472b38a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_sparc.deb Size/MD5 checksum: 70380 43573608b4c8b2194eba8320d84a676d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_sparc.deb Size/MD5 checksum: 83818 f2d12acc706621476f04b03e31f47bc6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_sparc.deb Size/MD5 checksum: 2354226 07c0e47816a4abcc6b4798a75245f805 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_sparc.deb Size/MD5 checksum: 119844 36e6cdfa8ba20a339118184ec2a9e04e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_sparc.deb Size/MD5 checksum: 146012 08ec4db24b3e696f4be77f56c9705eb7 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UO2HW5ql+IAeqTIRAmXcAJ9L5o9g31DYY8FstIgtWD3PcM38mACeOqWL wZuCvjvZ1dXZ1JEDG+aMe/U= =D+06 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html