{"sourceData": "\n ===========================================================\r\nUbuntu Security Notice USN-856-1 November 10, 2009\r\ncups, cupsys vulnerability\r\nCVE-2009-2820\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n cupsys 1.2.2-0ubuntu0.6.06.15\r\n\r\nUbuntu 8.04 LTS:\r\n cupsys 1.3.7-1ubuntu3.6\r\n\r\nUbuntu 8.10:\r\n cups 1.3.9-2ubuntu9.3\r\n\r\nUbuntu 9.04:\r\n cups 1.3.9-17ubuntu3.4\r\n\r\nUbuntu 9.10:\r\n cups 1.4.1-5ubuntu2.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nAaron Sigel discovered that the CUPS web interface incorrectly protected\r\nagainst cross-site scripting (XSS) and cross-site request forgery (CSRF)\r\nattacks. If an authenticated user were tricked into visiting a malicious\r\nwebsite while logged into CUPS, a remote attacker could modify the CUPS\r\nconfiguration and possibly steal confidential data.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n.diff.gz Size/MD5: 104771 87e69cec16a6ce946d9596058c0261d1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n.dsc Size/MD5: 1060 87fa569bd9079b3f9ae30a7f5b1f3ed8\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz\r\n Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ub \\\r\nuntu0.6.06.15_all.deb Size/MD5: 996 5d9f34a7f057bea3779c75981ca1d7e5\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.0 \\\r\n6.15_amd64.deb Size/MD5: 36226 a186aaa1808f0fa03cff48951770b61b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0. \\\r\n6.06.15_amd64.deb Size/MD5: 81904 a73eba03491711b206001709bac3a550\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n_amd64.deb Size/MD5: 2288926 bdb47ce648589b90bd4a10dbdc94f5bb\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubun \\\r\ntu0.6.06.15_amd64.deb Size/MD5: 6096 0b87c751ab9a74660e413a0f69d68712\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0. \\\r\n6.06.15_amd64.deb Size/MD5: 77794 0c51a6a20c0007ce2f8c3be394db475b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0 \\\r\n.6.06.15_amd64.deb Size/MD5: 25744 c440f5af5a1d0be9283b80eb0f4d0c83\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.0 \\\r\n6.15_amd64.deb Size/MD5: 130490 06fa7d92ad32a77ea5199ba83d673f2a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.0 \\\r\n6.15_i386.deb Size/MD5: 34774 829f4e4086e8adb0eba77bcb58ecee0b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0. \\\r\n6.06.15_i386.deb Size/MD5: 77974 a7bf3198c8b5fa6da7e857e6eb8416eb\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n_i386.deb Size/MD5: 2256010 fcd1236998321b7a8c65b3d318ee7023\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubun \\\r\ntu0.6.06.15_i386.deb Size/MD5: 6096 6bb5d1d19ec1fc2f1875805f17e779a6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0. \\\r\n6.06.15_i386.deb Size/MD5: 76904 c61e67f0700f841e2da1e5602268df71\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0 \\\r\n.6.06.15_i386.deb Size/MD5: 25742 9d736132828e8565b7d4f87fd06f9ae1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.0 \\\r\n6.15_i386.deb Size/MD5: 122698 03f0cc40b9f63ad05067f977f1743afc\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.0 \\\r\n6.15_powerpc.deb Size/MD5: 40470 b13d7d7e2ebfd52f7935f230592b977a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0. \\\r\n6.06.15_powerpc.deb Size/MD5: 89554 fdf6dc49944611171160ca2e9b668886\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n_powerpc.deb Size/MD5: 2303628 854768b41f63c26d0213a12c4bdcea6d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubun \\\r\ntu0.6.06.15_powerpc.deb Size/MD5: 6092 014972a73d49bcfc876b9f35b6a17ce4\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0. \\\r\n6.06.15_powerpc.deb Size/MD5: 79440 7644cf7dd4d0ec99cddca2b0db13c510\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0 \\\r\n.6.06.15_powerpc.deb Size/MD5: 25744 b2fa52250a676c06edc8bfed7719fbb9\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.0 \\\r\n6.15_powerpc.deb Size/MD5: 128460 55fe9c48706da675b81bb83e4466be5a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.0 \\\r\n6.15_sparc.deb Size/MD5: 35396 abe44a6d16984d98b3c3e5b4991d5fd6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0. \\\r\n6.06.15_sparc.deb Size/MD5: 78720 c84169c3254bb33d641641b80101dee6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15 \\\r\n_sparc.deb Size/MD5: 2289862 1a82a4d1bda122225e1338ce3ec45962\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubun \\\r\ntu0.6.06.15_sparc.deb Size/MD5: 6096 1b282763cbeea2fd8b5dff2e105eb3bc\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0. \\\r\n6.06.15_sparc.deb Size/MD5: 76716 c7772687eaa66a7b68796c4105f01987\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0 \\\r\n.6.06.15_sparc.deb Size/MD5: 25746 39f480cdac828972f58628088263b84b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.0 \\\r\n6.15_sparc.deb Size/MD5: 124188 df1f99d038d093827ad90caf192e6fe3\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6.diff. \\\r\ngz Size/MD5: 138908 1f4c6bba57e34c8b0445bd657f018518\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6.dsc\r\n Size/MD5: 1441 ca6956a573222ee58f15c60a90782325\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz\r\n Size/MD5: 4700333 383e556d9841475847da6076c88da467\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3. \\\r\n6_all.deb Size/MD5: 1144326 600452c68fc842fa1137cd56cdb2cc95\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_a \\\r\nmd64.deb Size/MD5: 37532 65e462f458840b27ee0aa3a828460c06\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3. \\\r\n6_amd64.deb Size/MD5: 89990 fe90d7c0a97abe9cc428d80ddebaefa6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_amd64 \\\r\n.deb Size/MD5: 1882364 f756fa793fdb0374f5bbf08c711733a1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubun \\\r\ntu3.6_amd64.deb Size/MD5: 60810 8e03369bfad4b19fc04980faab219f3b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3. \\\r\n6_amd64.deb Size/MD5: 50220 3a9bf5779d6af022cb3ae7d18a8cd23e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3 \\\r\n.6_amd64.deb Size/MD5: 344936 e8ab75c73b8afe80dea4a5e2edb25ff7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_a \\\r\nmd64.deb Size/MD5: 178260 b0980c5d1c4236a5ba8c65daf3a82045\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_i \\\r\n386.deb Size/MD5: 36948 f9a0258caa98d72b8ff90524c4b6838f\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3. \\\r\n6_i386.deb Size/MD5: 88408 adde906bb679cae1d3ee998a3d17da65\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_i386. \\\r\ndeb Size/MD5: 1864908 c3bd3e8f2ea8a061938fc832788322f2\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubun \\\r\ntu3.6_i386.deb Size/MD5: 60086 31c04f13fc3f1ee19a98a3d55c57b664\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3. \\\r\n6_i386.deb Size/MD5: 49862 58fffaafbf57e7cb948dcc7b90f5f686\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3 \\\r\n.6_i386.deb Size/MD5: 339358 0aa0767fe15c5b67de4acc5651cbda2b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_i \\\r\n386.deb Size/MD5: 175110 e9a577ef206d7e0467a7344c237a774c\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_lpia.deb\r\n Size/MD5: 36656 1787515e8c02e5093a714361f0f9cc2f\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_lpia.deb \\\r\n Size/MD5: 88744 ae737319f0a10ddc0efe7b3d81c2e3d3\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_lpia.deb\r\n Size/MD5: 1866968 6faef7d9fe0c114700d26a7d6a114e1d\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_lpia \\\r\n.deb Size/MD5: 60490 e604f70078c332415b5c4e736b9bf20f\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_lpia.deb \\\r\n Size/MD5: 50808 f18d90468c7de32208dcd755b7b1710f\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_lpia.de \\\r\nb Size/MD5: 337018 dd7a5ba2b1da8316655e01c6a15f2227\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_lpia.deb\r\n Size/MD5: 174036 2b92d3854cdd18ea9723cb20ba827a19\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_powerpc.deb \\\r\n Size/MD5: 46934 31b017c71fa40d9ebbd54eb9da83b00a\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_powerpc. \\\r\ndeb Size/MD5: 110828 67cd5c1d59adc436f7ea8390e087fa71\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_powerpc.deb\r\n Size/MD5: 1951172 29af30483fa378cc08687f8274b5820e\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_powe \\\r\nrpc.deb Size/MD5: 59934 0ce64a7415f4a42890834e8615c4665a\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_powerpc. \\\r\ndeb Size/MD5: 54920 9283343babb780c9524dc592de14292d\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_powerpc \\\r\n.deb Size/MD5: 341670 771bc58593ea3c07bdeb3df5f168ab5b\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_powerpc.deb \\\r\n Size/MD5: 184002 989fd37b0bf831eb847264a634fdf9ef\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_sparc.deb\r\n Size/MD5: 38028 174419b4c0abdd61484e425f01610210\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_sparc.de \\\r\nb Size/MD5: 91028 31cd2ac8fd872d978edb21b975870e10\r\n http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_sparc.deb\r\n Size/MD5: 1899750 51a378e29cbf0f8cf7660b2b56419199\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_spar \\\r\nc.deb Size/MD5: 57826 f19bbe276d3d2b6c77312256a1960efd\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_sparc.de \\\r\nb Size/MD5: 48216 76cdedba99120c1d30930dd230794010\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_sparc.d \\\r\neb Size/MD5: 341394 230070d09d4ef210d9cb346a1f2a191a\r\n http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_sparc.deb\r\n Size/MD5: 173922 5131154538109753d0bf8cbfc2541c99\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3.diff.gz\r\n Size/MD5: 333061 7330706de0300ff8fdf726f3947c8591\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3.dsc\r\n Size/MD5: 2043 45087adf6eeff3c066199bb22f0fd2b0\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz\r\n Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.3_al \\\r\nl.deb Size/MD5: 1163036 0dc85ed980aec7d0ca47204a75509ae1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.3_all \\\r\n.deb Size/MD5: 58406 481ebb8e769372ae687ab7ddf7327906\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.3_ \\\r\nall.deb Size/MD5: 58414 e7ca2633acec5df8dab00059dde56b2c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.3_all \\\r\n.deb Size/MD5: 58410 a9db719c1ce851adb8b6f1b3a0292fd3\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.3_all.deb \\\r\n Size/MD5: 58402 963fab3a432f3fbaeed5bf7e75e93189\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.3 \\\r\n_all.deb Size/MD5: 58414 6c6b2fbd1483536ce5b0b84f2942eac0\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu \\\r\n9.3_all.deb Size/MD5: 4524 8a04eee20e31ba3d4db226b94e806ffa\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.3 \\\r\n_all.deb Size/MD5: 58410 f6d280e42e630216364ce4e9b3136117\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_amd64 \\\r\n.deb Size/MD5: 37294 341fa919b705a94131b06993bc1306ca\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_am \\\r\nd64.deb Size/MD5: 119768 439a3382fd8b8f693067eea48c2fbb75\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_amd64 \\\r\n.deb Size/MD5: 1684258 2a89e2b4214dc1c9655958f45c1e00ce\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_amd64.deb \\\r\n Size/MD5: 2174130 dd2f8e5999162a4a3ead263c52fa6a72\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_a \\\r\nmd64.deb Size/MD5: 352190 d88f098ca2df6ca6550d54174de65f80\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_amd64 \\\r\n.deb Size/MD5: 173382 733cac3f769a1c52558642fe10a1bfb5\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu \\\r\n9.3_amd64.deb Size/MD5: 61314 0d99a1cff97c0784d4696afaba555293\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_ \\\r\namd64.deb Size/MD5: 52314 10a5f5634ddea63b458f4238f66d3f99\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_i386. \\\r\ndeb Size/MD5: 36214 72d3ce2e7cf9d7a56764957c507a622e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_i3 \\\r\n86.deb Size/MD5: 115352 b55209a22d3e27ccdafdede9ef5377a8\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_i386. \\\r\ndeb Size/MD5: 1544420 508fb74502494b68cb5bf3794aff56a6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_i386.deb\r\n Size/MD5: 2141140 c3b8f6e371dcac9a00c8ee219ecb0da1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_i \\\r\n386.deb Size/MD5: 345996 55f1960c0a948ec3ec1f6bb677122af7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_i386. \\\r\ndeb Size/MD5: 170330 09bbbc7e202e8a656a7a8629eb573cdc\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu \\\r\n9.3_i386.deb Size/MD5: 60544 bedf6b86e68b3de6fcf82cee0279cc7a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_ \\\r\ni386.deb Size/MD5: 51720 009a1818552a2b23b95718a42beb7525\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 36022 2096f92303c88a6fb46eaf667ee8c97b\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 114514 f57873ae6357e865ad727c1420d838a1\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 1573394 b002825eba4a5a5aad9203e846f42a8d\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 2138032 aafe118649a62ef824a31747237863a3\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 342976 9bf54204f2c3f4b580337478cc22c457\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 168554 069c4f08a44b5e46c67394d8024e95eb\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_lpia.d \\\r\neb Size/MD5: 60628 dc313ec6bd4ad41888a34992064edcb7\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_lpia.deb\r\n Size/MD5: 52392 5886c4bff162dc7c37dbab5fb8edc793\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_powerpc.deb\r\n Size/MD5: 43570 3acb58e49bdb265105c8c85d62b3c0f9\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_powerpc.deb\r\n Size/MD5: 138178 2aec882da8d417fc0d697591f0615dfd\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_powerpc.deb\r\n Size/MD5: 1664346 3d7e4d2e7e013350b57353c855d516a9\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_powerpc.deb\r\n Size/MD5: 2266006 729bfb459a25c0bf4ac77324fdcbda08\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_powerpc.deb \\\r\n Size/MD5: 347978 420d3ef4ce4e26ff4c318148f8096438\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_powerpc.deb\r\n Size/MD5: 177652 0ee07a4050ce0d3ac386367992baf460\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_powerp \\\r\nc.deb Size/MD5: 61268 fb32593477a6556744d30c101a7e2d7f\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_powerpc.de \\\r\nb Size/MD5: 57450 259fe729e86bbb840397ab3ab743aa88\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 37208 186537b71f462834d7e0042f9854a2a8\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 117628 84b8143dc57f77c22f1ced6de81e621a\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 1492506 8eb12df3c0fe54d2a451b8c7fdeacffd\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 2202788 6144f2913f70ea29abc24f94e747309f\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 344786 37263ca6477d26b0069bbe4d48107a16\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 166470 5da8682bbcb6ae6a67bed5e3d19c745c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_sparc. \\\r\ndeb Size/MD5: 57860 470f78d4513016627a1a18659f054e0f\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_sparc.deb\r\n Size/MD5: 49794 3c99682d1fd2e494dadc9654fa452a17\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4.diff.gz\r\n Size/MD5: 335454 b82f7db3a8bcfa9d3e93d1534b88e4b9\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4.dsc\r\n Size/MD5: 1994 c6ac782dbbb04a8a775f62541e76a31c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz\r\n Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.4_a \\\r\nll.deb Size/MD5: 1165440 5e5bf6235af398e25167d85876b634c1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.4_al \\\r\nl.deb Size/MD5: 60696 37e4136782a9a165f13e8f3b94c4f9fe\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3. \\\r\n4_all.deb Size/MD5: 60708 dd229fccbb8ccae2ccb054c25b4c5994\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3. \\\r\n4_all.deb Size/MD5: 60694 c657f3a0791603065a5cf67eb8e5e194\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubunt \\\r\nu3.4_all.deb Size/MD5: 60700 8ee570b8b489e97493e2d4d783d75ed9\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubunt \\\r\nu3.4_all.deb Size/MD5: 4522 08c65389dbb6f9626ada34ad06d9b2bf\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.4_al \\\r\nl.deb Size/MD5: 60692 5b51d759aa47528de1dfa7d9c42fc26c\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3. \\\r\n4_all.deb Size/MD5: 60696 db06a18f2cef2fc5c6f0495474d49add\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_amd6 \\\r\n4.deb Size/MD5: 37310 22991bc6d3baa0b3afa0db4532465284\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_a \\\r\nmd64.deb Size/MD5: 119738 860a7bbf2861f4042832eb029c31a446\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_amd6 \\\r\n4.deb Size/MD5: 1659750 5e22db8ad5bd95b010563ae65ff3f228\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_amd64.de \\\r\nb Size/MD5: 2170068 cf6798e1de2477a3f8320bb5ecfbc589\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_ \\\r\namd64.deb Size/MD5: 352132 ec1e110dc766771b6c5fab0e39c59e40\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_amd6 \\\r\n4.deb Size/MD5: 177592 601031c57026090350eaf94c759a15eb\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubunt \\\r\nu3.4_amd64.deb Size/MD5: 61268 60e1ff066280cc55800c18cb804f2f4e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4 \\\r\n_amd64.deb Size/MD5: 52218 269daec8f3f73b8b4b16407498c1fd05\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_i386 \\\r\n.deb Size/MD5: 36236 2ab79e7b6645e36dd7c2a4cbcb17b521\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_i \\\r\n386.deb Size/MD5: 115308 5b8bfbd49572609010ff85e4ecc40a6c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_i386 \\\r\n.deb Size/MD5: 1519390 c9695938dae4fe6073aef5392caf8a6c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_i386.deb \\\r\n Size/MD5: 2136394 6b7bbb0d01cf0622410dd9d4c4376558\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_ \\\r\ni386.deb Size/MD5: 345980 c2f9a9283d71dddc23e56b3e622d0c24\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_i386 \\\r\n.deb Size/MD5: 174200 4108f0c04a0ec92a4194ed2df8c37f0f\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubunt \\\r\nu3.4_i386.deb Size/MD5: 60500 e691c2405ed5cd5572a966914db68ade\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4 \\\r\n_i386.deb Size/MD5: 51540 39eb1f820a11ce3c25c9011e1ef98a9b\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 36040 cbce23be76ca47db07aa74a82102312a\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 114514 c183acb169b907cb5dbe7c4ba8b48a35\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 1547628 817a2ea820c9f3f1dfc8794bcd1c69ee\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 2133908 e4c4d9f860d24e0c2f90fb6560db5057\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 342932 be341b8686a73586144d028093fdaed7\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 172396 da4f011567b8a08b48f549c91599b319\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_lpia. \\\r\ndeb Size/MD5: 60666 3be2eeaacbe6a47748ae963e5886385c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_lpia.deb\r\n Size/MD5: 52342 5a98f1739f1f0415479613061432c6eb\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_powerpc.deb\r\n Size/MD5: 43562 534f1caca68a72a3e76710a9000f459a\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_powerpc.deb \\\r\n Size/MD5: 138140 d828d31864e344e2786928975c7c9f95\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_powerpc.deb\r\n Size/MD5: 1635484 81b3e0169f72e4923bf4bb4daff26c13\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_powerpc.deb\r\n Size/MD5: 2257642 0e339166b7323218a1085c0c82fd7a7c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_powerpc.de \\\r\nb Size/MD5: 347900 a50d10218fce3b68203159bc371293f0\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_powerpc.deb\r\n Size/MD5: 183046 f29e604a14a2bc69a9bd79cc51d52ae9\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_power \\\r\npc.deb Size/MD5: 61312 e7b9ca29914ee9affec5e4d27e06e459\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_powerpc.d \\\r\neb Size/MD5: 57406 68c55bbe03177f37c7dfba9936c68bea\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 37206 d7adafff178271caa1fb4589563d505d\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 117568 ea4127fb28b66a99869fe1a8e6db7175\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 1464072 870d238bb2767b5a9b903ac0ac1c2dd3\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 2203838 7325f07f8a427a5bbd50d6d1b00133aa\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 344720 a7caefd896fc92ef2973ff77e534551d\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_sparc.deb\r\n Size/MD5: 170030 53208da1a634caac02d1f9064e94ff7f\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_sparc \\\r\n.deb Size/MD5: 57856 42ebb0a99156e6e9cb8120b6ca085d95\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_sparc.deb \\\r\n Size/MD5: 49694 cbd420eb793c89d633c15f7141493533\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1.diff.gz\r\n Size/MD5: 414079 ec1b2785e204040587d379dd0e641ad1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1.dsc\r\n Size/MD5: 2272 965843554a241b6a33a579a0e2a5d654\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz\r\n Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.1_al \\\r\nl.deb Size/MD5: 1418920 46b9803e26d485beb81d8a4f0dd59cc6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.1_all \\\r\n.deb Size/MD5: 68976 8dba96de9fd5dddc605cb3a655125f8f\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.1_al \\\r\nl.deb Size/MD5: 68936 fb5282d11eca79ee314306b2ff3e047a\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.1 \\\r\n_all.deb Size/MD5: 68970 521a313d0ba7caa9c1b1abe954cad9d2\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu \\\r\n2.1_all.deb Size/MD5: 68974 db0c05a24ad39d36a3504e4001585339\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu \\\r\n2.1_all.deb Size/MD5: 4548 2f09755aaeab6a7c55210f69056ef983\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.1_all \\\r\n.deb Size/MD5: 68964 ee633cb6426259e9040925c4c0bd9cb4\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_amd64 \\\r\n.deb Size/MD5: 36728 99e15138c49f7647158ac567cea140f2\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_am \\\r\nd64.deb Size/MD5: 120314 b6a4fca33212ac0f3f0a0d28c284a0fa\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_amd64 \\\r\n.deb Size/MD5: 88944 8e16293ce4bbee4d25452621a5d8bb3c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_amd64.deb \\\r\n Size/MD5: 1909510 f4e99cb68478a7543045c5d96b2492f6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_a \\\r\nmd64.deb Size/MD5: 210280 4efe70259bd68bab99d6af37e3b83d44\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_amd64 \\\r\n.deb Size/MD5: 218154 57ac48d56cf39cccafaa41c761ee0831\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2. \\\r\n1_amd64.deb Size/MD5: 101138 cc401d5fe9eaebe5ccb3d05fc081fca5\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_am \\\r\nd64.deb Size/MD5: 31578 65cb6d0b7c31f42d1e4dc7a558cb6247\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubunt \\\r\nu2.1_amd64.deb Size/MD5: 89540 c37c83f1307577413832478e6c530c7a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1 \\\r\n_amd64.deb Size/MD5: 22190 3fc0bf084d35bd59b65d6b05564f616e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu \\\r\n2.1_amd64.deb Size/MD5: 61526 8d87cbc9fdf86f9b3f36a31f885903ee\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_ \\\r\namd64.deb Size/MD5: 53162 22462bb90ed221ae87f3aaf82c6e15e6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2 \\\r\n.1_amd64.deb Size/MD5: 80478 a196b04873b8a4538794141fb050f7c4\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_a \\\r\nmd64.deb Size/MD5: 15500 d585e4169708c121fc331ad76bc6734c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2 \\\r\n.1_amd64.deb Size/MD5: 142366 e8ed05502ab69c842622a8bd1c1ce2b6\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_a \\\r\nmd64.deb Size/MD5: 60100 fa37462e2be306dc2e59941ad7152b16\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_ \\\r\namd64.deb Size/MD5: 34534 135edf4eb2c710ff5223b465a2458a49\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_i386. \\\r\ndeb Size/MD5: 35468 a4f9880fc829b12ff07236426f64fb9b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_i3 \\\r\n86.deb Size/MD5: 115372 9e0333d6e7334936505eab56c7b40007\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_i386. \\\r\ndeb Size/MD5: 88104 7e19734ed0db1a1d8a8037002171ea55\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_i386.deb\r\n Size/MD5: 1867734 7ed73f246e05368ebba018162cd290a2\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_i \\\r\n386.deb Size/MD5: 199348 d3ddbf19d7989889cf7719bdf991e509\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_i386. \\\r\ndeb Size/MD5: 212228 149a9c34f3adff0b7477cd47b18637fd\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2. \\\r\n1_i386.deb Size/MD5: 100414 7e2f5ffc6c1a6304d59ccdcdfec17b1a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_i3 \\\r\n86.deb Size/MD5: 31372 476160c932e4f9f65c683ab895896694\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubunt \\\r\nu2.1_i386.deb Size/MD5: 89752 a35544f5d710449bb1c4f976114c0d40\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1 \\\r\n_i386.deb Size/MD5: 22058 0e1b563c11d5f4557cdc6c7772c4ee52\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu \\\r\n2.1_i386.deb Size/MD5: 60316 af61360870c910dbe75ab3175bd79324\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_ \\\r\ni386.deb Size/MD5: 52406 294706c65b211dc84b6303e7b6c8a621\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2 \\\r\n.1_i386.deb Size/MD5: 80458 8e2ff90e6d15b94c283f37353ad0b618\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_i \\\r\n386.deb Size/MD5: 15208 5e206398efb3de6f94ed622e5834ccd1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2 \\\r\n.1_i386.deb Size/MD5: 140852 0b2dc7bc7be253083a1a8a5d3a82b166\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_i \\\r\n386.deb Size/MD5: 61432 4dfac9d783c15467c903c3c5f5e3ad10\r\n http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_ \\\r\ni386.deb Size/MD5: 32806 09aaa4f71966bca96c284e31d2ab50ab\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 35442 201aa82511a54c6faa7f658f6911f5ca\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 115232 36be681d1f598c5b063608da5e21b119\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 88070 95ee10203129918b87f5981c0feb9e6f\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 1865396 df7a85287e16825a455fbe501f5f3aab\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 196694 9464af9dfe4aa84dd770ba4dc8840970\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 210766 c68f89f92f843f3a22c8b15c308a2c24\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_lpia.deb \\\r\n Size/MD5: 99822 b8ac152be2e01ba5fa140b467efcbbc5\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 31204 2228b4e2d9b7c9bfa77f86975128838d\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_lpia. \\\r\ndeb Size/MD5: 89176 bbedc8721d5e71b2f65b3a9b8fb8b559\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 21772 fe557a92668bc1c56dd375b82a6631e3\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_lpia.d \\\r\neb Size/MD5: 59954 3aba2f186b5d9fcd1904b16713530b36\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 52568 73b85f807859d09b4642911b95bbac6c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_lpia.de \\\r\nb Size/MD5: 80406 98585805ac88d962655a0ce9691124f7\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 15300 b74531b670ea8e804e75c2787a718e55\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_lpia.de \\\r\nb Size/MD5: 141194 c33231f3557dc58a3db03a5bc33b3993\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 62662 d744fd1f968312b4cf6d8c43adb46be8\r\n http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_lpia.deb\r\n Size/MD5: 33260 6c0faa6d9cbd47081129bc340b1df4dd\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 37006 542560af6515508437474629720d23b5\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 121726 3ed4a4acad8e622600b15a548ece010f\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 88690 b1751eaada5bfb6ef930cbf293a9820d\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 1930968 f2141ef292d9d393f5b64611ac8d97c7\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_powerpc.deb \\\r\n Size/MD5: 203490 99bef00a40b96891cda75f5bbc6d59a8\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 222890 847cc9438c701f8829e28f4c77013fc1\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_powerpc. \\\r\ndeb Size/MD5: 100380 65ce9fffb183b88fce1b07e896131957\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_powerpc.deb\r\n Size/MD5: 33344 765416fd0fcc436f23a0132fc55ea1ee\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_power \\\r\npc.deb Size/MD5: 88948 ebbdf4d99d1f7a8b666ff790abed4e3c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_powerpc.d \\\r\neb Size/MD5: 22312 1e144c65199ac01b65c6773754f44da6\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_powerp \\\r\nc.deb Size/MD5: 60624 892688a051441152af7e32f5def6b6a0\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_powerpc.de \\\r\nb Size/MD5: 55372 f855c16a48edddc765cce6fa833ef37b\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_powerpc \\\r\n.deb Size/MD5: 80910 109a28f3068a9d82b039582b8017fc61\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_powerpc.deb \\\r\n Size/MD5: 15790 4264515ba0e3bb544b24de41d2b7097b\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_powerpc \\\r\n.deb Size/MD5: 140458 f108dcc4edfd300d2639e0e330a22ad3\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_powerpc.deb \\\r\n Size/MD5: 64956 45f6e3d1aefa1e8a3577d3198a798357\r\n http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_powerpc.de \\\r\nb Size/MD5: 34784 c431eef32a2b7858e9e6de4fe799ca0d\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 36064 7d325abd728d6110b71317174ebbb293\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 117962 6120775c6ec78d8d16573e350b1562f2\r\n http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 88522 bf8a9279b1119862d4622c4ca43b1687\r\n http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 1954476 049fd252226ac45ba96ac0cd9e098035\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 201448 5e04b7604a8bd88776dbe9e1ce772d47\r\n http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 209786 7d96c58efb78c81c22978b9a6702060e\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_sparc.de \\\r\nb Size/MD5: 102028 70799968a9451b0f1ef69284c8fd2fb0\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 31558 95e7d5e402fcba5354642e11a08b1020\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_sparc \\\r\n.deb Size/MD5: 89148 d4449b25673539fe5a94c2fe62e3608c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_sparc.deb \\\r\n Size/MD5: 21380 d9ebc7d03b38e102f4c22ec6defc3ecd\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_sparc. \\\r\ndeb Size/MD5: 58158 f836d37fb4d6d173e8d8e5d2867b6a45\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 50290 9026505395d96d5618a4174466a7f867\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_sparc.d \\\r\neb Size/MD5: 79672 5a50031c8b0249ef07d0649c395ec80c\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 14382 dd754302ed02f4812bd09d939700aa67\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_sparc.d \\\r\neb Size/MD5: 143678 ba37f34a8a06502b81730b6d2a01fee4\r\n http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 61446 9a91de8d93701a2f9e2c282fe43748ed\r\n http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_sparc.deb\r\n Size/MD5: 33866 736cd09302ee78f8d6d7d05f207bc1dd\r\n\r\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12619", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-12619", "type": "seebug", "viewCount": 2, "references": [], "lastseen": "2017-11-19T18:30:46", "published": "2009-11-11T00:00:00", "cvelist": ["CVE-2009-2820"], "id": "SSV:12619", "enchantments_done": [], "modified": "2009-11-11T00:00:00", "title": "CUPS vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-11-19T18:30:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2820"]}, {"type": "ubuntu", "idList": ["USN-856-1"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1933.NASL", "SUSE_11_0_CUPS-091104.NASL", "SUSE_11_2_CUPS-091204.NASL", "SUSE_11_CUPS-091104.NASL", "UBUNTU_USN-856-1.NASL", "CUPS_1_4_2.NASL", "FEDORA_2009-11314.NASL", "FEDORA_2009-10891.NASL", "SUSE_11_1_CUPS-091104.NASL", "FEDORA_2009-11062.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066430", "OPENVAS:136141256231066283", "OPENVAS:66307", "OPENVAS:136141256231066287", "OPENVAS:136141256231066269", "OPENVAS:1361412562310100344", "OPENVAS:830894", "OPENVAS:66283", "OPENVAS:66269", "OPENVAS:1361412562310830894"]}, {"type": "seebug", "idList": ["SSV:12599", "SSV:12663", "SSV:12618"]}, {"type": "exploitdb", "idList": ["EDB-ID:33339", "EDB-ID:10001"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1933-1:BE391"]}, {"type": "redhat", "idList": ["RHSA-2009:1595"]}, {"type": "centos", "idList": ["CESA-2009:1595"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1595"]}], "modified": "2017-11-19T18:30:46", "rev": 2}, "vulnersScore": 5.9}}

