cups-1.6.3-51.el7
エラータID: AXSA:2020-557:05
リリース日:
2020/10/05 Monday - 08:35
題名:
cups-1.6.3-51.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- CUPS の scheduler/client.c valid_host() の
localhost.localdomain ホワイトリストエントリには、
リモートの攻撃者が DNS リバインディングと組み合わせて
CUPS デーモン に POST リクエストを送付することで、
任意の IPP コマンドを実行することを許可する脆弱性があります。(CVE-2017-18190)
- 現時点では CVE-2019-8675、 CVE-2019-8696 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-18190
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
CVE-2019-8675
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-8696
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.6.3-51.el7.src.rpm
MD5: 87034e9af3ecdefa2224a102a9f6af95
SHA-256: bb7b94c0e7f29615216ed57ed3d51f183ce9b916016165d34af1d43efb336fb1
Size: 8.12 MB
Asianux Server 7 for x86_64
- cups-1.6.3-51.el7.x86_64.rpm
MD5: 24189a39e8e4d7bd402fa09421a1e24d
SHA-256: e9b2a5095b226b5947b17d9150f5468622ea863b3ebb6ab6d105dec7675198ee
Size: 1.28 MB - cups-client-1.6.3-51.el7.x86_64.rpm
MD5: ebb698b89f8f289a1c2d0c2551b027b4
SHA-256: ac3fbd294d7f5b8ccc44810d2d72b70f58d36e6fa26014d30243c6f8a8809d8e
Size: 151.89 kB - cups-devel-1.6.3-51.el7.x86_64.rpm
MD5: 16b8bb01c6857be8f55cb2f5abaf20a7
SHA-256: 019b3a296be8f8c9297e9a213d04c0b733230589f66e973e9d1755f9ec444995
Size: 133.01 kB - cups-filesystem-1.6.3-51.el7.noarch.rpm
MD5: c0c974e7f9f91d4ae3eb3efcd5cdd830
SHA-256: 3ccc99bd2b9921d1f59138427ac51816f0f9d5afeae999c87acbebdab6eb4ae4
Size: 97.01 kB - cups-libs-1.6.3-51.el7.x86_64.rpm
MD5: 5f5e005eb8f2a5e6f7fbf3f2b5336837
SHA-256: cdf6f7fb78303fb6612922f65617088d0ec9f0a96973ee85370204606197b486
Size: 358.11 kB - cups-lpd-1.6.3-51.el7.x86_64.rpm
MD5: b2aa8284af3d8432a14f1972c1e506a9
SHA-256: ae7e5ed86d4715574b41a31beffd920ccab2972c23f32c6f0e783510e0f05b84
Size: 108.11 kB - cups-devel-1.6.3-51.el7.i686.rpm
MD5: 45207523801ce24fe637864c083bfed5
SHA-256: a739e98223bf92436e60a5341855719fda33fdb1d82fdc71a236d0aa3f339bab
Size: 133.04 kB - cups-libs-1.6.3-51.el7.i686.rpm
MD5: 52ee38d02b4ebb28db0723875b6cff6a
SHA-256: 43077bfdee947a5a1a86bdea7782db65bcfb4a374180e9ec6d8cf4755b6e7955
Size: 360.03 kB