Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:702

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.51444
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:702
Summary:	Conectiva Security Advisory CLA-2003:702
Description:	The remote host is missing updates announced in advisory CLA-2003:702. Cups[1] (Common UNIX Printing System) is an open-source, freely available and cross-platform printing solution for UNIX environments. iDefense published[2][3] some time ago several vulnerabilities in Cups researched by zen-parse which are being addressed now. Additionally, a new denial of service vulnerability[12] was discovered by Phil D'Amore of Red Hat and is also being fixed. The vulnerabilities outlined below affect only Conectiva Linux 7.0 and 8 (CL9 is not affected): 1. pdftops integer overflow (CVE-2002-1384)[3][4] 2. Multiple integer overflows (CVE-2002-1383)[5] 3. Race condition (CVE-2002-1366)[6] 4. Arbitrary printer creation and Root Certificate Design Flaw (CVE-2002-1367)[7] 5. Negative Length Memcpy() Calls (CVE-2002-1368)[8] 6. Unsafe Strncat Function Call in jobs.c (CVE-2002-1369)[9] 7. Zero Width Images in filters/image-gif.c (CVE-2002-1371)[10] 8. File Descriptor Resource Leaks (CVE-2002-1372)[11] The vulnerability below affects Conectiva Linux 7.0, 8 and 9: 9. Denial of service vulnerability (CVE-2003-0195)[12] Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:702 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1384 http://www.idefense.com/advisory/12.23.02.txt Debian Security Information: DSA-222 (Google Search) http://www.debian.org/security/2003/dsa-222 Debian Security Information: DSA-226 (Google Search) http://www.debian.org/security/2003/dsa-226 Debian Security Information: DSA-232 (Google Search) http://www.debian.org/security/2003/dsa-232 http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 http://www.redhat.com/support/errata/RHSA-2002-295.html http://www.redhat.com/support/errata/RHSA-2002-307.html http://www.redhat.com/support/errata/RHSA-2003-037.html http://www.redhat.com/support/errata/RHSA-2003-216.html SuSE Security Announcement: SUSE-SA:2003:002 (Google Search) http://www.novell.com/linux/security/advisories/2003_002_cups.html BugTraq ID: 6475 http://www.securityfocus.com/bid/6475 XForce ISS Database: pdftops-integer-overflow(10937) http://xforce.iss.net/xforce/xfdb/10937 Common Vulnerability Exposure (CVE) ID: CVE-2002-1383 Bugtraq: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html http://www.idefense.com/advisory/12.19.02.txt Caldera Security Advisory: CSSA-2003-004.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt SuSE Security Announcement: SuSE-SA:2003:002 (Google Search) http://secunia.com/advisories/7907 http://secunia.com/advisories/7756/ http://secunia.com/advisories/7794 http://secunia.com/advisories/7803 http://secunia.com/advisories/7843 http://secunia.com/advisories/7858 http://secunia.com/advisories/7913/ http://secunia.com/advisories/8080/ http://secunia.com/advisories/9325/ Common Vulnerability Exposure (CVE) ID: CVE-2002-1366 XForce ISS Database: cups-certs-race-condition(10907) http://xforce.iss.net/xforce/xfdb/10907 BugTraq ID: 6435 http://www.securityfocus.com/bid/6435 Common Vulnerability Exposure (CVE) ID: CVE-2002-1367 Conectiva Linux advisory: CLSA-2003:702 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 XForce ISS Database: cups-udp-add-printers(10908) http://xforce.iss.net/xforce/xfdb/10908 BugTraq ID: 6436 http://www.securityfocus.com/bid/6436 Common Vulnerability Exposure (CVE) ID: CVE-2002-1368 http://www.mandriva.com/security/advisories?name=MDKSA-2003:001 BugTraq ID: 6437 http://www.securityfocus.com/bid/6437 XForce ISS Database: cups-neg-memcpy-bo(10909) http://xforce.iss.net/xforce/xfdb/10909 Common Vulnerability Exposure (CVE) ID: CVE-2002-1369 BugTraq ID: 6438 http://www.securityfocus.com/bid/6438 XForce ISS Database: cups-strncat-options-bo(10910) http://xforce.iss.net/xforce/xfdb/10910 Common Vulnerability Exposure (CVE) ID: CVE-2002-1371 BugTraq ID: 6439 http://www.securityfocus.com/bid/6439 XForce ISS Database: cups-zero-width-images(10911) http://xforce.iss.net/xforce/xfdb/10911 Common Vulnerability Exposure (CVE) ID: CVE-2002-1372 BugTraq ID: 6440 http://www.securityfocus.com/bid/6440 XForce ISS Database: cups-file-descriptor-dos(10912) http://xforce.iss.net/xforce/xfdb/10912
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com