Fedora 8 : cups-1.3.7-2.fc8 (2008-3586)

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Fri May 9 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.7-2

- Applied patch to fix CVE-2008-1722 (integer overflow
in image filter, bug #441692, STR #2790).

- Fri May 2 2008 Tim Waugh <twaugh at redhat.com>

- Include the hostname in the charset error (part of bug
#441719).

- Thu Apr 10 2008 Tim Waugh <twaugh at redhat.com>

- Log an error when a client requests a charset other
than ASCII or UTF-8.

- Thu Apr 3 2008 Tim Waugh <twaugh at redhat.com>

- Main package requires exactly-matching libs package.

- Wed Apr 2 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.7-1

- 1.3.7. No longer need str2715, str2727, or
CVE-2008-0047 patches.

- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.6-4

- Applied patch to fix CVE-2008-1373 (GIF overflow, bug
#438303).

- Applied patch to prevent heap-based buffer overflow in
CUPS helper program (bug #436153, CVE-2008-0047, STR
#2729).

- Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3

- Apply upstream fix for Adobe JPEG files (bug #166460,
STR #2727).

- Sat Feb 23 2008 Tim Waugh <twaugh at redhat.com>
1.3.6-2

- Fix encoding of job-sheets option (bug #433753, STR
#2715).

- Wed Feb 20 2008 Tim Waugh <twaugh at redhat.com>
1.3.6-1

- 1.3.6. No longer need str2650, str2664, or str2703
patches.

- Tue Feb 12 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-3

- Fixed admin.cgi handling of DefaultAuthType (bug
#432478, STR #2703).

- Mon Jan 21 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-2

- Rebuilt.

- Thu Jan 10 2008 Tim Waugh <twaugh at redhat.com>

- Apply patch to fix busy looping in the backends (bug
#426653, STR #2664).

- Wed Jan 9 2008 Tim Waugh <twaugh at redhat.com>

- Apply patch to prevent overlong PPD lines from causing
failures except in strict mode (bug #405061). Needed
for compatibility with older versions of foomatic
(e.g. Red Hat Enterprise Linux 3/4).

- Applied upstream patch to fix cupsctl --remote-any (bug
#421411, STR #2650).

- Thu Jan 3 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-1

- 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393
patches.

- Efficiency fix for pstoraster (bug #416871).

- Fri Nov 30 2007 Tim Waugh <twaugh at redhat.com>

- CVE-2007-4045 patch is not necessarily because
cupsd_client_t objects are not moved in array
operations, only pointers to them.

- Tue Nov 27 2007 Tim Waugh <twaugh at redhat.com>

- Updated to improved dnssd backend from Till Kamppeter.

- Don't undo the util.c parts of STR #2537.

- Tue Nov 20 2007 Tim Waugh <twaugh at redhat.com>
1:1.3.4-4

- Added fix for STR #2600 in which cupsd can crash from
a NULL dereference with LogLevel debug2 (bug #385631).

- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com>
1:1.3.4-3

- Fixed CVE-2007-4045 patch; has no effect with shipped
packages since they are linked with gnutls.

- Temporarily undo STR #2537 change so that non-UTF-8
requests are not rejected (bug #378211).

- LSPP cupsdSetString/ClearString fixes (bug #378451).

[plus 6 lines in the Changelog]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=441692
http://www.nessus.org/u?2e86d829

Solution :

Update the affected cups package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 32207 (fedora_2008-3586.nasl)

Bugtraq ID: 28781

CVE ID: CVE-2008-1722

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now