-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0025
                     foomatic-filters security update
                              5 January 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           foomatic-filters
Publisher:         Debian
Operating System:  Debian GNU/Linux 5
                   Debian GNU/Linux 6
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-2964 CVE-2011-2697 

Reference:         ESB-2011.0797

Original Bulletin: 
   http://www.debian.org/security/2011/dsa-2380

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2380-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
January 04, 2012                       http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : foomatic-filters
Vulnerability  : shell command injection
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2697 CVE-2011-2964 
Debian Bug     : 635549

It was discovered that the foomatic-filters, a support package for
setting up printers, allowed authenticated users to submit crafted
print jobs which would execute shell commands on the print servers.

CVE-2011-2697 was assigned to the vulnerability in the Perl
implementation included in lenny, and CVE-2011-2964 to the
vulnerability affecting the C reimplementation part of squeeze.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.0.2-20080211-3.2+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.5-6+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 4.0.9-1.

We recommend that you upgrade your foomatic-filters packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJPBLxbAAoJEL97/wQC1SS+mp0H/jSmC8YAOiGfuoqh6kXFqs6c
3A5d/OWdt/PmxiGB50uU5PUMRtvf0YsH8zdBnsLxodP8BT/67UEVvlBjcLZ3X8vX
e6auNGP1irGOSIgYb7MWtw+0lCspqv49dc5gK0if/kHBv0ExcHavoR4IMaIvsP6w
YOZcd3FL5rTdgIyIMB+KEbMTJW/sR26GjPbAO/N5WWtwbs3IyctM1YK/DTAu9Yji
opNrQG/vCJIQSWlGEjdQ1oto74WiwEExLPsKgZ7hgv0NL4tKnihFnK3Llox5xFvN
Tx57zt4N916uaPGV20GXin0Vlg2x5IwrLy6S8uAljN/3NnMCobzkCFOP4sc/lp0=
=kTKo
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTwUGJ+4yVqjM2NGpAQJseg//R+fYDw2nameZhaAcch+0jfrusQSQ5xKU
nrpjtl2VHCwHQSmHLwlf+a7LA1mjZgUeZ/VB7mb/DkXrMUayy4dCvFT5N430+sYE
rH+gDX16QcvHKa5xE7ly7/tv+qaTwUQnd00FVVWlAzsaMfykeeKcCi+LJy4RNI2R
4Q0GxeFn8QU1hl9E4l4I6iaGmqvfOcDlgMXDKJcAclOf3us+oHgYHSYuIj6suGr8
4OrhVQwKXCj64jeknU0IRGDw3fy78wI1m+YtH7KrQGPPbXC8/3agXWepR5sdQWVF
Vsjgce/dcVFczNq7TgO+xWgLG5s8PggJvZPiZchwRg3jbM+cr0hmNkVUx9b5GL6u
+Ly8asVSCu+bnJS/bIwHsmqK38HB2vy7eTWDS1FJ2Jn/n6tep74zAU1MvbE5SPb4
rOiXjO24BKsNuxZwosfG/R9oylZVv0989oUYlTlabCF9us94xMWQ+VDszMok7RgL
+IMyRa0IC9zW/GQyCuqBfZbVzWXvI3Wi0yoHlYeYh54joTyqD4+Eq52hntgzj3fy
fpdFaiLcBcuFBosIFwY1OGqIP09X6atbNxKc2XE2z9lb8qfhJM3ZT1o3pIPfPlqa
mpAiISipCmg8fHW016LkXFXULf1+zauCZKLwYapjmrlvz6NS58czYOC9bqNsvYJy
sX7CwXSCrME=
=fsSJ
-----END PGP SIGNATURE-----