Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0025 foomatic-filters security update 5 January 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: foomatic-filters Publisher: Debian Operating System: Debian GNU/Linux 5 Debian GNU/Linux 6 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2011-2964 CVE-2011-2697 Reference: ESB-2011.0797 Original Bulletin: http://www.debian.org/security/2011/dsa-2380 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2380-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 04, 2012 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : foomatic-filters Vulnerability : shell command injection Problem type : remote Debian-specific: no CVE ID : CVE-2011-2697 CVE-2011-2964 Debian Bug : 635549 It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, and CVE-2011-2964 to the vulnerability affecting the C reimplementation part of squeeze. For the oldstable distribution (lenny), this problem has been fixed in version 3.0.2-20080211-3.2+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 4.0.5-6+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.0.9-1. We recommend that you upgrade your foomatic-filters packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPBLxbAAoJEL97/wQC1SS+mp0H/jSmC8YAOiGfuoqh6kXFqs6c 3A5d/OWdt/PmxiGB50uU5PUMRtvf0YsH8zdBnsLxodP8BT/67UEVvlBjcLZ3X8vX e6auNGP1irGOSIgYb7MWtw+0lCspqv49dc5gK0if/kHBv0ExcHavoR4IMaIvsP6w YOZcd3FL5rTdgIyIMB+KEbMTJW/sR26GjPbAO/N5WWtwbs3IyctM1YK/DTAu9Yji opNrQG/vCJIQSWlGEjdQ1oto74WiwEExLPsKgZ7hgv0NL4tKnihFnK3Llox5xFvN Tx57zt4N916uaPGV20GXin0Vlg2x5IwrLy6S8uAljN/3NnMCobzkCFOP4sc/lp0= =kTKo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTwUGJ+4yVqjM2NGpAQJseg//R+fYDw2nameZhaAcch+0jfrusQSQ5xKU nrpjtl2VHCwHQSmHLwlf+a7LA1mjZgUeZ/VB7mb/DkXrMUayy4dCvFT5N430+sYE rH+gDX16QcvHKa5xE7ly7/tv+qaTwUQnd00FVVWlAzsaMfykeeKcCi+LJy4RNI2R 4Q0GxeFn8QU1hl9E4l4I6iaGmqvfOcDlgMXDKJcAclOf3us+oHgYHSYuIj6suGr8 4OrhVQwKXCj64jeknU0IRGDw3fy78wI1m+YtH7KrQGPPbXC8/3agXWepR5sdQWVF Vsjgce/dcVFczNq7TgO+xWgLG5s8PggJvZPiZchwRg3jbM+cr0hmNkVUx9b5GL6u +Ly8asVSCu+bnJS/bIwHsmqK38HB2vy7eTWDS1FJ2Jn/n6tep74zAU1MvbE5SPb4 rOiXjO24BKsNuxZwosfG/R9oylZVv0989oUYlTlabCF9us94xMWQ+VDszMok7RgL +IMyRa0IC9zW/GQyCuqBfZbVzWXvI3Wi0yoHlYeYh54joTyqD4+Eq52hntgzj3fy fpdFaiLcBcuFBosIFwY1OGqIP09X6atbNxKc2XE2z9lb8qfhJM3ZT1o3pIPfPlqa mpAiISipCmg8fHW016LkXFXULf1+zauCZKLwYapjmrlvz6NS58czYOC9bqNsvYJy sX7CwXSCrME= =fsSJ -----END PGP SIGNATURE-----