Slackware Local Security Checks : Slackware: Security Advisory (SSA:2010-176-05)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68166

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2010-176-05)

Resumen: The remote host is missing an update for the 'cups' package(s) announced via the SSA:2010-176-05 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cups' package(s) announced via the SSA:2010-176-05 advisory.

Vulnerability Insight:
New cups packages are available for Slackware 13.1 and -current to
fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/cups-1.4.4-i486-1_slack13.1.txz: Upgraded.
Fixed a memory allocation error in texttops.
Fixed a Cross-Site Request Forgery (CSRF) that could allow a remote
attacker to reconfigure or disable CUPS if a CUPS admin logged into the
web interface visited a specially-crafted website.
Fixed a bug where uninitialized memory from the cupsd process could
reveal sensitive information.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'cups' package(s) on Slackware 13.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0540
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 40871
http://www.securityfocus.com/bid/40871
Debian Security Information: DSA-2176 (Google Search)
http://www.debian.org/security/2011/dsa-2176
http://security.gentoo.org/glsa/glsa-201207-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382
http://www.securitytracker.com/id?1024122
http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535
Common Vulnerability Exposure (CVE) ID: CVE-2010-0542
BugTraq ID: 40943
http://www.securityfocus.com/bid/40943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365
http://securitytracker.com/id?1024121
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1748
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68166
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2010-176-05)
Resumen:	The remote host is missing an update for the 'cups' package(s) announced via the SSA:2010-176-05 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cups' package(s) announced via the SSA:2010-176-05 advisory. Vulnerability Insight: New cups packages are available for Slackware 13.1 and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/cups-1.4.4-i486-1_slack13.1.txz: Upgraded. Fixed a memory allocation error in texttops. Fixed a Cross-Site Request Forgery (CSRF) that could allow a remote attacker to reconfigure or disable CUPS if a CUPS admin logged into the web interface visited a specially-crafted website. Fixed a bug where uninitialized memory from the cupsd process could reveal sensitive information. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'cups' package(s) on Slackware 13.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0540 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 Debian Security Information: DSA-2176 (Google Search) http://www.debian.org/security/2011/dsa-2176 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:233 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382 http://www.securitytracker.com/id?1024122 http://secunia.com/advisories/40220 http://secunia.com/advisories/43521 http://www.vupen.com/english/advisories/2010/1481 http://www.vupen.com/english/advisories/2011/0535 Common Vulnerability Exposure (CVE) ID: CVE-2010-0542 BugTraq ID: 40943 http://www.securityfocus.com/bid/40943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365 http://securitytracker.com/id?1024121 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723
Copyright	Copyright (C) 2012 Greenbone AG