Date: 16 September 2004
AusCERT Reference #: ESB-2004.0577
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0577 -- Debian Security Advisory DSA 545-1
New cupsys packages fix denial of service
16 September 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cupsys
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0558
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 545-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 15th, 2004 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : cupsys
Vulnerability : denial of service
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0558
Alvaro Martinez Echevarria discovered a problem in CUPS, the Common
UNIX Printing System. An attacker can easily disable browsing in CUPS
by sending a specially crafted UDP datagram to port 631 where cupsd is
running.
For the stable distribution (woody) this problem has been fixed in
version 1.1.14-5woody6.
For the unstable distribution (sid) this problem has been fixed in
version cupsys_1.1.20final+rc1-6.
We recommend that you upgrade your cups packages.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.dsc
Size/MD5 checksum: 710 a07b12e56c064cc392408b4cd35297ec
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.diff.gz
Size/MD5 checksum: 37466 a3a4e41f61264d96f454e90ba4b5f1b2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 1899360 f215d659dec85338570effe22d1ed2d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 74074 0768333965c953b7b4c4e753e5faf1f0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 92724 1cfaeb0a068ee8b746354c4c70a17241
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 2445566 ffd962bb1528991357378aa3687723c0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 137730 90376f68cf54ad34612d5684bccf22b3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_alpha.deb
Size/MD5 checksum: 180676 34a42174524a51bcd4f47f1d7fa8144f
ARM architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 1821354 9075d071f37fc9f12c7c2e198bc4d11d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 68208 3ef56fd8fa630f466135c031a7a92242
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 85392 d7b701513b6625243a959a0fc642f500
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 2345556 0adb9cd8ec0545e78a2b6e22ae6da85f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 112704 b8015d9c950665b0c7e20473f5a5dded
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_arm.deb
Size/MD5 checksum: 150136 a85d1577cccfa88d18eb3cc9925b158c
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 1788040 ad9376585f934dd43ddd14a0efa24e38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 67712 f661bca82a2c3041ba8c264902d71da9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 83866 5650f15f66e3b4b1f7eb28d531be6655
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 2311690 ade7b27e7a5ac5b447ea86d2a0f7da0b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 110720 26daaa4bda276fc01ad1dec18a9e6246
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_i386.deb
Size/MD5 checksum: 136290 89cdd3c3040084ddca0957cb358e7ee2
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 2007500 78ffbb37d23cc9a17b6d4f69a4ede6d2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 77106 2ec1eb32c757b287e7968fcd29e5f4f1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 96862 59534ee68008b087f7898569eecba0d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 2656502 6f4963047d424a11b1a753fa7f964e4e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 155700 d014b6fa8a66598ac561ce3976f920a3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_ia64.deb
Size/MD5 checksum: 182670 bb59c120ec4da8bb805d76787a6649e4
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 1881226 fb118c844cfdb7f6dd9e8f0112c5aa93
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 70512 4e989a1423e889292f12d3e224606516
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 89532 e600d34e6f5899fea345ac3c6c583ff6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 2455674 bf2076d60f3ff5275652a0e9c0c39264
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 126338 a976066dd66a391db93ca10b26175a9d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_hppa.deb
Size/MD5 checksum: 159268 cbf07f66309b72985528a509a4deab73
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 1754648 5c2029510c1fa709c47e7ff46d8de814
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 65992 0cd2e5053aa6a299abe2d7afb6bfc2fb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 81098 7c19ade6475957b7b718380f8a58ee73
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 2261102 3031b40b3d90f1b6a6a80c2b626013c5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 105946 79faaf339c0982baaba6848d736ac2fc
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_m68k.deb
Size/MD5 checksum: 128508 304b48deb19c4975a39baf68d4108cfe
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 1811166 63316c5c5216aaa4ff28962b479c374f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 67630 323139073dce81bf159f41830023ccc6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 81064 7c4feb7d5d27abe2688903eac8c22a79
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 2404372 0db437ad25beaa39224f5466a704bb49
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 112498 6fd8048438c21e99ebff7eb7ea6af835
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mips.deb
Size/MD5 checksum: 150964 466cb076e1d06e1032143675171d4986
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 1811650 7da825f32fb70cdb41a3f30da4f34e71
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 67602 4571b05b1a7b6a1d3a0d8dbedc071c5c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 81084 aba46d5e79fb1feb7808b864d4415a56
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 2406732 d7c7674cb01f7dcaae94c30035a2395b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 112284 042425fa79583bd196a39bd18023c578
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mipsel.deb
Size/MD5 checksum: 150744 91bb5b8993e1a1a7616d44e31ab6f7c8
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 1800042 6bbbb0187ffa85235f79102fc57c14bb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 67616 f93ce6c4ff46c8ba0b0a9a23d7d0ae63
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 83186 57dce89627c85210935171ae87a342ad
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 2359516 cb59819be590ef13a3e2992b2cc45859
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 116502 1b65cba959b9d238c12ae97f38617de0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_powerpc.deb
Size/MD5 checksum: 144954 c993a822fdcfbe1b8f7378c5af76b015
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 1795432 bd0bac0bf25153570378024d0f8d3ba7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 68996 e8a7d3f58145a295eb0d48940552269f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 85726 d751455c2423b4ec6725fbdfac2b6204
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 2337350 cd84ea419933e75ecba143cf704c96ca
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 115024 5e88baead30a2b62355049fa62f72ff9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_s390.deb
Size/MD5 checksum: 140560 ca6c5e78433107fea3a0c78000a1a4eb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 1844846 a537c47a07f07eb40e37b5cb5a93e33c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 70580 04163ae6f92eb9494a6778659f520d8d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 84012 eb292bf575b623e1b98a33e01db6f0d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 2354384 d103635563e4a36830a91f46340fd14f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 120182 3e52cd974f9e51bc3013b565cf12ef35
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_sparc.deb
Size/MD5 checksum: 146496 8ee6bbaa97c04825178bfe7e7504bc4b
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBSHQbW5ql+IAeqTIRAqMfAJ9cUbj5sT8BPFP0SBQZAt8Mxqjm5gCgh2Yh
Tnp9twUBNSA5agvnNMXYnE4=
=CVAg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQUkiVih9+71yA2DNAQLcbgP+OWWuPECVfIEfnvkEKnJOOFUMfcWTKI7l
BrqvxO07fBGqyLsAwY43PwnAcpouyn5kb2GDJJKAArWq3/op9WhXo+Xadr/ko9yo
yvI0qxkUHGyOVSx/LLyzpt6fiATQ5Qs8X3pR52FrhjNLPb8+OH2pzBA/E3S6norO
ilp5mrCuoqc=
=aqcO
-----END PGP SIGNATURE-----
|