{"cve": [{"lastseen": "2020-12-09T19:31:21", "description": "The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.", "edition": 5, "cvss3": {}, "published": "2009-11-10T19:30:00", "title": "CVE-2009-2820", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2820"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x_server:10.6", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.3.6", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x:10.6", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.5.8"], "id": "CVE-2009-2820", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2820", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T18:58:30", "description": "CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability. CVE-2009-2820. Remote exploit for linux platform", "published": "2009-11-09T00:00:00", "type": "exploitdb", "title": "CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-09T00:00:00", "id": "EDB-ID:33339", "href": "https://www.exploit-db.com/exploits/33339/", "sourceData": "source: http://www.securityfocus.com/bid/36958/info\r\n\r\n\r\nCUPS is prone to a cross-site scripting vulnerability because the software fails to sufficiently sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nNOTE: This vulnerability was originally reported in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been given its own record to better document it.\r\n\r\nThis issue affects versions prior to CUPS 1.4.2. \r\n\r\nhttp://www.example.com/admin/?kerberos=onmouseover=alert ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33339/"}, {"lastseen": "2016-02-01T11:42:32", "description": "CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability. CVE-2009-2820. Remote exploits for multiple platform", "published": "2009-11-11T00:00:00", "type": "exploitdb", "title": "CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-11T00:00:00", "id": "EDB-ID:10001", "href": "https://www.exploit-db.com/exploits/10001/", "sourceData": "Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI.\r\n\r\nThe following example URI is available:\r\n\r\nhttp://www.example.com/admin/?kerberos=onmouseover=alert", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10001/"}], "seebug": [{"lastseen": "2017-11-19T18:30:44", "description": "No description provided by source.", "published": "2009-11-11T00:00:00", "type": "seebug", "title": "New cups packages fix cross-site scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12618", "id": "SSV:12618", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1933-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nNovember 10, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : cups\r\nVulnerability : missing input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id : CVE-2009-2820\r\n\r\n\r\nAaron Siegel discovered that the web interface of cups, the Common UNIX\r\nPrinting System, is prone to cross-site scripting attacks.\r\n\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.3.8-1+lenny7.\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 1.2.7-4+etch9.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution\r\n(sid), this problem will be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your cups packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, \\\r\nmipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\r\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz\r\n Size/MD5 checksum: 112995 fe3566daa6615bcd625288ce98e9384f\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc\r\n Size/MD5 checksum: 1095 804241054cda1301d183492ea5969649\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_al \\\r\nl.deb Size/MD5 checksum: 917720 bc97c75dacbd345dfd07e9397c91c38f\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+et \\\r\nch9_all.deb Size/MD5 checksum: 46524 4f95c2485efda6dc7fc306162a5b1641\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_alpha.deb Size/MD5 checksum: 72990 bf27b53404f44fcea401f8ff88de8aa2\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha \\\r\n.deb Size/MD5 checksum: 1095268 d25ffb1cdb0d32cb3d80d6a551b355c7\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_a \\\r\nlpha.deb Size/MD5 checksum: 184818 00aa5f531b8c3a30c6c77b926be722d2\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha \\\r\n.deb Size/MD5 checksum: 175652 d52f9ee130bbf84d5436a71bb526f56c\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_al \\\r\npha.deb Size/MD5 checksum: 95922 8d80f7b83c755b59401fa7dd0b2ca81e\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb \\\r\n Size/MD5 checksum: 1605614 26620cc74617e392217a198fbde74860\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_al \\\r\npha.deb Size/MD5 checksum: 86404 5cebb372c4230f6ec95f89be9183293c\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha \\\r\n.deb Size/MD5 checksum: 39290 429780ee5c35d47504291877979b6a15\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64 \\\r\n.deb Size/MD5 checksum: 162858 1efc0ec7be9fc17ec25aab13eeb6e169\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_am \\\r\nd64.deb Size/MD5 checksum: 80712 2f639382f1e7767254a39358e7a79aed\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64 \\\r\n.deb Size/MD5 checksum: 1090142 e33720ca87a04a87fe9a23b281c1bac0\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_am \\\r\nd64.deb Size/MD5 checksum: 86648 7eacddf27156689a52fe3b620392f734\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb \\\r\n Size/MD5 checksum: 1578128 1726cfeb573c14d325bd7d3c6ec29188\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_amd64.deb Size/MD5 checksum: 53050 342387c9d81a32530263493d8a11eb86\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_a \\\r\nmd64.deb Size/MD5 checksum: 142540 66ff1c8c7c2bae7320d208e1ac6748c5\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_amd64 \\\r\n.deb Size/MD5 checksum: 36356 a752bf52d8c59b7e7b16a44e6265da78\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_ar \\\r\nm.deb Size/MD5 checksum: 78688 9ee5e250e8db317459cf64f0f4d2b9e9\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_arm.d \\\r\neb Size/MD5 checksum: 155024 2e0ba671643828c8a208647ffc267b64\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_ar \\\r\nm.deb Size/MD5 checksum: 85562 05a0e3e5bbcc37c3a22e5e5343bbc44d\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_arm.deb\r\n Size/MD5 checksum: 1569288 8871122b1793c0e6f24e10fb781e0cb9\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_arm.deb Size/MD5 checksum: 48948 9c51ba4c36e7fc6c4dbd2da98be31557\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_arm.d \\\r\neb Size/MD5 checksum: 1024098 d942cccf63a8013a157f6cd8b8091a77\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_arm.d \\\r\neb Size/MD5 checksum: 36760 f4f9b00a6516aaad65423afdb7cc15c3\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_a \\\r\nrm.deb Size/MD5 checksum: 131680 8ae7ad06a988b72ec037bd8576a5401b\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_hppa.deb Size/MD5 checksum: 57248 6ce4ddf236ef42bd67a8cbdfcd433a22\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_hp \\\r\npa.deb Size/MD5 checksum: 91630 2351fe0384a9aacfe47d2917fad5c373\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_hp \\\r\npa.deb Size/MD5 checksum: 86788 4f32c2829c4e067c47d2d403a7ce4f41\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_hppa. \\\r\ndeb Size/MD5 checksum: 1038730 ae7853cba7ba8f46eb0b8f02b32afc01\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_hppa.deb\r\n Size/MD5 checksum: 1630072 270330a3a787ab952bb8c315bff4dea3\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_h \\\r\nppa.deb Size/MD5 checksum: 154678 0b97726ccaf51ff69b8f29159f3def07\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_hppa. \\\r\ndeb Size/MD5 checksum: 172288 f62575c4d075147cdab3e2b3912a28d2\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_hppa. \\\r\ndeb Size/MD5 checksum: 40378 7dfc68f3a0de6c6a0027cf3f82f28100\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_i386.deb\r\n Size/MD5 checksum: 1558554 20697fd1df339dfe66645e41f8fdab62\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_i386.deb Size/MD5 checksum: 53226 ed047b982bccef707582c5239e6c4529\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_i3 \\\r\n86.deb Size/MD5 checksum: 79704 defeadc51fe3b8e70c248e7f7cd78eeb\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_i3 \\\r\n86.deb Size/MD5 checksum: 87582 82b5f9adc2612c3d3818d9ee619e98c2\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_i386. \\\r\ndeb Size/MD5 checksum: 161536 cc750090dea44733d5bfa4859768fd50\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_i \\\r\n386.deb Size/MD5 checksum: 137800 ced35b0270e6f9576a084a848097e56c\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_i386. \\\r\ndeb Size/MD5 checksum: 998886 599796e90c29f4adfd032f7eced8dbd6\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_i386. \\\r\ndeb Size/MD5 checksum: 36234 47bd2806f7fa212153053cf58bfa7f1b\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_i \\\r\na64.deb Size/MD5 checksum: 192380 fac2ee8208cc62269d660293987722c4\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_ia64. \\\r\ndeb Size/MD5 checksum: 46336 537bf35bd49b91a743511ae655ea98fa\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_ia \\\r\n64.deb Size/MD5 checksum: 106222 41d7dfbd5f5f8989c491dd7c6256d23c\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_ia64.deb\r\n Size/MD5 checksum: 1773934 ed2f57b9532dfdd17a487cc794674254\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_ia64. \\\r\ndeb Size/MD5 checksum: 204566 e0b3ae3cb6dcf554600cd8a6282f31c3\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_ia64. \\\r\ndeb Size/MD5 checksum: 1109732 dc2117102927617da49909c68a4c010d\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_ia \\\r\n64.deb Size/MD5 checksum: 107490 e755ddc16e79d95f5e717cdda6b8b66a\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_ia64.deb Size/MD5 checksum: 74382 2625f53f6a81c275e6b3600b6f83e40e\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mips. \\\r\ndeb Size/MD5 checksum: 158354 8c52640f70fd6bd724e48bf3aa5ddaf6\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mips.deb\r\n Size/MD5 checksum: 1569908 6e4b324f3d4ef8630c4a8a1d8d373a10\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mips. \\\r\ndeb Size/MD5 checksum: 1100238 265ebdea306b57efaa192601902c6152\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mi \\\r\nps.deb Size/MD5 checksum: 76154 a2b996d1dced2ccf1d0b325e403ad76e\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_mips.deb Size/MD5 checksum: 57670 e7496d3c9ff40b21841004011d984ab0\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mips. \\\r\ndeb Size/MD5 checksum: 36110 2e6233c94a391e3c12a42fb242b90c0d\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_m \\\r\nips.deb Size/MD5 checksum: 150984 c4b5d5c3e84d1558a3a9779f8a44880e\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mi \\\r\nps.deb Size/MD5 checksum: 87150 252b222f10710ac818eaa39d0e62d1d0\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mipse \\\r\nl.deb Size/MD5 checksum: 158900 8fef7b67a8b23b8410cad13581d3c87f\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mipse \\\r\nl.deb Size/MD5 checksum: 1089172 4026204ebe8cd1e3aca31fabd5c4751d\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mipse \\\r\nl.deb Size/MD5 checksum: 36056 72c3532a5db151edc04ddcf5230d10ae\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mipsel.de \\\r\nb Size/MD5 checksum: 1555346 7d1c3413c07ce587bcbc6b0825b27aa1\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_mipsel.deb Size/MD5 checksum: 57798 e38bc41a4cee06be91e5ca90eaa834d6\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_m \\\r\nipsel.deb Size/MD5 checksum: 150896 010940ad9b6f216f58055dee0c05720e\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mi \\\r\npsel.deb Size/MD5 checksum: 77452 1bf693a139ca808f0ddfde50daeb3951\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mi \\\r\npsel.deb Size/MD5 checksum: 87318 e6aadf01613a8363e9a77dabda1cc7b0\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_po \\\r\nwerpc.deb Size/MD5 checksum: 89456 ce774884f9f2d60d53b9738087b1997c\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_power \\\r\npc.deb Size/MD5 checksum: 41338 6470a2c554400bf5d76df57a10c59b1a\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_power \\\r\npc.deb Size/MD5 checksum: 163538 f312c95edac480e335383282e658afa4\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_power \\\r\npc.deb Size/MD5 checksum: 1148886 2867ed7850c711eb45802ee198667b6c\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_p \\\r\nowerpc.deb Size/MD5 checksum: 136252 ead19e10b92e029542cf17b378a567fc\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_po \\\r\nwerpc.deb Size/MD5 checksum: 89566 03ad548ff0f04c960eb4f242dc46251d\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_powerpc.deb Size/MD5 checksum: 51924 f25670cf80cd3d7558da75c315305725\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_powerpc.d \\\r\neb Size/MD5 checksum: 1584292 238dcd774ade788f8bd22094c45a1330\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_s390. \\\r\ndeb Size/MD5 checksum: 37416 996dfcb6fb6f65d8f13b7dae44e19dcf\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_s \\\r\n390.deb Size/MD5 checksum: 144934 ce53888a5d6fb6546cea3a29554dc617\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_s390. \\\r\ndeb Size/MD5 checksum: 1039580 aa0880a0c055113199e8f7c7bbdb2478\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_s390. \\\r\ndeb Size/MD5 checksum: 167056 4a769af5c2d19121705021fa93f50754\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_s390.deb\r\n Size/MD5 checksum: 1589794 9dfd00c1deacfda509f538cee7713da4\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_s3 \\\r\n90.deb Size/MD5 checksum: 88248 1d05ee6ddb20e514e6c99fe31399f2d5\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_s390.deb Size/MD5 checksum: 52516 fb5a46492d2a20e430af75e816924b35\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_s3 \\\r\n90.deb Size/MD5 checksum: 82330 16608e47717961ab5ae7a00d73bed368\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_sp \\\r\narc.deb Size/MD5 checksum: 78514 690e8cc7cc8cec06cfbff7bce25484c5\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_sparc \\\r\n.deb Size/MD5 checksum: 994252 5085b682f7e0c7ec22be63843cd3f015\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch \\\r\n9_sparc.deb Size/MD5 checksum: 51784 9bd7bf8d93316b8a59d98541101cbc73\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_s \\\r\nparc.deb Size/MD5 checksum: 139562 c783267048e5410b6ab38dadf6b92fd7\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_sparc \\\r\n.deb Size/MD5 checksum: 36024 29fbb1ae8a6be5647d0d1eae4dbe35aa\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_sparc \\\r\n.deb Size/MD5 checksum: 159428 42067c27bab2c7e5dc0da63f92ce073b\r\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_sparc.deb \\\r\n Size/MD5 checksum: 1564572 83de8732694d0cc2aa0cd70636c89917\r\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_sp \\\r\narc.deb Size/MD5 checksum: 85628 a06afa2268b22d071eec37a6a0f558ad\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, \\\r\nmipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.diff.gz\r\n Size/MD5 checksum: 188585 2f134119c9ab17213747ad55cd3abdf5\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz\r\n Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.dsc\r\n Size/MD5 checksum: 1838 598e0194241cb4b10e6ea6264c620f11\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny7_all \\\r\n.deb Size/MD5 checksum: 52150 fcd78609b6330b7cac8eebf77d90551b\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny7_all.de \\\r\nb Size/MD5 checksum: 52148 64539574b4ba2f2bdde5cfe8a5bb404a\r\n http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny7_all.de \\\r\nb Size/MD5 checksum: 52146 899bfa5316f20775298b3d05e2e66ce9\r\n http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny7_all.de \\\r\nb Size/MD5 checksum: 52148 7cf6e014adbf027f70c5be49eb8ca71d\r\n http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny7_all \\\r\n.deb Size/MD5 checksum: 52150 0d536e8ea0f7bdbebe13163779e3d4f4\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny7_al \\\r\nl.deb Size/MD5 checksum: 52158 7876f928d67e4f50f752a1af537d5d96\r\n http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny7_all.deb\r\n Size/MD5 checksum: 52132 b55b302d127310628d5e5969828c90ba\r\n http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny7_all.d \\\r\neb Size/MD5 checksum: 1174986 c6fed6d41ec1e486fc11ee5a632d4fb0\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_alpha.deb\r\n Size/MD5 checksum: 2100558 63e7858512acf957df56b998c2890862\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_alpha.de \\\r\nb Size/MD5 checksum: 179252 8c451eb372aab1a00e5ab852bbb16aa1\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_alpha \\\r\n.deb Size/MD5 checksum: 118462 891f827943c1fcd54a427bd69a5907f1\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_alpha.de \\\r\nb Size/MD5 checksum: 37994 ce1a404f568126985fc9480e8f4d5d34\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_alpha.de \\\r\nb Size/MD5 checksum: 1144620 3c164140815a4c6df3ddfc6ae93950b9\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_alp \\\r\nha.deb Size/MD5 checksum: 108568 eaaf105093f5f2ec429ccdc1064b6721\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_alpha.deb Size/MD5 checksum: 81502 b5437c0bf2576174a46fea03ea11a446\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_alph \\\r\na.deb Size/MD5 checksum: 446024 53ff55379c20c80ae0a63e70f43edf7a\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_amd6 \\\r\n4.deb Size/MD5 checksum: 398418 80f6b9037d8d40264bdd353c717bf316\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_amd64.deb\r\n Size/MD5 checksum: 2053110 f64a171669c6f0fa931ef50a409771f0\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_amd64.de \\\r\nb Size/MD5 checksum: 168524 713d8df4f1c3946bb40b604f49656d55\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_amd64.deb Size/MD5 checksum: 61044 0aa9904819ab2da5339a5b4e28ffe59a\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_amd64.de \\\r\nb Size/MD5 checksum: 1196946 978ae6594fb203b6d507220725854f98\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_amd64 \\\r\n.deb Size/MD5 checksum: 117084 1b712fc7ceaa991aec6066d17c3d8a03\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_amd \\\r\n64.deb Size/MD5 checksum: 99838 13e57d407ac2bac36c7077ebb5259748\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_amd64.de \\\r\nb Size/MD5 checksum: 37148 9f2d8c0ca7a37a225d7ce1723eba3829\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_arm. \\\r\ndeb Size/MD5 checksum: 386376 57fc5eb1b60843db37cc1560b34657ba\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_arm.deb\r\n Size/MD5 checksum: 154852 cdfe93b0117b4d7ad86e097848f56a72\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_arm.deb\r\n Size/MD5 checksum: 2059778 bc505f53c123e86f61e0208bd0a5d361\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_arm.deb\r\n Size/MD5 checksum: 1119820 b567be834797c76ffb5a664e398bc34e\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_arm.d \\\r\neb Size/MD5 checksum: 112910 6f17df41cbb09df50155199f9be963a6\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_arm.deb Size/MD5 checksum: 55578 f4b763671e94082fbf85803d45ecd392\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_arm \\\r\n.deb Size/MD5 checksum: 96992 051d9fb6750b876d06191fb7e355e9ac\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_arm.deb\r\n Size/MD5 checksum: 36312 166cc83ac06c835703410efd4765deab\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_armel.de \\\r\nb Size/MD5 checksum: 37670 81910b769bfbc1349c0b153ad9164d92\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_armel.de \\\r\nb Size/MD5 checksum: 157710 aca520902431f9719aa580f098a03628\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_arme \\\r\nl.deb Size/MD5 checksum: 386566 d977a3c0fda5314a6c71484987949f73\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_armel \\\r\n.deb Size/MD5 checksum: 117932 ba1d3d8a1858053b0183961d82a09ebe\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_armel.de \\\r\nb Size/MD5 checksum: 1132990 bb1d93250d6fca508cfff4997e605040\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_armel.deb Size/MD5 checksum: 55010 447b83ce0df1e08e3cbe914981ea413d\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_armel.deb\r\n Size/MD5 checksum: 2085014 f55b91ec749afcb1379aeca406b16f8f\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_arm \\\r\nel.deb Size/MD5 checksum: 98412 b7cc38ea409402878d9b2e78fd627a42\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_hppa. \\\r\ndeb Size/MD5 checksum: 119870 a9351e7030124a64654c5dbf2d748b57\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_hppa.deb \\\r\n Size/MD5 checksum: 38172 02d9783ce625e884a7ffb5a6ea4fbdc2\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_hpp \\\r\na.deb Size/MD5 checksum: 103156 8d7ae253b7155cc5d230f0ac7d3c88e6\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_hppa.deb \\\r\n Size/MD5 checksum: 1138966 b46cff43879618898839dc38f8c276de\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_hppa.deb Size/MD5 checksum: 63126 264faa52eb7b76b7ba3af3854f3ab6cc\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_hppa.deb \\\r\n Size/MD5 checksum: 172700 34bf188a372a5101789842c4b2bbd5c8\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_hppa.deb\r\n Size/MD5 checksum: 2119306 a5b452236f9e35cb754c76105158114b\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_hppa \\\r\n.deb Size/MD5 checksum: 409118 0b899d323223726af53c0ac7f51fb98e\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_i386 \\\r\n.deb Size/MD5 checksum: 396398 a0b5f18275849bf02dbdc626cf805c1d\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_i386.deb Size/MD5 checksum: 60438 59a35fa422c60d5adc9dff540706337a\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_i386.deb \\\r\n Size/MD5 checksum: 1095692 fc5f6cc06799f5c00c943f9379db64be\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_i38 \\\r\n6.deb Size/MD5 checksum: 99362 39bcf5f4db639ccd311870d9e90e7545\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_i386.deb \\\r\n Size/MD5 checksum: 36492 febb3dc6f35605754664c84f0681cdd1\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_i386.deb \\\r\n Size/MD5 checksum: 165512 f063ca52a622599e17be45bfda802830\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_i386.deb\r\n Size/MD5 checksum: 2057466 86304106605edfb61db25d14a74429ea\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_i386. \\\r\ndeb Size/MD5 checksum: 114902 954a28c392b37ded2ffc21bab16efaab\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_ia64. \\\r\ndeb Size/MD5 checksum: 139092 9d9f826faf7a99009aafb25c7deb637e\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_ia6 \\\r\n4.deb Size/MD5 checksum: 123498 9377b05d42466021c1420362d3bb0157\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_ia64 \\\r\n.deb Size/MD5 checksum: 447534 783bb7f09f0dd7ebb82b168285ed3d2c\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_ia64.deb\r\n Size/MD5 checksum: 2283614 8c700df25e12cb4ac24d5884a77e8cef\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_ia64.deb \\\r\n Size/MD5 checksum: 1150652 e89ea87fa2fa750cf7385ef3f8efc9e5\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_ia64.deb Size/MD5 checksum: 86010 db2d06c843ddfdc86d75eaa6c8f07248\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_ia64.deb \\\r\n Size/MD5 checksum: 209138 4fbbef77787d20f8c7f828a02a504757\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_ia64.deb \\\r\n Size/MD5 checksum: 41290 854227929b82c27f1645f401ddd2ea08\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mips.deb\r\n Size/MD5 checksum: 2049028 ba814726491cf18adc33b978cdf41ebf\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mips.deb \\\r\n Size/MD5 checksum: 157944 2f2a6f1e03a329dd9bfe66aefc042e78\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mips \\\r\n.deb Size/MD5 checksum: 405610 0d67a4c1476444a5bb7da06f04b0fe1a\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mips.deb \\\r\n Size/MD5 checksum: 1172578 d4329dafd5542e0128668a590898fb2e\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mips. \\\r\ndeb Size/MD5 checksum: 108484 9a4fcffe8fdaf374474c5ea0c8d7c8f5\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mip \\\r\ns.deb Size/MD5 checksum: 98750 51447de9ba4558914df798f65058b6c9\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_mips.deb Size/MD5 checksum: 65290 7879c6993282cc2cc1efb3d5872b06b8\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mips.deb \\\r\n Size/MD5 checksum: 36010 d670bc2bd607cc2625d4011fc8af900e\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mipsel.d \\\r\neb Size/MD5 checksum: 1158288 d8b64c43ee3f0e59cc31660873f1834e\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mipsel.d \\\r\neb Size/MD5 checksum: 158360 8197e028f08047fda6557b6b6fc9d3f3\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_mipsel.deb Size/MD5 checksum: 65214 715dcb4022b19252c1eea1b784884310\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mipsel.d \\\r\neb Size/MD5 checksum: 36160 c94fe31c9b1e23e5753806cf033bf34f\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mip \\\r\nsel.deb Size/MD5 checksum: 98910 2da6b027dc7b588830d98e798f784f0b\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mipsel.deb\r\n Size/MD5 checksum: 2030054 28c9e99b851466e97e50c5712fe3342f\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mips \\\r\nel.deb Size/MD5 checksum: 403242 f8b494cf670baee9b65c8e6cc39080d4\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mipse \\\r\nl.deb Size/MD5 checksum: 109970 bf6fc87864ec7230506e5fd7c7abcd8b\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_power \\\r\npc.deb Size/MD5 checksum: 136082 318d392ca604759afb280639cac8b03c\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_powerpc.deb Size/MD5 checksum: 61152 985c626435a88fd3446dc88a447d2c9b\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_powerpc. \\\r\ndeb Size/MD5 checksum: 174320 57e2e7b2e6fd39ad63a1ba17e7194f40\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_powe \\\r\nrpc.deb Size/MD5 checksum: 394250 fde0e239f7e24e2ba4ee42e6596c60ba\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_pow \\\r\nerpc.deb Size/MD5 checksum: 104862 51a12f1bb7a775ddca43c10945639dfb\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_powerpc. \\\r\ndeb Size/MD5 checksum: 44204 f285bf023a4680b7da64118d586e1d5e\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_powerpc.deb\r\n Size/MD5 checksum: 2124674 d8c9de7eef052dd764d66188837d86c9\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_powerpc. \\\r\ndeb Size/MD5 checksum: 1191028 1b4729142f6cdda734027dda48752afd\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_s390.deb \\\r\n Size/MD5 checksum: 171654 0d53ed748c513498f55341ba19cfde32\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_s390.deb\r\n Size/MD5 checksum: 2092930 7aef582c65b9873a66cd3e632acbec6e\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_s390.deb \\\r\n Size/MD5 checksum: 1190710 884a98297180cc5c5bace0204ac48148\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_s390. \\\r\ndeb Size/MD5 checksum: 118578 9ec07d8c2bdc5a9645d6d32c460357e7\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_s390.deb Size/MD5 checksum: 60714 a37d661adbf755636f2b1f9340d4a96a\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_s39 \\\r\n0.deb Size/MD5 checksum: 101620 bb3e1691cf3fa70e880823db340aa835\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_s390.deb \\\r\n Size/MD5 checksum: 37804 5d817c9fa3eb1ebea486d0f0244384a5\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_s390 \\\r\n.deb Size/MD5 checksum: 399768 b1bdeedfe5bfe453de5ee9f065f169bf\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_sparc.deb\r\n Size/MD5 checksum: 2067200 1b832d51127c5a3cdf1d2f9f15fbbc9f\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7 \\\r\n_sparc.deb Size/MD5 checksum: 57760 9be4f682c78cce9c7d0e80a5d6ed3f61\r\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_sparc.de \\\r\nb Size/MD5 checksum: 1049966 1c15bf61b0f26558c8d3eb49a8aaf682\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_sparc.de \\\r\nb Size/MD5 checksum: 160982 6eda428d97d49e0b90d143599ac019f5\r\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_spa \\\r\nrc.deb Size/MD5 checksum: 97212 d57b0db0765d63f354d44a3aa4799f56\r\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_spar \\\r\nc.deb Size/MD5 checksum: 392614 124cc14e2eeceea46a513424d40860f5\r\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_sparc.de \\\r\nb Size/MD5 checksum: 38826 ae41ac61dab018ddb25f84f517076d3e\r\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_sparc \\\r\n.deb Size/MD5 checksum: 116488 a91a68f4eaaf11f8666f0d07da26bf23\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show &lt;pkg&gt;' and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr40h0ACgkQ62zWxYk/rQcmrQCfT/1a/+FSdezaW1pc/iHM/jLN\r\njrgAoI1qnCASB/CO/zVZea8yTWpEXuc+\r\n=mK8e\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12618", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T18:29:44", "description": "BUGTRAQ ID: 36958\r\nCVE ID: CVE-2009-2820\r\n\r\nCommon Unix Printing System\uff08CUPS\uff09\u662f\u4e00\u6b3e\u901a\u7528Unix\u6253\u5370\u7cfb\u7edf\uff0c\u662fUnix\u73af\u5883\u4e0b\u7684\u8de8\u5e73\u53f0\u6253\u5370\u89e3\u51b3\u65b9\u6848\uff0c\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nCUPS\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406HTTP\u5934\u548cHTML\u6a21\u677f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4ea7\u54c1\u7684web\u754c\u9762\u3001\u6253\u5370\u7cfb\u7edf\u7684\u914d\u7f6e\u548c\u6253\u5370\u4efb\u52a1\u7684\u6807\u9898\u63d0\u4ea4\u6076\u610fkerberos\u53c2\u6570\uff0c\u6267\u884c\u8de8\u7ad9\u811a\u672c\u6216HTTP\u54cd\u5e94\u62c6\u5206\u653b\u51fb\u3002\n\nEasy Software Products CUPS 1.4.x\r\nEasy Software Products CUPS 1.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nEasy Software Products\r\n----------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.cups.org/strfiles/3367/security-1.4v2.patch\r\nhttp://www.cups.org/strfiles/3367/security-1.3v2.patch\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6893187\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6893187\uff1aMultiple Security Vulnerabilities in the Common Unix Printing System (CUPS) Web Interface in OpenSolaris May Lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-271169-1", "published": "2009-11-18T00:00:00", "type": "seebug", "title": "CUPS kerberos\u53c2\u6570\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12663", "id": "SSV:12663", "sourceData": "\n http://127.0.0.1:631/admin/?kerberos=onmouseover=alert(1)&amp;kerberos\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12663", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T18:30:51", "description": "BUGTRAQ ID: 36956\r\nCVE ID: CVE-2009-2808,CVE-2009-2810,CVE-2009-2818,CVE-2009-2819,CVE-2009-2820,CVE-2009-2823,CVE-2009-2824,CVE-2009-2825,CVE-2009-2826,CVE-2009-2827,CVE-2009-2828,CVE-2009-2829,CVE-2009-2830,CVE-2009-2831,CVE-2009-2832,CVE-2009-2833,CVE-2009-2834,CVE-2009-2835,CVE-2009-2837,CVE-2009-2838,CVE-2009-2839,CVE-2009-2840\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2009-006\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u6216\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3001\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2808\r\n\r\nHelp Viewer\u6ca1\u6709\u4f7f\u7528HTTPS\u67e5\u770bApple Help\u5185\u5bb9\uff0c\u672c\u5730\u7f51\u7edc\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u53d1\u9001\u5305\u542b\u6709\u6076\u610fhelp:runscript\u94fe\u63a5\u7684\u4f2a\u9020HTTP\u54cd\u5e94\u3002\r\n\r\nCVE-2009-2810\r\n\r\n\u5728\u8c03\u7528Launch\u670d\u52a1\u6253\u5f00\u88ab\u9694\u79bb\u7684\u6587\u4ef6\u5939\u65f6\u4f1a\u9012\u5f52\u7684\u6e05\u9664\u6587\u4ef6\u5939\u4e2d\u6587\u4ef6\u7684\u9694\u79bb\u4fe1\u606f\uff0c\u800c\u88ab\u6e05\u9664\u7684\u9694\u79bb\u4fe1\u606f\u7528\u6237\u5728\u6253\u5f00\u9879\u4e4b\u524d\u89e6\u53d1\u7528\u6237\u8b66\u544a\u3002\u8fd9\u53ef\u80fd\u5141\u8bb8\u5728\u6ca1\u6709\u8b66\u544a\u5bf9\u8bdd\u6846\u7684\u60c5\u51b5\u4e0b\u542f\u52a8\u4e0d\u5b89\u5168\u7684\u9879\uff0c\u5982\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nCVE-2009-2818\r\n\r\n\u81ea\u9002\u5e94\u9632\u706b\u5899\u901a\u8fc7\u521b\u5efa\u4e34\u65f6\u89c4\u5219\u9650\u5236\u8bbf\u95ee\u6765\u54cd\u5e94\u53ef\u7591\u884c\u4e3a\uff0c\u5982\u5927\u91cf\u7684\u8bbf\u95ee\u5c1d\u8bd5\u3002\u5728\u67d0\u4e9b\u73af\u5883\u4e0b\uff0c\u81ea\u9002\u5e94\u9632\u706b\u5899\u53ef\u80fd\u65e0\u6cd5\u68c0\u6d4b\u4f7f\u7528\u65e0\u6548\u7528\u6237\u540d\u7684SSH\u767b\u5f55\u5c1d\u8bd5\u3002\r\n\r\nCVE-2009-2819\r\n\r\nAFP\u5ba2\u6237\u7aef\u4e2d\u5b58\u5728\u591a\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8fde\u63a5\u5230\u6076\u610f\u7684AFP\u670d\u52a1\u5668\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u7ec8\u6b62\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2820\r\n\r\nCUPS\u4e2d\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u548cHTTP\u54cd\u5e94\u62c6\u5206\uff0c\u8bbf\u95ee\u6076\u610f\u7f51\u9875\u6216URL\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7CUPS