Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60732
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0206
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0206.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly execute
arbitrary code as the lp user if the file is printed. (CVE-2008-0053)

A buffer overflow flaw was discovered in the GIF decoding routines used by
CUPS image converting filters imagetops and imagetoraster. An attacker
could create a malicious GIF file that could possibly execute arbitrary
code as the lp user if the file was printed. (CVE-2008-1373)

It was discovered that the patch used to address CVE-2004-0888 in CUPS
packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the
integer overflow in the pdftops filter on 64-bit platforms. An attacker
could create a malicious PDF file that could possibly execute arbitrary
code as the lp user if the file was printed. (CVE-2008-1374)

All cups users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0206.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0053
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 28304
http://www.securityfocus.com/bid/28304
BugTraq ID: 28334
http://www.securityfocus.com/bid/28334
Cert/CC Advisory: TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Debian Security Information: DSA-1625 (Google Search)
http://www.debian.org/security/2008/dsa-1625
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356
http://www.redhat.com/support/errata/RHSA-2008-0192.html
http://www.redhat.com/support/errata/RHSA-2008-0206.html
http://www.securitytracker.com/id?1019672
http://secunia.com/advisories/29420
http://secunia.com/advisories/29573
http://secunia.com/advisories/29603
http://secunia.com/advisories/29630
http://secunia.com/advisories/29634
http://secunia.com/advisories/29655
http://secunia.com/advisories/29659
http://secunia.com/advisories/29750
http://secunia.com/advisories/31324
SuSE Security Announcement: SUSE-SA:2008:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html
http://www.ubuntu.com/usn/usn-598-1
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: macos-cups-inputvalidation-unspecified(41272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272
Common Vulnerability Exposure (CVE) ID: CVE-2008-1373
BugTraq ID: 28544
http://www.securityfocus.com/bid/28544
Bugtraq: 20080404 rPSA-2008-0136-1 cups (Google Search)
http://www.securityfocus.com/archive/1/490486/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479
http://www.securitytracker.com/id?1019739
http://secunia.com/advisories/29661
http://www.vupen.com/english/advisories/2008/1059/references
XForce ISS Database: cups-gifreadlzw-bo(41587)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41587
Common Vulnerability Exposure (CVE) ID: CVE-2008-1374
Bugtraq: 20080806 rPSA-2008-0245-1 cups (Google Search)
http://www.securityfocus.com/archive/1/495164/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9636
http://secunia.com/advisories/31388
XForce ISS Database: cups-pdftops-bo(41758)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41758
Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
BugTraq ID: 11501
http://www.securityfocus.com/bid/11501
Conectiva Linux advisory: CLA-2004:886
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
Debian Security Information: DSA-573 (Google Search)
http://www.debian.org/security/2004/dsa-573
Debian Security Information: DSA-581 (Google Search)
http://www.debian.org/security/2004/dsa-581
Debian Security Information: DSA-599 (Google Search)
http://www.debian.org/security/2004/dsa-599
http://marc.info/?l=bugtraq&m=110815379627883&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2353
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
http://www.redhat.com/support/errata/RHSA-2004-543.html
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
http://marc.info/?l=bugtraq&m=109880927526773&w=2
https://www.ubuntu.com/usn/usn-9-1/
XForce ISS Database: xpdf-pdf-bo(17818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818
Common Vulnerability Exposure (CVE) ID: CVE-2005-0206
http://www.mandriva.com/security/advisories?name=MDKSA-2005:041
http://www.mandriva.com/security/advisories?name=MDKSA-2005:042
http://www.mandriva.com/security/advisories?name=MDKSA-2005:043
http://www.mandriva.com/security/advisories?name=MDKSA-2005:044
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://www.mandriva.com/security/advisories?name=MDKSA-2005:056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107
http://www.redhat.com/support/errata/RHSA-2005-034.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.redhat.com/support/errata/RHSA-2005-057.html
http://www.redhat.com/support/errata/RHSA-2005-132.html
http://www.redhat.com/support/errata/RHSA-2005-213.html
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.