[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201207-10.xml - gentoo-commits

From:	"Sean Amoss (ackle)" <ackle@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201207-10.xml
Date:	Mon, 09 Jul 2012 23:36:50
Message-Id:	`20120709233637.C95D020063@flycatcher.gentoo.org`

1

ackle       12/07/09 23:36:37

2

3

  Added:                glsa-201207-10.xml

4

  Log:

5

  GLSA 201207-10

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201207-10.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201207-10.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201207-10.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201207-10.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>

17

<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201207-10">

20

  <title>CUPS: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in CUPS, some of which may

22

    allow execution of arbitrary code or local privilege escalation.

23

  </synopsis>

24

  <product type="ebuild">cups</product>

25

  <announced>July 09, 2012</announced>

26

  <revised>July 09, 2012: 1</revised>

27

  <bug>295256</bug>

28

  <bug>308045</bug>

29

  <bug>325551</bug>

30

  <bug>380771</bug>

31

  <access>local, remote</access>

32

  <affected>

33

    <package name="net-print/cups" auto="yes" arch="*">

34

      <unaffected range="ge">1.4.8-r1</unaffected>

35

      <vulnerable range="lt">1.4.8-r1</vulnerable>

36

    </package>

37

  </affected>

38

  <background>

39

    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>

40

  </background>

41

  <description>

42

    <p>Multiple vulnerabilities have been discovered in CUPS. Please review the

43

      CVE identifiers referenced below for details.

44

    </p>

45

  </description>

46

  <impact type="high">

47

    <p>A remote attacker may be able to execute arbitrary code using specially

48

      crafted streams, IPP requests or files, or cause a Denial of Service

49

      (daemon crash or hang). A local attacker may be able to gain escalated

50

      privileges or overwrite arbitrary files. Furthermore, a remote attacker

51

      may be able to obtain sensitive information from the CUPS process or

52

      hijack a CUPS administrator authentication request.

53

    </p>

54

  </impact>

55

  <workaround>

56

    <p>There is no known workaround at this time.</p>

57

  </workaround>

58

  <resolution>

59

    <p>All CUPS users should upgrade to the latest version:</p>

60

61

    <code>

62

      # emerge --sync

63

      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-1.4.8-r1"

64

    </code>

65

66

    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are

67

      available since September 03, 2011. It is likely that your system is

68

      already no longer affected by this issue.

69

    </p>

70

  </resolution>

71

  <references>

72

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553">

73

      CVE-2009-3553

74

    </uri>

75

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302">

76

      CVE-2010-0302

77

    </uri>

78

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393">

79

      CVE-2010-0393

80

    </uri>

81

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540">

82

      CVE-2010-0540

83

    </uri>

84

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542">

85

      CVE-2010-0542

86

    </uri>

87

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748">

88

      CVE-2010-1748

89

    </uri>

90

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431">

91

      CVE-2010-2431

92

    </uri>

93

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432">

94

      CVE-2010-2432

95

    </uri>

96

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941">

97

      CVE-2010-2941

98

    </uri>

99

    <uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170">

100

      CVE-2011-3170

101

    </uri>

102

  </references>

103

  <metadata timestamp="Fri, 07 Oct 2011 23:37:16 +0000" tag="requester">

104

    underling

105

  </metadata>

106

  <metadata timestamp="Mon, 09 Jul 2012 23:33:59 +0000" tag="submitter">craig</metadata>

107

</glsa>

1	ackle 12/07/09 23:36:37
2
3	Added: glsa-201207-10.xml
4	Log:
5	GLSA 201207-10
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201207-10.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201207-10.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201207-10.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201207-10.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>
17	<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201207-10">
20	<title>CUPS: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in CUPS, some of which may
22	allow execution of arbitrary code or local privilege escalation.
23	</synopsis>
24	<product type="ebuild">cups</product>
25	<announced>July 09, 2012</announced>
26	<revised>July 09, 2012: 1</revised>
27	<bug>295256</bug>
28	<bug>308045</bug>
29	<bug>325551</bug>
30	<bug>380771</bug>
31	<access>local, remote</access>
32	<affected>
33	<package name="net-print/cups" auto="yes" arch="*">
34	<unaffected range="ge">1.4.8-r1</unaffected>
35	<vulnerable range="lt">1.4.8-r1</vulnerable>
36	</package>
37	</affected>
38	<background>
39	<p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
40	</background>
41	<description>
42	<p>Multiple vulnerabilities have been discovered in CUPS. Please review the
43	CVE identifiers referenced below for details.
44	</p>
45	</description>
46	<impact type="high">
47	<p>A remote attacker may be able to execute arbitrary code using specially
48	crafted streams, IPP requests or files, or cause a Denial of Service
49	(daemon crash or hang). A local attacker may be able to gain escalated
50	privileges or overwrite arbitrary files. Furthermore, a remote attacker
51	may be able to obtain sensitive information from the CUPS process or
52	hijack a CUPS administrator authentication request.
53	</p>
54	</impact>
55	<workaround>
56	<p>There is no known workaround at this time.</p>
57	</workaround>
58	<resolution>
59	<p>All CUPS users should upgrade to the latest version:</p>
60
61	<code>
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
64	</code>
65
66	<p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
67	available since September 03, 2011. It is likely that your system is
68	already no longer affected by this issue.
69	</p>
70	</resolution>
71	<references>
72	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553">
73	CVE-2009-3553
74	</uri>
75	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302">
76	CVE-2010-0302
77	</uri>
78	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393">
79	CVE-2010-0393
80	</uri>
81	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540">
82	CVE-2010-0540
83	</uri>
84	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542">
85	CVE-2010-0542
86	</uri>
87	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748">
88	CVE-2010-1748
89	</uri>
90	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431">
91	CVE-2010-2431
92	</uri>
93	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432">
94	CVE-2010-2432
95	</uri>
96	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941">
97	CVE-2010-2941
98	</uri>
99	<uri link="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170">
100	CVE-2011-3170
101	</uri>
102	</references>
103	<metadata timestamp="Fri, 07 Oct 2011 23:37:16 +0000" tag="requester">
104	underling
105	</metadata>
106	<metadata timestamp="Mon, 09 Jul 2012 23:33:59 +0000" tag="submitter">craig</metadata>
107	</glsa>

Gentoo Archives: gentoo-commits