web\u63a5\u53e3\u8bbf\u95ee\u672c\u5730\u7528\u6237\u53ef\u7528\u7684\u5185\u5bb9\uff0c\u5305\u62ec\u6253\u5370\u7cfb\u7edf\u914d\u7f6e\u548c\u5df2\u6253\u5370\u4efb\u52a1\u7684\u6807\u9898\u3002\r\n\r\nCVE-2009-2823\r\n\r\nApache Web\u670d\u52a1\u5668\u5141\u8bb8TRACE HTTP\u65b9\u5f0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u5de5\u5177\u901a\u8fc7\u67d0\u4e9bWeb\u5ba2\u6237\u7aef\u8f6f\u4ef6\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\r\n\r\nCVE-2009-2824\r\n\r\nApple\u7c7b\u578b\u670d\u52a1\u5904\u7406\u5d4c\u5165\u5f0f\u5b57\u4f53\u7684\u65b9\u5f0f\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u6216\u4e0b\u8f7d\u5305\u542b\u6709\u6076\u610f\u5d4c\u5165\u5f0f\u5b57\u4f53\u7684\u6587\u6863\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2825\r\n\r\n\u5728\u5904\u7406CN\u5b57\u6bb5\u4e2d\u5305\u542b\u6709\u7a7a\u5b57\u7b26\u7684SSL\u8bc1\u4e66\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u7528\u6237\u53ef\u80fd\u88ab\u8bef\u5bfc\u63a5\u53d7\u5916\u89c2\u7c7b\u4f3c\u4e8e\u5339\u914d\u7528\u6237\u6240\u8bbf\u95ee\u57df\u7684\u7279\u5236\u8bc1\u4e66\u3002\r\n\r\nCVE-2009-2826\r\n\r\nCoreGraphics\u5904\u7406PDF\u6587\u4ef6\u5b58\u5728\u591a\u4e2a\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\uff0c\u6253\u5f00\u6076\u610fPDF\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2827\r\n\r\n\u5904\u7406\u5305\u542b\u6709FAT\u6587\u4ef6\u7cfb\u7edf\u7684\u78c1\u76d8\u955c\u50cf\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\uff0c\u4e0b\u8f7d\u6076\u610f\u7684\u78c1\u76d8\u955c\u50cf\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2828\r\n\r\nDirectoryService\u4e2d\u7684\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2829\r\n\r\nEvent Monitor\u4e2d\u5b58\u5728\u65e5\u5fd7\u6ce8\u5165\u6f0f\u6d1e\uff0c\u901a\u8fc7\u7279\u5236\u8ba4\u8bc1\u4fe1\u606f\u8fde\u63a5\u5230SSH\u670d\u52a1\u5668\u5c31\u53ef\u4ee5\u5bfc\u81f4\u65e5\u5fd7\u6ce8\u5165\u3002\u5f53\u5176\u4ed6\u670d\u52a1\u5904\u7406\u65e5\u5fd7\u6570\u636e\u65f6\u8fd9\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\nCVE-2009-2830\r\n\r\n\u6587\u4ef6\u547d\u4ee4\u884c\u5de5\u5177\u4e2d\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5bf9\u6076\u610f\u7684CDF\u6587\u4ef6\u8fd0\u884c\u6587\u4ef6\u547d\u4ee4\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2831\r\n\r\nDictionary\u4e2d\u7684\u8bbe\u8ba1\u9519\u8bef\u5141\u8bb8\u6076\u610f\u7684Javascript\u5411\u7528\u6237\u6587\u4ef6\u7cfb\u7edf\u7684\u4efb\u610f\u4f4d\u7f6e\u5199\u5165\u4efb\u610f\u6570\u636e\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7f51\u7edc\u4e2d\u7684\u5176\u4ed6\u7528\u6237\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2832\r\n\r\nFTP\u670d\u52a1\u5668\u7684CWD\u547d\u4ee4\u884c\u5de5\u5177\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bf9\u6df1\u5c42\u5d4c\u5957\u7684\u76ee\u5f55\u7ed3\u6784\u53d1\u5e03CWD\u547d\u4ee4\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2833\r\n\r\nUCCompareTextDefault API\u4e2d\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2834\r\n\r\n\u975e\u7279\u6743\u7528\u6237\u53ef\u4ee5\u66f4\u6539\u9644\u5e26\u7684USB\u6216\u84dd\u7259Apple\u952e\u76d8\u7684\u56fa\u4ef6\u3002\r\n\r\nCVE-2009-2835\r\n\r\n\u5185\u6838\u5904\u7406\u4efb\u52a1\u72b6\u6001\u6bb5\u5b58\u5728\u591a\u4e2a\u8f93\u5165\u9a8c\u8bc1\u95ee\u9898\uff0c\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7528\u6237\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3001\u7cfb\u7edf\u610f\u5916\u5173\u673a\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2837\r\n\r\nQuickDraw\u5904\u7406PICT\u56fe\u5f62\u5b58\u5728\u5806\u6ea2\u51fa\uff0c\u6253\u5f00\u6076\u610f\u7684PICT\u56fe\u5f62\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2838\r\n\r\nQuickLook\u5904\u7406Microsoft Office\u6587\u4ef6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u4e0b\u8f7d\u6076\u610f\u7684Microsoft Office\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2839\r\n\r\nScreen Sharing\u5ba2\u6237\u7aef\u5b58\u5728\u591a\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6253\u5f00vnc:// URL\u8bbf\u95ee\u6076\u610f\u7684VNC\u670d\u52a1\u5668\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2840\r\n\r\nSpotlight\u5904\u7406\u4e34\u65f6\u6587\u4ef6\u7684\u65b9\u5f0f\u5b58\u5728\u4e0d\u5b89\u5168\u7684\u6587\u4ef6\u64cd\u4f5c\uff0c\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ee5\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8986\u76d6\u6587\u4ef6\u3002\n\nApple Mac OS X &lt; 10.6.2\r\nApple MacOS X Server &lt; 10.6.2\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.apple.com/support/downloads/", "published": "2009-11-10T00:00:00", "type": "seebug", "title": "Apple Mac OS X 2009-006\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2808", "CVE-2009-2810", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2830", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2835", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840"], "modified": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12599", "id": "SSV:12599", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:30:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1933-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nNovember 10, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cups\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-2820\n\n\nAaron Siegel discovered that the web interface of cups, the Common UNIX\nPrinting System, is prone to cross-site scripting attacks.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny7.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your cups packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz\n Size/MD5 checksum: 112995 fe3566daa6615bcd625288ce98e9384f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc\n Size/MD5 checksum: 1095 804241054cda1301d183492ea5969649\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_all.deb\n Size/MD5 checksum: 917720 bc97c75dacbd345dfd07e9397c91c38f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch9_all.deb\n Size/MD5 checksum: 46524 4f95c2485efda6dc7fc306162a5b1641\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 72990 bf27b53404f44fcea401f8ff88de8aa2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 1095268 d25ffb1cdb0d32cb3d80d6a551b355c7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 184818 00aa5f531b8c3a30c6c77b926be722d2\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 175652 d52f9ee130bbf84d5436a71bb526f56c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 95922 8d80f7b83c755b59401fa7dd0b2ca81e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 1605614 26620cc74617e392217a198fbde74860\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 86404 5cebb372c4230f6ec95f89be9183293c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha.deb\n Size/MD5 checksum: 39290 429780ee5c35d47504291877979b6a15\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 162858 1efc0ec7be9fc17ec25aab13eeb6e169\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 80712 2f639382f1e7767254a39358e7a79aed\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 1090142 e33720ca87a04a87fe9a23b281c1bac0\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 86648 7eacddf27156689a52fe3b620392f734\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 1578128 1726cfeb573c14d325bd7d3c6ec29188\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 53050 342387c9d81a32530263493d8a11eb86\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 142540 66ff1c8c7c2bae7320d208e1ac6748c5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_amd64.deb\n Size/MD5 checksum: 36356 a752bf52d8c59b7e7b16a44e6265da78\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 78688 9ee5e250e8db317459cf64f0f4d2b9e9\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 155024 2e0ba671643828c8a208647ffc267b64\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 85562 05a0e3e5bbcc37c3a22e5e5343bbc44d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 1569288 8871122b1793c0e6f24e10fb781e0cb9\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 48948 9c51ba4c36e7fc6c4dbd2da98be31557\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 1024098 d942cccf63a8013a157f6cd8b8091a77\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 36760 f4f9b00a6516aaad65423afdb7cc15c3\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_arm.deb\n Size/MD5 checksum: 131680 8ae7ad06a988b72ec037bd8576a5401b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 57248 6ce4ddf236ef42bd67a8cbdfcd433a22\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 91630 2351fe0384a9aacfe47d2917fad5c373\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 86788 4f32c2829c4e067c47d2d403a7ce4f41\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 1038730 ae7853cba7ba8f46eb0b8f02b32afc01\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 1630072 270330a3a787ab952bb8c315bff4dea3\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 154678 0b97726ccaf51ff69b8f29159f3def07\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 172288 f62575c4d075147cdab3e2b3912a28d2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_hppa.deb\n Size/MD5 checksum: 40378 7dfc68f3a0de6c6a0027cf3f82f28100\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 1558554 20697fd1df339dfe66645e41f8fdab62\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 53226 ed047b982bccef707582c5239e6c4529\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 79704 defeadc51fe3b8e70c248e7f7cd78eeb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 87582 82b5f9adc2612c3d3818d9ee619e98c2\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 161536 cc750090dea44733d5bfa4859768fd50\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 137800 ced35b0270e6f9576a084a848097e56c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 998886 599796e90c29f4adfd032f7eced8dbd6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_i386.deb\n Size/MD5 checksum: 36234 47bd2806f7fa212153053cf58bfa7f1b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 192380 fac2ee8208cc62269d660293987722c4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 46336 537bf35bd49b91a743511ae655ea98fa\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 106222 41d7dfbd5f5f8989c491dd7c6256d23c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 1773934 ed2f57b9532dfdd17a487cc794674254\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 204566 e0b3ae3cb6dcf554600cd8a6282f31c3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 1109732 dc2117102927617da49909c68a4c010d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 107490 e755ddc16e79d95f5e717cdda6b8b66a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_ia64.deb\n Size/MD5 checksum: 74382 2625f53f6a81c275e6b3600b6f83e40e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 158354 8c52640f70fd6bd724e48bf3aa5ddaf6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 1569908 6e4b324f3d4ef8630c4a8a1d8d373a10\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 1100238 265ebdea306b57efaa192601902c6152\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 76154 a2b996d1dced2ccf1d0b325e403ad76e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 57670 e7496d3c9ff40b21841004011d984ab0\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 36110 2e6233c94a391e3c12a42fb242b90c0d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 150984 c4b5d5c3e84d1558a3a9779f8a44880e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mips.deb\n Size/MD5 checksum: 87150 252b222f10710ac818eaa39d0e62d1d0\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 158900 8fef7b67a8b23b8410cad13581d3c87f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 1089172 4026204ebe8cd1e3aca31fabd5c4751d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 36056 72c3532a5db151edc04ddcf5230d10ae\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 1555346 7d1c3413c07ce587bcbc6b0825b27aa1\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 57798 e38bc41a4cee06be91e5ca90eaa834d6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 150896 010940ad9b6f216f58055dee0c05720e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 77452 1bf693a139ca808f0ddfde50daeb3951\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mipsel.deb\n Size/MD5 checksum: 87318 e6aadf01613a8363e9a77dabda1cc7b0\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 89456 ce774884f9f2d60d53b9738087b1997c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 41338 6470a2c554400bf5d76df57a10c59b1a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 163538 f312c95edac480e335383282e658afa4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 1148886 2867ed7850c711eb45802ee198667b6c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 136252 ead19e10b92e029542cf17b378a567fc\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 89566 03ad548ff0f04c960eb4f242dc46251d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 51924 f25670cf80cd3d7558da75c315305725\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_powerpc.deb\n Size/MD5 checksum: 1584292 238dcd774ade788f8bd22094c45a1330\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 37416 996dfcb6fb6f65d8f13b7dae44e19dcf\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 144934 ce53888a5d6fb6546cea3a29554dc617\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 1039580 aa0880a0c055113199e8f7c7bbdb2478\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 167056 4a769af5c2d19121705021fa93f50754\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 1589794 9dfd00c1deacfda509f538cee7713da4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 88248 1d05ee6ddb20e514e6c99fe31399f2d5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 52516 fb5a46492d2a20e430af75e816924b35\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_s390.deb\n Size/MD5 checksum: 82330 16608e47717961ab5ae7a00d73bed368\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 78514 690e8cc7cc8cec06cfbff7bce25484c5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 994252 5085b682f7e0c7ec22be63843cd3f015\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 51784 9bd7bf8d93316b8a59d98541101cbc73\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 139562 c783267048e5410b6ab38dadf6b92fd7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 36024 29fbb1ae8a6be5647d0d1eae4dbe35aa\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 159428 42067c27bab2c7e5dc0da63f92ce073b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 1564572 83de8732694d0cc2aa0cd70636c89917\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_sparc.deb\n Size/MD5 checksum: 85628 a06afa2268b22d071eec37a6a0f558ad\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.diff.gz\n Size/MD5 checksum: 188585 2f134119c9ab17213747ad55cd3abdf5\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz\n Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.dsc\n Size/MD5 checksum: 1838 598e0194241cb4b10e6ea6264c620f11\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52150 fcd78609b6330b7cac8eebf77d90551b\n http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52148 64539574b4ba2f2bdde5cfe8a5bb404a\n http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52146 899bfa5316f20775298b3d05e2e66ce9\n http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52148 7cf6e014adbf027f70c5be49eb8ca71d\n http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52150 0d536e8ea0f7bdbebe13163779e3d4f4\n http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52158 7876f928d67e4f50f752a1af537d5d96\n http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 52132 b55b302d127310628d5e5969828c90ba\n http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny7_all.deb\n Size/MD5 checksum: 1174986 c6fed6d41ec1e486fc11ee5a632d4fb0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 2100558 63e7858512acf957df56b998c2890862\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 179252 8c451eb372aab1a00e5ab852bbb16aa1\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 118462 891f827943c1fcd54a427bd69a5907f1\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 37994 ce1a404f568126985fc9480e8f4d5d34\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 1144620 3c164140815a4c6df3ddfc6ae93950b9\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 108568 eaaf105093f5f2ec429ccdc1064b6721\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 