cups-1.3.7-11.6.0.1.AXS3
エラータID: AXSA:2010-142:01
リリース日:
2010/03/11 Thursday - 10:46
題名:
cups-1.3.7-11.6.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CUPSのスケジューラの cupsdDoSelect 関数には開放後使用の脆弱性が存在し、kqueue または epoll が使用されている場合、多数の印刷ジョブの一覧表示中にクライアントの切断によって、リモートの攻撃者がサービス拒否 (デーモンのクラッシュやハング) を引き起こす脆弱性があります。なお、この脆弱性は CVE-2009-3553 の不十分な修正によるものです。(CVE-2010-0302)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.3.7-11.6.0.1.AXS3.src.rpm
MD5: 527bbab3518cca75c763db8cd4302af6
SHA-256: b89400e4977f36a2bf65c631caaa7810d47284ee73d062fdf41b991aa766ed67
Size: 4.16 MB
Asianux Server 3 for x86
- cups-1.3.7-11.6.0.1.AXS3.i386.rpm
MD5: d9f651f3084ad0feda0845f0372f885a
SHA-256: 6b98045b3a30320a4b1443118b11b91af459ca05044fe617a7308625bc771ba4
Size: 3.82 MB - cups-devel-1.3.7-11.6.0.1.AXS3.i386.rpm
MD5: 7d384565fb358690c03efe25d990251e
SHA-256: ca5fcfc7782939c40fa6d1a6102af0bd31ecc5148f661e12bbe687c6adedc1cb
Size: 75.26 kB - cups-libs-1.3.7-11.6.0.1.AXS3.i386.rpm
MD5: d282849395dba42eb151be52bc22f54d
SHA-256: bcc75e5ed81dd27aa16b745e6395e95a2d7676ecce82844f42f95c21c5985390
Size: 195.66 kB
Asianux Server 3 for x86_64
- cups-1.3.7-11.6.0.1.AXS3.x86_64.rpm
MD5: ed208e460d01283f465327b652325883
SHA-256: e693cab18b3d7b1c9f2757e93d4283837b257057d223cc76cbb37eca2eb06268
Size: 3.86 MB - cups-devel-1.3.7-11.6.0.1.AXS3.x86_64.rpm
MD5: 7471cf4eebe7d58fe3b2f3d0d9970d07
SHA-256: 5898283dc3e35ce2d47659f9436bd85cfea56c46d4e3e1a1161898a6a00e9bfe
Size: 75.25 kB - cups-libs-1.3.7-11.6.0.1.AXS3.x86_64.rpm
MD5: 0ae5d87dcc05fa2562d3fbb46163eacf
SHA-256: 410776d1df2a169c38ef3f7987fe52a442bcc03c4c5092682dc31ba9227935f6
Size: 191.69 kB