cups-1.3.7-18.4.0.1.AXS3
エラータID: AXSA:2010-368:03
リリース日:
2010/06/22 Tuesday - 20:59
題名:
cups-1.3.7-18.4.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- cups の WEB インターフェースにはクロスサイトリクエストフォージェリ (CSRF) 脆弱性が存在し, リモートの攻撃者が管理者認証を乗っ取り, 設定を変更する脆弱性があります。(CVE-2010-0540)
- CUPS の texttops.c の _WriteProlog 関数には calloc 呼び出しの戻り値をチェックしておらず, リモートの攻撃者がサービス拒否 (ヌルポインタ参照あるいはヒープメモリ破壊) を引き起こしたり, あるいは任意のコードを実行する可能性のある脆弱性があります。(CVE-2010-0542)
- cups の WEB インターフェースにはフォームの変数を扱っている間, 初期化されていないメモリを読み込む問題が存在し, cupsd のメモリから攻撃者が機密情報を得る脆弱性があります。(CVE-2010-1748)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-0540
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
CVE-2010-0542
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
CVE-2010-1748
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.3.7-18.4.0.1.AXS3.src.rpm
MD5: ae21add564dc8accd10309371bd4ebcb
SHA-256: 930a0a89c189f19b64fd54bbabed8a8e01f3bd80985c9715160fc11c235ab040
Size: 4.17 MB
Asianux Server 3 for x86
- cups-1.3.7-18.4.0.1.AXS3.i386.rpm
MD5: dfe856f8066600dc04469984f580f3c9
SHA-256: 5de4dc818f926b32e8c7f461f0da00367bd8cf583d02f00c1b4b89072bd83598
Size: 3.52 MB - cups-devel-1.3.7-18.4.0.1.AXS3.i386.rpm
MD5: 1b2bfee97135e9869ddd0615defb2414
SHA-256: c294b6b3c52d3d2f13fc0e86f0e4f33c093a9b64c911b9e4a462d2214ce1f700
Size: 77.41 kB - cups-libs-1.3.7-18.4.0.1.AXS3.i386.rpm
MD5: c7fb5724f067ba3f9e0d9a2a755b231b
SHA-256: 0c83f72a847e1fd1920c89da86a32b3f4f56dc8f894af4cf095af624f8ab8ce6
Size: 197.86 kB
Asianux Server 3 for x86_64
- cups-1.3.7-18.4.0.1.AXS3.x86_64.rpm
MD5: 50f4c4ab8dc116c0f2d524c7df11857c
SHA-256: 5037f5ae1650d5bd496013ee4eefd4051e51358f6c0d99ab072394c197b9d1ed
Size: 3.53 MB - cups-devel-1.3.7-18.4.0.1.AXS3.x86_64.rpm
MD5: de799ed49e06154bf377de96096d7ce8
SHA-256: 444ee45325857633ab70038b296a5250353553241235f67867c616a0309f6510
Size: 77.39 kB - cups-libs-1.3.7-18.4.0.1.AXS3.x86_64.rpm
MD5: 1700a7f65443656dd3757988698dd216
SHA-256: e8687155267db60b74a604f8a4c4bee6ac4fbd887eadec86013823581baa0bbd
Size: 193.84 kB