81502 b5437c0bf2576174a46fea03ea11a446\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_alpha.deb\n Size/MD5 checksum: 446024 53ff55379c20c80ae0a63e70f43edf7a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 398418 80f6b9037d8d40264bdd353c717bf316\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 2053110 f64a171669c6f0fa931ef50a409771f0\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 168524 713d8df4f1c3946bb40b604f49656d55\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 61044 0aa9904819ab2da5339a5b4e28ffe59a\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 1196946 978ae6594fb203b6d507220725854f98\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 117084 1b712fc7ceaa991aec6066d17c3d8a03\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 99838 13e57d407ac2bac36c7077ebb5259748\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_amd64.deb\n Size/MD5 checksum: 37148 9f2d8c0ca7a37a225d7ce1723eba3829\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 386376 57fc5eb1b60843db37cc1560b34657ba\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 154852 cdfe93b0117b4d7ad86e097848f56a72\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 2059778 bc505f53c123e86f61e0208bd0a5d361\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 1119820 b567be834797c76ffb5a664e398bc34e\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 112910 6f17df41cbb09df50155199f9be963a6\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 55578 f4b763671e94082fbf85803d45ecd392\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 96992 051d9fb6750b876d06191fb7e355e9ac\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_arm.deb\n Size/MD5 checksum: 36312 166cc83ac06c835703410efd4765deab\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 37670 81910b769bfbc1349c0b153ad9164d92\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 157710 aca520902431f9719aa580f098a03628\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 386566 d977a3c0fda5314a6c71484987949f73\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 117932 ba1d3d8a1858053b0183961d82a09ebe\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 1132990 bb1d93250d6fca508cfff4997e605040\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 55010 447b83ce0df1e08e3cbe914981ea413d\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 2085014 f55b91ec749afcb1379aeca406b16f8f\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_armel.deb\n Size/MD5 checksum: 98412 b7cc38ea409402878d9b2e78fd627a42\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 119870 a9351e7030124a64654c5dbf2d748b57\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 38172 02d9783ce625e884a7ffb5a6ea4fbdc2\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 103156 8d7ae253b7155cc5d230f0ac7d3c88e6\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 1138966 b46cff43879618898839dc38f8c276de\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 63126 264faa52eb7b76b7ba3af3854f3ab6cc\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 172700 34bf188a372a5101789842c4b2bbd5c8\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 2119306 a5b452236f9e35cb754c76105158114b\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_hppa.deb\n Size/MD5 checksum: 409118 0b899d323223726af53c0ac7f51fb98e\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 396398 a0b5f18275849bf02dbdc626cf805c1d\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 60438 59a35fa422c60d5adc9dff540706337a\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 1095692 fc5f6cc06799f5c00c943f9379db64be\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 99362 39bcf5f4db639ccd311870d9e90e7545\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 36492 febb3dc6f35605754664c84f0681cdd1\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 165512 f063ca52a622599e17be45bfda802830\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 2057466 86304106605edfb61db25d14a74429ea\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_i386.deb\n Size/MD5 checksum: 114902 954a28c392b37ded2ffc21bab16efaab\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 139092 9d9f826faf7a99009aafb25c7deb637e\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 123498 9377b05d42466021c1420362d3bb0157\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 447534 783bb7f09f0dd7ebb82b168285ed3d2c\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 2283614 8c700df25e12cb4ac24d5884a77e8cef\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 1150652 e89ea87fa2fa750cf7385ef3f8efc9e5\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 86010 db2d06c843ddfdc86d75eaa6c8f07248\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 209138 4fbbef77787d20f8c7f828a02a504757\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_ia64.deb\n Size/MD5 checksum: 41290 854227929b82c27f1645f401ddd2ea08\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 2049028 ba814726491cf18adc33b978cdf41ebf\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 157944 2f2a6f1e03a329dd9bfe66aefc042e78\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 405610 0d67a4c1476444a5bb7da06f04b0fe1a\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 1172578 d4329dafd5542e0128668a590898fb2e\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 108484 9a4fcffe8fdaf374474c5ea0c8d7c8f5\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 98750 51447de9ba4558914df798f65058b6c9\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 65290 7879c6993282cc2cc1efb3d5872b06b8\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mips.deb\n Size/MD5 checksum: 36010 d670bc2bd607cc2625d4011fc8af900e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 1158288 d8b64c43ee3f0e59cc31660873f1834e\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 158360 8197e028f08047fda6557b6b6fc9d3f3\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 65214 715dcb4022b19252c1eea1b784884310\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 36160 c94fe31c9b1e23e5753806cf033bf34f\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 98910 2da6b027dc7b588830d98e798f784f0b\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 2030054 28c9e99b851466e97e50c5712fe3342f\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 403242 f8b494cf670baee9b65c8e6cc39080d4\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mipsel.deb\n Size/MD5 checksum: 109970 bf6fc87864ec7230506e5fd7c7abcd8b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 136082 318d392ca604759afb280639cac8b03c\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 61152 985c626435a88fd3446dc88a447d2c9b\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 174320 57e2e7b2e6fd39ad63a1ba17e7194f40\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 394250 fde0e239f7e24e2ba4ee42e6596c60ba\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 104862 51a12f1bb7a775ddca43c10945639dfb\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 44204 f285bf023a4680b7da64118d586e1d5e\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 2124674 d8c9de7eef052dd764d66188837d86c9\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_powerpc.deb\n Size/MD5 checksum: 1191028 1b4729142f6cdda734027dda48752afd\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 171654 0d53ed748c513498f55341ba19cfde32\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 2092930 7aef582c65b9873a66cd3e632acbec6e\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 1190710 884a98297180cc5c5bace0204ac48148\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 118578 9ec07d8c2bdc5a9645d6d32c460357e7\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 60714 a37d661adbf755636f2b1f9340d4a96a\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 101620 bb3e1691cf3fa70e880823db340aa835\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 37804 5d817c9fa3eb1ebea486d0f0244384a5\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_s390.deb\n Size/MD5 checksum: 399768 b1bdeedfe5bfe453de5ee9f065f169bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 2067200 1b832d51127c5a3cdf1d2f9f15fbbc9f\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 57760 9be4f682c78cce9c7d0e80a5d6ed3f61\n http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 1049966 1c15bf61b0f26558c8d3eb49a8aaf682\n http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 160982 6eda428d97d49e0b90d143599ac019f5\n http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 97212 d57b0db0765d63f354d44a3aa4799f56\n http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 392614 124cc14e2eeceea46a513424d40860f5\n http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 38826 ae41ac61dab018ddb25f84f517076d3e\n http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_sparc.deb\n Size/MD5 checksum: 116488 a91a68f4eaaf11f8666f0d07da26bf23\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 7, "modified": "2009-11-10T02:41:44", "published": "2009-11-10T02:41:44", "id": "DEBIAN:DSA-1933-1:BE391", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00256.html", "title": "[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:56:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "The remote host is missing an update to cups\nannounced via advisory DSA 1933-1.", "modified": "2017-07-07T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:66269", "href": "http://plugins.openvas.org/nasl.php?oid=66269", "type": "openvas", "title": "Debian Security Advisory DSA 1933-1 (cups)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1933_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1933-1 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Aaron Siegel discovered that the web interface of cups, the Common UNIX\nPrinting System, is prone to cross-site scripting attacks.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny7.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your cups packages.\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory DSA 1933-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201933-1\";\n\n\nif(description)\n{\n script_id(66269);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1933-1 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.7-4+etch9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-02T13:16:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "The remote host is missing an update to cupsys\nannounced via advisory USN-856-1.", "modified": "2018-02-01T00:00:00", "published": "2009-11-23T00:00:00", "id": "OPENVAS:66307", "href": "http://plugins.openvas.org/nasl.php?oid=66307", "type": "openvas", "title": "Ubuntu USN-856-1 (cupsys)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_856_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# $Id: ubuntu_856_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# Description: Auto-generated from advisory USN-856-1 (cupsys)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n cupsys 1.2.2-0ubuntu0.6.06.15\n\nUbuntu 8.04 LTS:\n cupsys 1.3.7-1ubuntu3.6\n\nUbuntu 8.10:\n cups 1.3.9-2ubuntu9.3\n\nUbuntu 9.04:\n cups 1.3.9-17ubuntu3.4\n\nUbuntu 9.10:\n cups 1.4.1-5ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-856-1\";\n\ntag_insight = \"Aaron Sigel discovered that the CUPS web interface incorrectly protected\nagainst cross-site scripting (XSS) and cross-site request forgery (CSRF)\nattacks. If an authenticated user were tricked into visiting a malicious\nwebsite while logged into CUPS, a remote attacker could modify the CUPS\nconfiguration and possibly steal confidential data.\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory USN-856-1.\";\n\n \n\n\nif(description)\n{\n script_id(66307);\n script_version(\"$Revision: 8616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-01 09:24:13 +0100 (Thu, 01 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu USN-856-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-856-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.15\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu9.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-17ubuntu3.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.1-5ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(port:0, data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:66283", "href": "http://plugins.openvas.org/nasl.php?oid=66283", "type": "openvas", "title": "SLES11: Security update for CUPS", "sourceData": "#\n#VID d4e3a70fb8819a66d8ccea9697c425ea\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=548317\");\n script_id(66283);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES11: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "The remote host is missing an update to cups\nannounced via advisory DSA 1933-1.", "modified": "2018-04-06T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:136141256231066269", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066269", "type": "openvas", "title": "Debian Security Advisory DSA 1933-1 (cups)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1933_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1933-1 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Aaron Siegel discovered that the web interface of cups, the Common UNIX\nPrinting System, is prone to cross-site scripting attacks.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny7.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your cups packages.\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory DSA 1933-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201933-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66269\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1933-1 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.7-4+etch9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.8-1+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "CUPS is prone to a cross-site scripting vulnerability because the\n application fails to sufficiently sanitize user-supplied input.", "modified": "2019-03-07T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:1361412562310100344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100344", "type": "openvas", "title": "CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cups_36958.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:cups\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100344\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 12:21:24 +0100 (Fri, 13 Nov 2009)\");\n script_bugtraq_id(36958);\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_cups_detect.nasl\");\n script_require_ports(\"Services/www\", 631);\n script_mandatory_keys(\"CUPS/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/36958\");\n script_xref(name:\"URL\", value:\"http://www.cups.org/articles.php?L590\");\n script_xref(name:\"URL\", value:\"http://www.cups.org\");\n script_xref(name:\"URL\", value:\"http://www.cups.org/str.php?L3367\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-271169-1\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the affected\n site. This may let the attacker steal cookie-based authentication\n credentials and launch other attacks.\");\n\n script_tag(name:\"affected\", value:\"This issue affects CUPS versions prior to 1.4.2.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"CUPS is prone to a cross-site scripting vulnerability because the\n application fails to sufficiently sanitize user-supplied input.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( vers !~ \"[0-9]+\\.[0-9]+\\.[0-9]+\") exit( 0 ); # Version is not exact enough\n\nif(version_is_less( version:vers, test_version:\"1.4.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.4.2\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-04-06T11:38:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:136141256231066283", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066283", "type": "openvas", "title": "SLES11: Security update for CUPS", "sourceData": "#\n#VID d4e3a70fb8819a66d8ccea9697c425ea\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=548317\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66283\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES11: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~8.20.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "Check for the Version of cups", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880680", "href": "http://plugins.openvas.org/nasl.php?oid=880680", "type": "openvas", "title": "CentOS Update for cups CESA-2009:1595 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:1595 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n A use-after-free flaw was found in the way CUPS handled references in its\n file descriptors-handling interface. A remote attacker could, in a\n specially-crafted way, query for the list of current print jobs for a\n specific printer, leading to a denial of service (cupsd crash).