Fixes multiple CVEs and patches for image and buffer overflow vulnerabilities in cups-1.3.7-2.fc
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Fedora Update for cups FEDORA-2008-3586 | 17 Feb 200900:00 | – | openvas |
![]() | Fedora Update for cups FEDORA-2008-3586 | 17 Feb 200900:00 | – | openvas |
![]() | Fedora Update for cups FEDORA-2008-2131 | 16 Feb 200900:00 | – | openvas |
![]() | Fedora Update for cups FEDORA-2008-2131 | 16 Feb 200900:00 | – | openvas |
![]() | Slackware Advisory SSA:2008-094-01 cups | 11 Sep 201200:00 | – | openvas |
![]() | Cups < 1.3.8 vulnerability | 17 Jun 200800:00 | – | openvas |
![]() | CUPS < 1.3.8 Multiple Vulnerabilities | 17 Jun 200800:00 | – | openvas |
![]() | Slackware: Security Advisory (SSA:2008-094-01) | 10 Sep 201200:00 | – | openvas |
![]() | Fedora Update for cups FEDORA-2008-8801 | 17 Feb 200900:00 | – | openvas |
![]() | Fedora Update for cups FEDORA-2008-8801 | 17 Feb 200900:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
bugzilla | www.bugzilla.redhat.com/show_bug.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-3586.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(32207);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2008-1722");
script_bugtraq_id(28781);
script_xref(name:"FEDORA", value:"2008-3586");
script_name(english:"Fedora 8 : cups-1.3.7-2.fc8 (2008-3586)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Fri May 9 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.7-2
- Applied patch to fix CVE-2008-1722 (integer overflow
in image filter, bug #441692, STR #2790).
- Fri May 2 2008 Tim Waugh <twaugh at redhat.com>
- Include the hostname in the charset error (part of bug
#441719).
- Thu Apr 10 2008 Tim Waugh <twaugh at redhat.com>
- Log an error when a client requests a charset other
than ASCII or UTF-8.
- Thu Apr 3 2008 Tim Waugh <twaugh at redhat.com>
- Main package requires exactly-matching libs package.
- Wed Apr 2 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.7-1
- 1.3.7. No longer need str2715, str2727, or
CVE-2008-0047 patches.
- Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com>
1:1.3.6-4
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug
#438303).
- Applied patch to prevent heap-based buffer overflow in
CUPS helper program (bug #436153, CVE-2008-0047, STR
#2729).
- Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3
- Apply upstream fix for Adobe JPEG files (bug #166460,
STR #2727).
- Sat Feb 23 2008 Tim Waugh <twaugh at redhat.com>
1.3.6-2
- Fix encoding of job-sheets option (bug #433753, STR
#2715).
- Wed Feb 20 2008 Tim Waugh <twaugh at redhat.com>
1.3.6-1
- 1.3.6. No longer need str2650, str2664, or str2703
patches.
- Tue Feb 12 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-3
- Fixed admin.cgi handling of DefaultAuthType (bug
#432478, STR #2703).
- Mon Jan 21 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-2
- Rebuilt.
- Thu Jan 10 2008 Tim Waugh <twaugh at redhat.com>
- Apply patch to fix busy looping in the backends (bug
#426653, STR #2664).
- Wed Jan 9 2008 Tim Waugh <twaugh at redhat.com>
- Apply patch to prevent overlong PPD lines from causing
failures except in strict mode (bug #405061). Needed
for compatibility with older versions of foomatic
(e.g. Red Hat Enterprise Linux 3/4).
- Applied upstream patch to fix cupsctl --remote-any (bug
#421411, STR #2650).
- Thu Jan 3 2008 Tim Waugh <twaugh at redhat.com>
1.3.5-1
- 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393
patches.
- Efficiency fix for pstoraster (bug #416871).
- Fri Nov 30 2007 Tim Waugh <twaugh at redhat.com>
- CVE-2007-4045 patch is not necessarily because
cupsd_client_t objects are not moved in array
operations, only pointers to them.
- Tue Nov 27 2007 Tim Waugh <twaugh at redhat.com>
- Updated to improved dnssd backend from Till Kamppeter.
- Don't undo the util.c parts of STR #2537.
- Tue Nov 20 2007 Tim Waugh <twaugh at redhat.com>
1:1.3.4-4
- Added fix for STR #2600 in which cupsd can crash from
a NULL dereference with LogLevel debug2 (bug #385631).
- Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com>
1:1.3.4-3
- Fixed CVE-2007-4045 patch; has no effect with shipped
packages since they are linked with gnutls.
- Temporarily undo STR #2537 change so that non-UTF-8
requests are not rejected (bug #378211).
- LSPP cupsdSetString/ClearString fixes (bug #378451).
[plus 6 lines in the Changelog]
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=441692"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009720.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2e86d829"
);
script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/10");
script_set_attribute(attribute:"patch_publication_date", value:"2008/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC8", reference:"cups-1.3.7-2.fc8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo