Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Fri May 9 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-11

- Applied patch to fix CVE-2008-1722 (integer overflow
in image filter, bug #441692, STR #2790).

- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-10

- Applied patch to fix CVE-2008-1373 (GIF overflow, bug
#438303).

- Applied patch to fix CVE-2008-0053 (HP-GL/2 input
processing, bug #438117).

- Applied patch to prevent heap-based buffer overflow in
CUPS helper program (bug #436153, CVE-2008-0047, STR
#2729).

- Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com>
1:1.2.12-9

- Prevent double-free when a browsed class has the same
name as a printer or vice versa (CVE-2008-0882, bug
#433758, STR #2656).

- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-8

- Fixed CVE-2007-4045 patch
has no effect with shipped
packages since they are linked with gnutls.

- LSPP fixes (cupsdSetString/ClearString).

- Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-7

- Applied patch to fix CVE-2007-4045 (bug #250161).

- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
CVE-2007-5393 (bug #345101).

- Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-6

- Applied patch to fix CVE-2007-4351 (STR #2561, bug
#361661).

- Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-5

- Use ppdev for parallel port Device ID retrieval (bug
#311671).

- Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-4

- Applied patch to fix CVE-2007-3387 (bug #251518).

- Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-3

- Better buildroot tag.

- Moved LSPP access check and security attributes check
in add_job() to before allocation of the job structure
(bug #231522).

- Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-2

- Use kernel support for USB paper-out detection, when
available (bug #249213).

- Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.12-1

- 1.2.12. No longer need adminutil or str2408 patches.

- Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-3

- Better paper-out detection patch still (bug #246222).

- Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-2

- Applied patch to fix group handling in PPDs (bug
#186231, STR #2408).

- Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.11-1

- Fixed permissions on classes.conf in the file manifest
(bug #245748).

- 1.2.11.

- Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com>

- Make the initscript use start priority 56 (bug
#213828).

- Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.10-12

- Better paper-out detection patch (bug #241589).

- Mon May 21 2007 Tim Waugh <twaugh at redhat.com>
1:1.2.10-11

- Fixed _cupsAdminSetServerSettings() sharing/shared
handling (bug #238057).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=441692
http://www.nessus.org/u?fd31df12

Solution :

Update the affected cups package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 32197 (fedora_2008-3449.nasl)

Bugtraq ID: 28781

CVE ID: CVE-2008-1722