\n (CVE-2009-3553)\n \n Several cross-site scripting (XSS) flaws were found in the way the CUPS web\n server interface processed HTML form content. If a remote attacker could\n trick a local user who is logged into the CUPS web interface into visiting\n a specially-crafted HTML page, the attacker could retrieve and potentially\n modify confidential CUPS administration data. (CVE-2009-2820)\n \n Red Hat would like to thank Aaron Sigel of Apple Product Security for\n responsibly reporting the CVE-2009-2820 issue.\n \n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016332.html\");\n script_id(880680);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1595\");\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_name(\"CentOS Update for cups CESA-2009:1595 centos5 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880680", "type": "openvas", "title": "CentOS Update for cups CESA-2009:1595 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:1595 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016332.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880680\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1595\");\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_name(\"CentOS Update for cups CESA-2009:1595 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"cups on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n A use-after-free flaw was found in the way CUPS handled references in its\n file descriptors-handling interface. A remote attacker could, in a\n specially-crafted way, query for the list of current print jobs for a\n specific printer, leading to a denial of service (cupsd crash).\n (CVE-2009-3553)\n\n Several cross-site scripting (XSS) flaws were found in the way the CUPS web\n server interface processed HTML form content. If a remote attacker could\n trick a local user who is logged into the CUPS web interface into visiting\n a specially-crafted HTML page, the attacker could retrieve and potentially\n modify confidential CUPS administration data. (CVE-2009-2820)\n\n Red Hat would like to thank Aaron Sigel of Apple Product Security for\n responsibly reporting the CVE-2009-2820 issue.\n\n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-11314.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66430", "href": "http://plugins.openvas.org/nasl.php?oid=66430", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-11314 (cups)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_11314.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-11314 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nNew release, including fix for XSS vulnerability in web interface\n(CVE-2009-2820) and for improper reference counting in abstract file descriptors\nhandling interface (CVE-2009-3553).\n\nChangeLog:\n\n* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7\n- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).\n* Tue Nov 17 2009 Tim Waugh 1:1.4.2-6\n- Fixed display of current driver (bug #537182, STR #3418).\n- Fixed out-of-memory handling when loading jobs (bug #538054,\nSTR #3407).\n* Mon Nov 16 2009 Tim Waugh 1:1.4.2-5\n- Fixed typo in admin web template (bug #537884, STR #3403).\n- Reset SIGPIPE handler for child processes (bug #537886, STR #3399).\n* Mon Nov 16 2009 Tim Waugh 1:1.4.2-4\n- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381).\n* Wed Nov 11 2009 Jiri Popelka 1:1.4.2-3\n- Fixed lspp-patch to avoid memory leak (bug #536741).\n* Tue Nov 10 2009 Tim Waugh 1:1.4.2-2\n- Added explicit version dependency on cups-libs to cups-lpd\n(bug #502205).\n* Tue Nov 10 2009 Tim Waugh 1:1.4.2-1\n- 1.4.2. No longer need str3380, str3332, str3356, str3396 patches.\n- Removed postscript.ppd.gz (bug #533371).\n- Renumbered patches and sources.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update cups' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11314\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-11314.\";\n\n\n\nif(description)\n{\n script_id(66430);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-11314 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529833\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=530111\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.4.2~7.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1595.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way CUPS handled references in its\nfile descriptors-handling interface. A remote attacker could, in a\nspecially-crafted way, query for the list of current print jobs for a\nspecific printer, leading to a denial of service (cupsd crash).\n(CVE-2009-3553)\n\nSeveral cross-site scripting (XSS) flaws were found in the way the CUPS web\nserver interface processed HTML form content. If a remote attacker could\ntrick a local user who is logged into the CUPS web interface into visiting\na specially-crafted HTML page, the attacker could retrieve and potentially\nmodify confidential CUPS administration data. (CVE-2009-2820)\n\nRed Hat would like to thank Aaron Sigel of Apple Product Security for\nresponsibly reporting the CVE-2009-2820 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "modified": "2018-04-06T00:00:00", "published": "2009-11-23T00:00:00", "id": "OPENVAS:136141256231066287", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066287", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1595", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1595.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1595 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1595.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way CUPS handled references in its\nfile descriptors-handling interface. A remote attacker could, in a\nspecially-crafted way, query for the list of current print jobs for a\nspecific printer, leading to a denial of service (cupsd crash).\n(CVE-2009-3553)\n\nSeveral cross-site scripting (XSS) flaws were found in the way the CUPS web\nserver interface processed HTML form content. If a remote attacker could\ntrick a local user who is logged into the CUPS web interface into visiting\na specially-crafted HTML page, the attacker could retrieve and potentially\nmodify confidential CUPS administration data. (CVE-2009-2820)\n\nRed Hat would like to thank Aaron Sigel of Apple Product Security for\nresponsibly reporting the CVE-2009-2820 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66287\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1595\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1595.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~11.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:30", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820"], "description": "Aaron Sigel discovered that the CUPS web interface incorrectly protected \nagainst cross-site scripting (XSS) and cross-site request forgery (CSRF) \nattacks. If an authenticated user were tricked into visiting a malicious \nwebsite while logged into CUPS, a remote attacker could modify the CUPS \nconfiguration and possibly steal confidential data.", "edition": 5, "modified": "2009-11-10T00:00:00", "published": "2009-11-10T00:00:00", "id": "USN-856-1", "href": "https://ubuntu.com/security/notices/USN-856-1", "title": "CUPS vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:45:45", "description": "Aaron Siegel discovered that the web interface of cups, the Common\nUNIX Printing System, is prone to cross-site scripting attacks.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1933-1 : cups - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:cups", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1933.NASL", "href": "https://www.tenable.com/plugins/nessus/44798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1933. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44798);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2820\");\n script_bugtraq_id(36958);\n script_xref(name:\"DSA\", value:\"1933\");\n\n script_name(english:\"Debian DSA-1933-1 : cups - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aaron Siegel discovered that the web interface of cups, the Common\nUNIX Printing System, is prone to cross-site scripting attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1933\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cups packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch9.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"cupsys\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-bsd\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-client\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-common\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-dbg\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2-dev\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-dev\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-gnutls10\", reference:\"1.2.7-4+etch9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cups\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cups-bsd\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cups-client\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cups-common\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cups-dbg\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cupsys\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cupsys-bsd\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cupsys-client\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cupsys-common\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cupsys-dbg\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcups2\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcups2-dev\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcupsimage2\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcupsimage2-dev\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcupsys2\", reference:\"1.3.8-1+lenny7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libcupsys2-dev\", reference:\"1.3.8-1+lenny7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T06:57:12", "description": "Aaron Sigel discovered that the CUPS web interface incorrectly\nprotected against cross-site scripting (XSS) and cross-site request\nforgery (CSRF) attacks. If an authenticated user were tricked into\nvisiting a malicious website while logged into CUPS, a remote attacker\ncould modify the CUPS configuration and possibly steal confidential\ndata.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-11-11T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerability (USN-856-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1", "p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys-common", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10", "p-cpe:/a:canonical:ubuntu_linux:cupsys-client", "p-cpe:/a:canonical:ubuntu_linux:cups-bsd", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev", "p-cpe:/a:canonical:ubuntu_linux:libcupsmime1-dev", "p-cpe:/a:canonical:ubuntu_linux:libcups2", "p-cpe:/a:canonical:ubuntu_linux:cups-common", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libcups2-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys", "p-cpe:/a:canonical:ubuntu_linux:cups", "p-cpe:/a:canonical:ubuntu_linux:cupsys-dbg", "p-cpe:/a:canonical:ubuntu_linux:cups-dbg", "p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1-dev", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2", "p-cpe:/a:canonical:ubuntu_linux:cups-ppdc", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:libcupscgi1", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:cupsddk", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2", "p-cpe:/a:canonical:ubuntu_linux:cups-client", "p-cpe:/a:canonical:ubuntu_linux:libcupscgi1-dev", "p-cpe:/a:canonical:ubuntu_linux:libcupsmime1", "p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-856-1.NASL", "href": "https://www.tenable.com/plugins/nessus/42466", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-856-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42466);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2009-2820\");\n script_bugtraq_id(36958);\n script_xref(name:\"USN\", value:\"856-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerability (USN-856-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aaron Sigel discovered that the CUPS web interface incorrectly\nprotected against cross-site scripting (XSS) and cross-site request\nforgery (CSRF) attacks. If an authenticated user were tricked into\nvisiting a malicious website while logged into CUPS, a remote attacker\ncould modify the CUPS configuration and possibly steal confidential\ndata.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/856-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-ppdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcups2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-client\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-gnutls10\", pkgver:\"1.2.2-0ubuntu0.6.06.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-client\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-common\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsimage2\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsys2\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.7-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cups\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cups-bsd\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cups-client\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cups-common\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cups-dbg\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cupsys\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cupsys-client\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cupsys-common\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"cupsys-dbg\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcups2\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcups2-dev\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcupsimage2\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcupsys2\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.9-2ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cups\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cups-bsd\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cups-client\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cups-common\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cups-dbg\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cupsys\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cupsys-client\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cupsys-common\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"cupsys-dbg\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcups2\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcups2-dev\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcupsimage2\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcupsys2\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.9-17ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-bsd\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-client\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-common\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-dbg\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-ppdc\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsddk\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-client\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-common\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-dbg\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcups2\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcups2-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupscgi1\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupscgi1-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsdriver1\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsdriver1-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsimage2\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsmime1\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsmime1-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsppdc1\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsppdc1-dev\", pkgver:\"1.4.1-5ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-bsd / cups-client / cups-common / cups-dbg / cups-ppdc / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:10:03", "description": "The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems. (CVE-2009-2820)", "edition": 23, "published": "2009-11-12T00:00:00", "title": "SuSE 11 Security Update : CUPS (SAT Patch Number 1504)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cups-libs-32bit", "p-cpe:/a:novell:suse_linux:11:cups-client", "p-cpe:/a:novell:suse_linux:11:cups", "p-cpe:/a:novell:suse_linux:11:cups-libs", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CUPS-091104.NASL", "href": "https://www.tenable.com/plugins/nessus/42473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42473);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2820\");\n\n script_name(english:\"SuSE 11 Security Update : CUPS (SAT Patch Number 1504)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems. (CVE-2009-2820)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2820.