Detections
Analytics
Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)
medium Nessus Plugin ID 32197
Synopsis
The remote Fedora host is missing a security update.Description
- Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11- Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790).
- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117).
- Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729).
- Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9
- Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656).
- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8
- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls.
- LSPP fixes (cupsdSetString/ClearString).
- Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101).
- Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6
- Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661).
- Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5
- Use ppdev for parallel port Device ID retrieval (bug #311671).
- Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
- Applied patch to fix CVE-2007-3387 (bug #251518).
- Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3
- Better buildroot tag.
- Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522).
- Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2
- Use kernel support for USB paper-out detection, when available (bug #249213).
- Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1
- 1.2.12. No longer need adminutil or str2408 patches.
- Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3
- Better paper-out detection patch still (bug #246222).
- Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2
- Applied patch to fix group handling in PPDs (bug #186231, STR #2408).
- Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1
- Fixed permissions on classes.conf in the file manifest (bug #245748).
- 1.2.11.
- Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com>
- Make the initscript use start priority 56 (bug #213828).
- Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12
- Better paper-out detection patch (bug #241589).
- Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11
- Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057).
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected cups package.See Also
Plugin Details
Severity: Medium
ID: 32197
File Name: fedora_2008-3449.nasl
Version: 1.18
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 5/11/2008
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:cups, cpe:/o:fedoraproject:fedora:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/9/2008
Vulnerability Publication Date: 4/10/2008
Reference Information
CVE: CVE-2008-1722
BID: 28781