English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60754
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2008-2897 (cups)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to cups
announced via advisory FEDORA-2008-2897.

Three security issues have been fixed in this update:
* A buffer overflow when processing GIF files
* A heap-based overflow in a CUPS helper program, used for searching
documentation
* A buffer overflow when processing HP-GL/2 files

ChangeLog:

* Tue Apr 1 2008 Tim Waugh 1:1.2.12-10
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117).
- Applied patch to prevent heap-based buffer overflow in CUPS helper
program (bug #436153, CVE-2008-0047, STR #2729).

References:

[ 1 ] Bug #438117 - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
https://bugzilla.redhat.com/show_bug.cgi?id=438117
[ 2 ] Bug #436153 - CVE-2008-0047 cups: heap based buffer overflow in cgiCompileSearch()
https://bugzilla.redhat.com/show_bug.cgi?id=436153
[ 3 ] Bug #438303 - CVE-2008-1373 cups: overflow in gif image filter
https://bugzilla.redhat.com/show_bug.cgi?id=438303

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update cups' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-2897

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1373
BugTraq ID: 28544
http://www.securityfocus.com/bid/28544
Bugtraq: 20080404 rPSA-2008-0136-1 cups (Google Search)
http://www.securityfocus.com/archive/1/490486/100/0/threaded
Debian Security Information: DSA-1625 (Google Search)
http://www.debian.org/security/2008/dsa-1625
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479
http://www.redhat.com/support/errata/RHSA-2008-0192.html
http://www.redhat.com/support/errata/RHSA-2008-0206.html
http://www.securitytracker.com/id?1019739
http://secunia.com/advisories/29573
http://secunia.com/advisories/29603
http://secunia.com/advisories/29630
http://secunia.com/advisories/29634
http://secunia.com/advisories/29655
http://secunia.com/advisories/29659
http://secunia.com/advisories/29661
http://secunia.com/advisories/29750
http://secunia.com/advisories/31324
SuSE Security Announcement: SUSE-SA:2008:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html
http://www.ubuntu.com/usn/usn-598-1
http://www.vupen.com/english/advisories/2008/1059/references
XForce ISS Database: cups-gifreadlzw-bo(41587)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41587
Common Vulnerability Exposure (CVE) ID: CVE-2008-0053
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 28304
http://www.securityfocus.com/bid/28304
BugTraq ID: 28334
http://www.securityfocus.com/bid/28334
Cert/CC Advisory: TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356
http://www.securitytracker.com/id?1019672
http://secunia.com/advisories/29420
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: macos-cups-inputvalidation-unspecified(41272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272
Common Vulnerability Exposure (CVE) ID: CVE-2008-0047
BugTraq ID: 28307
http://www.securityfocus.com/bid/28307
Debian Security Information: DSA-1530 (Google Search)
http://www.debian.org/security/2008/dsa-1530
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085
http://www.securitytracker.com/id?1019646
http://secunia.com/advisories/29431
http://secunia.com/advisories/29448
http://secunia.com/advisories/29485
SuSE Security Announcement: SUSE-SA:2008:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html
http://www.vupen.com/english/advisories/2008/0921/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-0882
BugTraq ID: 27906
http://www.securityfocus.com/bid/27906
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
http://www.mandriva.com/security/advisories?name=MDVSA-2008:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625
http://www.redhat.com/support/errata/RHSA-2008-0157.html
http://www.securitytracker.com/id?1019473
http://secunia.com/advisories/28994
http://secunia.com/advisories/29067
http://secunia.com/advisories/29120
http://secunia.com/advisories/29132
http://secunia.com/advisories/29251
SuSE Security Announcement: SUSE-SA:2008:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
http://www.vupen.com/english/advisories/2008/0623
Common Vulnerability Exposure (CVE) ID: CVE-2007-4045
BugTraq ID: 26524
http://www.securityfocus.com/bid/26524
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9303
http://www.redhat.com/support/errata/RHSA-2007-1022.html
http://www.redhat.com/support/errata/RHSA-2007-1023.html
http://secunia.com/advisories/27577
http://secunia.com/advisories/27615
http://secunia.com/advisories/28113
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-4352
BugTraq ID: 26367
http://www.securityfocus.com/bid/26367
Bugtraq: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/483372
Debian Security Information: DSA-1480 (Google Search)
http://www.debian.org/security/2008/dsa-1480
Debian Security Information: DSA-1509 (Google Search)
http://www.debian.org/security/2008/dsa-1509
Debian Security Information: DSA-1537 (Google Search)
http://www.debian.org/security/2008/dsa-1537
