Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2009-116-01
HistoryApr 26, 2009 - 3:50 p.m.

cups

2009-04-2615:50:34
Slackware Linux Project
www.slackware.com
21

0.028 Low

EPSS

Percentile

89.5%

JSON

New cups packages are available for Slackware 12.0, 12.1, 12.2, and -current to
fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166

Here are the details from the Slackware 12.2 ChangeLog:

patches/packages/cups-1.3.10-i486-1_slack12.2.tgz:
Upgraded to cups-1.3.10.
This fixes several security issues, including an integer overflow in the TIFF
decoder, a failure to properly verify the Host HTTP header, and several
problems with PDF handling (the new CUPS uses a wrapper rather than embedded
code taken from xpdf). These issues could result in a denial of service or
the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.3.10-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/cups-1.3.10-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/cups-1.3.10-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.3.10-i486-1.tgz

MD5 signatures:

Slackware 12.0 package:
dbf34b8eb6f942ae8cb14ab43e5d3abf cups-1.3.10-i486-1_slack12.0.tgz

Slackware 12.1 package:
96e3963385de424bd0455760ecf70944 cups-1.3.10-i486-1_slack12.1.tgz

Slackware 12.2 package:
ccb8896aeb41dd321af8318e51e9f8d2 cups-1.3.10-i486-1_slack12.2.tgz

Slackware -current package:
f7bd3fa36e2c2741ad029ed07fa4425b cups-1.3.10-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg cups-1.3.10-i486-1_slack12.2.tgz

If the machine is running the CUPS server, restart it:

> sh /etc/rc.d/rc.cups restart

Related

nessus 45
openvas 90
securityvulns 4
gentoo 1
freebsd 2
fedora 8
ubuntucve 5
redhat 4
oraclelinux 4
suse 1
cve 5
prion 5
centos 3
debiancve 5
ubuntu 1
debian 5
veracode 4
seebug 2
osv 3
altlinux 1
slackware 1
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / current : cups (SSA:2009-116-01)
2009-04-27 00:00:00
FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)
2009-05-08 00:00:00
GLSA-200904-20 : CUPS: Multiple vulnerabilities
2009-04-27 00:00:00
openvas
openvas
FreeBSD Ports: cups-base
2009-05-11 00:00:00
Gentoo Security Advisory GLSA 200904-20 (cups)
2009-04-28 00:00:00
Slackware Advisory SSA:2009-116-01 cups
2012-09-11 00:00:00
securityvulns
securityvulns
rPSA-2009-0061-1 cups
2009-04-18 00:00:00
CUPS multipls security vulnerabilities
2009-04-18 00:00:00
Ghsotscript / XPDF / CUPS pdftops buffer overflow
2009-04-18 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2009-04-23 00:00:00
freebsd
freebsd
cups -- remote code execution and DNS rebinding
2009-05-05 00:00:00
xpdf -- multiple vulnerabilities
2009-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: cups-1.3.10-1.fc10
2009-04-22 00:50:31
[SECURITY] Fedora 9 Update: cups-1.3.10-1.fc9
2009-04-22 00:47:43
[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11
2009-12-01 04:19:25
ubuntucve
ubuntucve
CVE-2009-0166
2009-04-23 00:00:00
CVE-2009-0164
2009-04-24 00:00:00
CVE-2009-0163
2009-04-23 00:00:00
redhat
redhat
(RHSA-2009:0429) Important: cups security update
2009-04-16 00:00:00
(RHSA-2009:0428) Moderate: cups security update
2009-04-16 00:00:00
(RHSA-2009:0431) Important: kdegraphics security update
2009-04-16 00:00:00
oraclelinux
oraclelinux
cups security update
2009-04-16 00:00:00
cups security update
2009-04-16 00:00:00
xpdf security update
2009-04-16 00:00:00
suse
suse
remote code execution in cups
2009-04-22 16:34:36
cve
cve
CVE-2009-0164
2009-04-24 15:30:00
CVE-2009-0163
2009-04-23 17:30:00
CVE-2009-0146
2009-04-23 17:30:00
prion
prion
Design/Logic Flaw
2009-04-24 15:30:00
Integer overflow
2009-04-23 17:30:00
Buffer overflow
2009-04-23 17:30:00
centos
centos
cups security update
2009-04-17 13:26:01
cups security update
2009-04-17 12:50:01
xpdf security update
2009-04-17 12:50:58
debiancve
debiancve
CVE-2009-0164
2009-04-24 15:30:00
CVE-2009-0163
2009-04-23 17:30:00
CVE-2009-0146
2009-04-23 17:30:00
ubuntu
ubuntu
CUPS vulnerability
2009-04-16 00:00:00
debian
debian
[SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution
2009-04-17 02:53:46
[SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities
2009-05-05 20:05:20
[SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
2009-05-06 16:47:53
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:37:38
Arbitrary Code Execution
2020-04-10 00:32:00
Arbitrary Code Execution
2020-04-10 00:32:00
seebug
seebug
CUPS _cupsImageReadTIFF()ε‡½ζ•°ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-04-18 00:00:00
CUPS '_cupsImageReadTIFF()'ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-04-21 00:00:00
osv
osv
cups cupsys - arbitrary code execution
2009-04-17 00:00:00
xpdf - multiple vulnerabilities
2009-05-05 00:00:00
kdegraphics - multiple vulnerabilities
2009-05-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt1.1
2009-04-20 00:00:00
slackware
slackware
xpdf
2009-05-09 18:49:18

0.028 Low

EPSS

Percentile

89.5%

JSON
Related for SSA-2009-116-01
nessus45openvas90securityvulns4gentoo1freebsd2fedora8ubuntucve5redhat4oraclelinux4suse1cve5prion5centos3debiancve5ubuntu1debian5veracode4seebug2osv3altlinux1slackware1