Test ID:	1.3.6.1.4.1.25623.1.0.68288
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0811
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0811. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the lp user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting the CVE-2010-2941 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0811.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2431 Debian Security Information: DSA-2176 (Google Search) http://www.debian.org/security/2011/dsa-2176 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 RedHat Security Advisories: RHSA-2010:0811 http://rhn.redhat.com/errata/RHSA-2010-0811.html http://secunia.com/advisories/43521 http://www.vupen.com/english/advisories/2010/2856 http://www.vupen.com/english/advisories/2011/0535 Common Vulnerability Exposure (CVE) ID: CVE-2010-2941 1024662 http://securitytracker.com/id?1024662 42287 http://secunia.com/advisories/42287 42867 http://secunia.com/advisories/42867 43521 44530 http://www.securityfocus.com/bid/44530 68951 http://www.osvdb.org/68951 ADV-2010-2856 ADV-2010-3042 http://www.vupen.com/english/advisories/2010/3042 ADV-2010-3088 http://www.vupen.com/english/advisories/2010/3088 ADV-2011-0061 http://www.vupen.com/english/advisories/2011/0061 ADV-2011-0535 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-2176 FEDORA-2010-17615 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html FEDORA-2010-17627 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html FEDORA-2010-17641 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html GLSA-201207-10 MDVSA-2010:232 MDVSA-2010:233 http://www.mandriva.com/security/advisories?name=MDVSA-2010:233 MDVSA-2010:234 RHSA-2010:0811 RHSA-2010:0866 http://www.redhat.com/support/errata/RHSA-2010-0866.html SSA:2010-333-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323 SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html USN-1012-1 http://www.ubuntu.com/usn/USN-1012-1 cups-cupsd-code-execution(62882) https://exchange.xforce.ibmcloud.com/vulnerabilities/62882 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=624438
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.