Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Fri May 9 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-11

- Applied patch to fix CVE-2008-1722 (integer overflow
in image filter, bug #441692, STR #2790).

- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-10

- Applied patch to fix CVE-2008-1373 (GIF overflow, bug
#438303).

- Applied patch to fix CVE-2008-0053 (HP-GL/2 input
processing, bug #438117).

- Applied patch to prevent heap-based buffer overflow in
CUPS helper program (bug #436153, CVE-2008-0047, STR
#2729).

- Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-9

- Prevent double-free when a browsed class has the same
name as a printer or vice versa (CVE-2008-0882, bug
#433758, STR #2656).

- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-8

- Fixed CVE-2007-4045 patch
has no effect with shipped
packages since they are linked with gnutls.

- LSPP fixes (cupsdSetString/ClearString).

- Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-7

- Applied patch to fix CVE-2007-4045 (bug #250161).

- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
CVE-2007-5393 (bug #345101).

- Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-6

- Applied patch to fix CVE-2007-4351 (STR #2561, bug
#361661).

- Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-5

- Use ppdev for parallel port Device ID retrieval (bug
#311671).

- Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-4

- Applied patch to fix CVE-2007-3387 (bug #251518).

- Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-3

- Better buildroot tag.

- Moved LSPP access check and security attributes check
in add_job() to before allocation of the job structure
(bug #231522).

- Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-2

- Use kernel support for USB paper-out detection, when
available (bug #249213).

- Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-1

- 1.2.12. No longer need adminutil or str2408 patches.

- Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-3

- Better paper-out detection patch still (bug #246222).

- Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-2

- Applied patch to fix group handling in PPDs (bug
#186231, STR #2408).

- Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-1

- Fixed permissions on classes.conf in the file manifest
(bug #245748).

- 1.2.11.

- Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com>

- Make the initscript use start priority 56 (bug
#213828).

- Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.10-12

- Better paper-out detection patch (bug #241589).

- Mon May 21 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.10-11

- Fixed _cupsAdminSetServerSettings() sharing/shared
handling (bug #238057).

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=441692
http://www.nessus.org/u?fd31df12

Solution :

Update the affected cups package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 32197 (fedora_2008-3449.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1722