cups-1.3.7-11.4.1AXS3

エラータID: AXSA:2009-423:04

Release date: 
Friday, November 20, 2009 - 14:43
Subject: 
cups-1.3.7-11.4.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
Security bugs fixed with this release:
CVE-2009-2820
CUPS in Apple Mac OS X before 10.6.2 does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs.
CVE-2009-3553
No description available at the time of writing, please use the CVE link below to check the description.

Solution: 

Update packages.

CVEs: 
CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
CVE-2009-3553
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Additional Info: 

N/A

Download: 

SRPMS
  1. cups-1.3.7-11.4.1AXS3.src.rpm
    MD5: 083712ed0092c1ee09d0e3aa45ade650
    SHA-256: b8af1469d87bf18c70f5f323b4a829aaae83cd99dd0d40070934fef2f8b1249f
    Size: 4.16 MB

Asianux Server 3 for x86
  1. cups-1.3.7-11.4.1AXS3.i386.rpm
    MD5: a090b5340c4859a10f7227b3a9719419
    SHA-256: a5754e56e3a3ccc090dd1846d957d83621cca5f9645869abf73945fa62a5a7d4
    Size: 3.82 MB
  2. cups-devel-1.3.7-11.4.1AXS3.i386.rpm
    MD5: 92f6861fc670f70acc69cfa3a1ca7393
    SHA-256: 63b30110128797bd20bc0c4a126d2775869367a7041deac46f66d57aebcb4d1e
    Size: 74.96 kB
  3. cups-libs-1.3.7-11.4.1AXS3.i386.rpm
    MD5: ae121123e07159daa54db28f37caabe6
    SHA-256: 582558cc17bd0ebc3845bc64fa64a8feefb53e056bb5d640f0ce1664c510b141
    Size: 195.37 kB

Asianux Server 3 for x86_64
  1. cups-1.3.7-11.4.1AXS3.x86_64.rpm
    MD5: 3511214e53cf6b157a63f1a9ca600614
    SHA-256: ba86db7860fabfb7feb5c6ac871bbf6829c893cf46d60e015472ef6e596178db
    Size: 3.86 MB
  2. cups-devel-1.3.7-11.4.1AXS3.x86_64.rpm
    MD5: bd596ac3a827679304818ba3f14c0da8
    SHA-256: 2191420597ef73fbd8a36cb10e7edba01cccdfc82c448ae64908ecbde02bc348
    Size: 74.94 kB
  3. cups-libs-1.3.7-11.4.1AXS3.x86_64.rpm
    MD5: a6cf96bf57b47320d8eab0d6ac951bc8
    SHA-256: 37538ebb3ea354d46b99ca59725d4b0c2df73dce0be132c0077638b27f6080fb
    Size: 191.40 kB