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1504.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"cups-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"cups-client-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"cups-libs-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cups-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cups-client-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cups-libs-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"cups-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"cups-client-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"cups-libs-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"cups-libs-32bit-1.3.9-8.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:04:15", "description": "The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).", "edition": 23, "published": "2009-11-12T00:00:00", "title": "openSUSE Security Update : cups (cups-1506)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cups-libs-32bit", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "id": "SUSE_11_1_CUPS-091104.NASL", "href": "https://www.tenable.com/plugins/nessus/42472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-1506.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42472);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2820\");\n\n script_name(english:\"openSUSE Security Update : cups (cups-1506)\");\n script_summary(english:\"Check for the cups-1506 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548317\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"cups-1.3.9-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"cups-client-1.3.9-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"cups-devel-1.3.9-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"cups-libs-1.3.9-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-7.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-libs / cups-libs-32bit\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T01:33:59", "description": "According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.4.2. The 'kerberos' parameter in such versions\nis not properly sanitized before being used to generate dynamic HTML\ncontent.\n\nAn attacker can leverage this issue via a combination of attribute\ninjection and HTTP Parameter Pollution to inject arbitrary script code\ninto a user's browser to be executed within the security context of\nthe affected site.", "edition": 24, "published": "2009-11-11T00:00:00", "title": "CUPS < 1.4.2 kerberos Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_1_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/42468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42468);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/06 11:26:07\");\n\n script_cve_id(\"CVE-2009-2820\");\n script_bugtraq_id(36958);\n script_xref(name:\"Secunia\", value:\"37308\");\n\n script_name(english:\"CUPS < 1.4.2 kerberos Parameter XSS\");\n script_summary(english:\"Checks CUPS server version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer service is affected by a cross-site scripting\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.4.2. The 'kerberos' parameter in such versions\nis not properly sanitized before being used to generate dynamic HTML\ncontent.\n\nAn attacker can leverage this issue via a combination of attribute\ninjection and HTTP Parameter Pollution to inject arbitrary script code\ninto a user's browser to be executed within the security context of\nthe affected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L3367\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/articles.php?L590\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.([0-3]|4\\.[0-1])($|[^0-9])\" ||\n version =~ \"^1\\.4(rc|b)\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.4.2\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.4)($|[^0-9.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:06:54", "description": "This fixes CVE-2009-2820, an XSS vulnerability in the web interface.\nThis also updates cups to the latest stable release on the 1.3 branch,\nand fixes a problem with number-up handling.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-12-02T00:00:00", "title": "Fedora 10 : cups-1.3.11-2.fc10 (2009-11062)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2009-12-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2009-11062.NASL", "href": "https://www.tenable.com/plugins/nessus/42965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11062.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42965);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2820\");\n script_bugtraq_id(36958);\n script_xref(name:\"FEDORA\", value:\"2009-11062\");\n\n script_name(english:\"Fedora 10 : cups-1.3.11-2.fc10 (2009-11062)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This fixes CVE-2009-2820, an XSS vulnerability in the web interface.\nThis also updates cups to the latest stable release on the 1.3 branch,\nand fixes a problem with number-up handling.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529833\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032009.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?400376bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"cups-1.3.11-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:03:06", "description": "The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).", "edition": 23, "published": "2009-11-12T00:00:00", "title": "openSUSE Security Update : cups (cups-1506)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820"], "modified": "2009-11-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cups-libs-32bit", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "id": "SUSE_11_0_CUPS-091104.NASL", "href": "https://www.tenable.com/plugins/nessus/42471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-1506.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42471);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2820\");\n\n script_name(english:\"openSUSE Security Update : cups (cups-1506)\");\n script_summary(english:\"Check for the cups-1506 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548317\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-1.3.7-25.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-client-1.3.7-25.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-devel-1.3.7-25.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-libs-1.3.7-25.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.7-25.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-libs / cups-libs-32bit\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:05:39", "description": "The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).\n\nA use-after-free problem in cupsd allowed remote attackers to crash\nthe cups server (CVE-2009-3553).", "edition": 24, "published": "2009-12-11T00:00:00", "title": "openSUSE Security Update : cups (cups-1650)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "modified": "2009-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cups-libs-32bit", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "id": "SUSE_11_2_CUPS-091204.NASL", "href": "https://www.tenable.com/plugins/nessus/43107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-1650.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43107);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n\n script_name(english:\"openSUSE Security Update : cups (cups-1650)\");\n script_summary(english:\"Check for the cups-1650 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cups web interface was prone to Cross-Site Scripting (XSS)\nproblems (CVE-2009-2820).\n\nA use-after-free problem in cupsd allowed remote attackers to crash\nthe cups server (CVE-2009-3553).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554861\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cups-1.3.11-4.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cups-client-1.3.11-4.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cups-devel-1.3.11-4.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cups-libs-1.3.11-4.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.11-4.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-libs / cups-libs-32bit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:54", "description": "Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed\nimproper reference counting in abstract file descriptors handling\ninterface (CVE-2009-3553). Fixed admin.cgi crash when modifying a\nclass. Fix cups-lpd to create unique temporary data files. Pass\nthrough serial parameters correctly in web interface. Set the\nPRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm.\nFixed German translation. Fixed PostScript errors with number-up\nhandling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU\nTLS error handling bug. Reset SIGPIPE handler for child processes.\nFixed typo in admin web template. Fixed incorrect handling of\nout-of-memory when loading jobs. Fixed wrong driver reported in web\ninterface.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-12-01T00:00:00", "title": "Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "modified": "2009-12-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-10891.NASL", "href": "https://www.tenable.com/plugins/nessus/42935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10891.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42935);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_bugtraq_id(36958, 37048);\n script_xref(name:\"FEDORA\", value:\"2009-10891\");\n\n script_name(english:\"Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed\nimproper reference counting in abstract file descriptors handling\ninterface (CVE-2009-3553). Fixed admin.cgi crash when modifying a\nclass. Fix cups-lpd to create unique temporary data files. Pass\nthrough serial parameters correctly in web interface. Set the\nPRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm.\nFixed German translation. Fixed PostScript errors with number-up\nhandling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU\nTLS error handling bug. Reset SIGPIPE handler for child processes.\nFixed typo in admin web template. Fixed incorrect handling of\nout-of-memory when loading jobs. Fixed wrong driver reported in web\ninterface.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530111\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/031831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82dcce0a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cups-1.4.2-7.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:55", "description": "New release, including fix for XSS vulnerability in web interface\n(CVE-2009-2820) and for improper reference counting in abstract file\ndescriptors handling interface (CVE-2009-3553).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-12-01T00:00:00", "title": "Fedora 12 : cups-1.4.2-7.fc12 (2009-11314)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "modified": "2009-12-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2009-11314.NASL", "href": "https://www.tenable.com/plugins/nessus/42936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11314.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42936);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2820\", \"CVE-2009-3553\");\n script_bugtraq_id(36958, 37048);\n script_xref(name:\"FEDORA\", value:\"2009-11314\");\n\n script_name(english:\"Fedora 12 : cups-1.4.2-7.fc12 (2009-11314)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New release, including fix for XSS vulnerability in web interface\n(CVE-2009-2820) and for improper reference counting in abstract file\ndescriptors handling interface (CVE-2009-3553).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530111\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/031911.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fb6740a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"cups-1.4.2-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1595\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way CUPS handled references in its\nfile descriptors-handling interface. A remote attacker could, in a\nspecially-crafted way, query for the list of current print jobs for a\nspecific printer, leading to a denial of service (cupsd crash).\n(CVE-2009-3553)\n\nSeveral cross-site scripting (XSS) flaws were found in the way the CUPS web\nserver interface processed HTML form content. If a remote attacker could\ntrick a local user who is logged into the CUPS web interface into visiting\na specially-crafted HTML page, the attacker could retrieve and potentially\nmodify confidential CUPS administration data. (CVE-2009-2820)\n\nRed Hat would like to thank Aaron Sigel of Apple Product Security for\nresponsibly reporting the CVE-2009-2820 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028370.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028371.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\ncups-lpd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1595.html", "edition": 3, "modified": "2009-11-24T16:44:53", "published": "2009-11-24T16:44:53", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/028370.html", "id": "CESA-2009:1595", "title": "cups security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "[1:1.3.7-11:.4]\n- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).\n- Applied patch to fix CVE-2009-2820 (bug #529833, STR #3367, STR #3401). ", "edition": 4, "modified": "2009-11-18T00:00:00", "published": "2009-11-18T00:00:00", "id": "ELSA-2009-1595", "href": "http://linux.oracle.com/errata/ELSA-2009-1595.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way CUPS handled references in its\nfile descriptors-handling interface. A remote attacker could, in a\nspecially-crafted way, query for the list of current print jobs for a\nspecific printer, leading to a denial of service (cupsd crash).\n(CVE-2009-3553)\n\nSeveral cross-site scripting (XSS) flaws were found in the way the CUPS web\nserver interface processed HTML form content. If a remote attacker could\ntrick a local user who is logged into the CUPS web interface into visiting\na specially-crafted HTML page, the attacker could retrieve and potentially\nmodify confidential CUPS administration data. (CVE-2009-2820)\n\nRed Hat would like to thank Aaron Sigel of Apple Product Security for\nresponsibly reporting the CVE-2009-2820 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "modified": "2017-09-08T11:53:45", "published": "2009-11-18T05:00:00", "id": "RHSA-2009:1595", "href": "https://access.redhat.com/errata/RHSA-2009:1595", "type": "redhat", "title": "(RHSA-2009:1595) Moderate: cups security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2820", "CVE-2009-3553"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-12-01T04:34:10", "published": "2009-12-01T04:34:10", "id": "FEDORA:D23DE10F856", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1722", "CVE-2008-5183", "CVE-2008-5286", "CVE-2009-2820"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-12-02T04:49:04", "published": "2009-12-02T04:49:04", "id": "FEDORA:3F10C10F84E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: cups-1.3.11-2.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0163", "CVE-2009-0164", "CVE-2009-2820", "CVE-2009-3553"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-12-01T04:19:25", "published": "2009-12-01T04:19:25", "id": "FEDORA:746B910F867", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1722", "CVE-2008-5183", "CVE-2008-5286", "CVE-2009-2820", "CVE-2009-3553"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-12-04T23:49:33", "published": "2009-12-04T23:49:33", "id": "FEDORA:40FE810F895", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: cups-1.3.11-4.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}