cups-1.6.3-17.el7.1
エラータID: AXSA:2015-199:01
リリース日:
2015/07/25 Saturday - 01:29
題名:
cups-1.6.3-17.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CUPS の filter/raster.c の cupsRasterReadPixels 関数には整数アンダー
フローが存在し,バッファーオーバーフローにつながる不正な圧縮されたラス
タファイルによって,詳細不明な影響を与える脆弱性があります。
(CVE-2014-9679)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
Update package.
CVE:
CVE-2014-9679
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
CVE-2015-1159
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-1.6.3-17.el7.1.src.rpm
MD5: d9e60b1288b3ef852deff1d435a428e9
SHA-256: 9e4a8b0d3b9277d5d5e67f7ddcbc31da7a7ffbc8b692bc57eacb660ee5f426fb
Size: 8.07 MB
Asianux Server 7 for x86_64
- cups-1.6.3-17.el7.1.x86_64.rpm
MD5: 5e92ac7db42f69b08b6cb899db50f0a5
SHA-256: 1b41a182f7f11995c796c58e69b32267d3f4734a37302ad8fa9e213371a74c61
Size: 1.27 MB - cups-client-1.6.3-17.el7.1.x86_64.rpm
MD5: c6bc3ea763f9e4efe1beca2b8f07244a
SHA-256: cce2f4cb15f32a8a22d287e73d952430c125e4a38e8b2405c6517a9bbcbc8d31
Size: 147.00 kB - cups-devel-1.6.3-17.el7.1.x86_64.rpm
MD5: 4b951adfa6157c7503a1c37a578c2c58
SHA-256: 1ce8263d5dbc4f8c2caa8b59841ba832dcd69244a6cf96ead1386a886a6593ae
Size: 128.06 kB - cups-filesystem-1.6.3-17.el7.1.noarch.rpm
MD5: 164f30a27c3e4dfc7fc875df99075f2b
SHA-256: 5b2aee2be34b23d22e718816f243bc3992edb556e0fa3ceb66440437d1533c5b
Size: 92.35 kB - cups-libs-1.6.3-17.el7.1.x86_64.rpm
MD5: a8dcc058441aebe593d607f90899a38e
SHA-256: 3f9062d777ea195cf5f9737c2e18f4d949c43c449b7bea4d75392d613b8c497b
Size: 352.83 kB - cups-lpd-1.6.3-17.el7.1.x86_64.rpm
MD5: 6356e1284c2280ed812c60ec404793aa
SHA-256: 0987770821abd3069356c188d27a99e7b9beeb077d7c3a257b85b7460d78e0bf
Size: 103.13 kB - cups-devel-1.6.3-17.el7.1.i686.rpm
MD5: e2b05eeba027a9a01254e81f7535364e
SHA-256: eb1e543ca602db46cc2f6e0eb0af8d45b08032b53309b790dfb31d5e1caf5643
Size: 128.06 kB - cups-libs-1.6.3-17.el7.1.i686.rpm
MD5: 2305461ed4bb7dccd561a47fca8a4960
SHA-256: d9a432976d9846a24dc6e3188ffb42af99158e789e4db1ed3703e412e1ca1a3a
Size: 354.21 kB