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://secunia.com/secunia_research/2007-88/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.securitytracker.com/id?1018905
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27578
http://secunia.com/advisories/27599
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27637
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27743
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/advisories/30168
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
SuSE Security Announcement: SUSE-SA:2007:060 (Google Search)
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
XForce ISS Database: xpdf-dctstreamread-memory-corruption(38306)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38306
Common Vulnerability Exposure (CVE) ID: CVE-2007-5392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036
XForce ISS Database: xpdf-dctstreamreset-bo(38303)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38303
Common Vulnerability Exposure (CVE) ID: CVE-2007-5393
Debian Security Information: DSA-1408 (Google Search)
http://www.debian.org/security/2007/dsa-1408
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839
http://www.redhat.com/support/errata/RHSA-2007-1028.html
http://www.redhat.com/support/errata/RHSA-2007-1031.html
http://www.redhat.com/support/errata/RHSA-2007-1051.html
http://secunia.com/advisories/27579
http://secunia.com/advisories/27718
http://secunia.com/advisories/27772
XForce ISS Database: xpdf-ccittfaxstreamlookchar-bo(38304)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
Common Vulnerability Exposure (CVE) ID: CVE-2007-4351
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BugTraq ID: 26268
http://www.securityfocus.com/bid/26268
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
CERT/CC vulnerability note: VU#446897
http://www.kb.cert.org/vuls/id/446897
Cisco Security Advisory: 20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability
http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html
Debian Security Information: DSA-1407 (Google Search)
http://www.debian.org/security/2007/dsa-1407
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html
http://security.gentoo.org/glsa/glsa-200711-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:204
http://secunia.com/secunia_research/2007-76/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10604
http://www.redhat.com/support/errata/RHSA-2007-1020.html
http://www.securitytracker.com/id?1018879
http://secunia.com/advisories/27233
http://secunia.com/advisories/27410
http://secunia.com/advisories/27445
http://secunia.com/advisories/27447
http://secunia.com/advisories/27474
http://secunia.com/advisories/27494
http://secunia.com/advisories/27499
http://secunia.com/advisories/27540
http://secunia.com/advisories/27604
http://secunia.com/advisories/27712
http://secunia.com/advisories/28136
http://secunia.com/advisories/30847
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902
SuSE Security Announcement: SUSE-SA:2007:058 (Google Search)
http://www.novell.com/linux/security/advisories/2007_58_cups.html
https://usn.ubuntu.com/539-1/
http://www.vupen.com/english/advisories/2007/3681
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/1934/references
XForce ISS Database: cups-ippreadio-bo(38190)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38190
Common Vulnerability Exposure (CVE) ID: CVE-2007-3387
1018473
http://www.securitytracker.com/id?1018473
20070801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
http://www.securityfocus.com/archive/1/476508/100/0/threaded
20070814 FLEA-2007-0045-1 poppler
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
20070816 FLEA-2007-0046-1 cups
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
25124
http://www.securityfocus.com/bid/25124
26188
http://secunia.com/advisories/26188
26251
http://secunia.com/advisories/26251
26254
http://secunia.com/advisories/26254
26255
http://secunia.com/advisories/26255
26257
http://secunia.com/advisories/26257
26278
http://secunia.com/advisories/26278
26281
http://secunia.com/advisories/26281
26283
http://secunia.com/advisories/26283
26292
http://secunia.com/advisories/26292
26293
http://secunia.com/advisories/26293
26297
http://secunia.com/advisories/26297
26307
http://secunia.com/advisories/26307
26318
http://secunia.com/advisories/26318
26325
http://secunia.com/advisories/26325
26342
http://secunia.com/advisories/26342
26343
http://secunia.com/advisories/26343
26358
http://secunia.com/advisories/26358
26365
http://secunia.com/advisories/26365
26370
http://secunia.com/advisories/26370
26395
http://secunia.com/advisories/26395
26403
http://secunia.com/advisories/26403
26405
http://secunia.com/advisories/26405
26407
http://secunia.com/advisories/26407
26410
http://secunia.com/advisories/26410
26413
http://secunia.com/advisories/26413
26425
http://secunia.com/advisories/26425
26432
http://secunia.com/advisories/26432
26436
http://secunia.com/advisories/26436
26467
http://secunia.com/advisories/26467
26468
http://secunia.com/advisories/26468
26470
http://secunia.com/advisories/26470
26514
http://secunia.com/advisories/26514
26607
http://secunia.com/advisories/26607
26627
http://secunia.com/advisories/26627
26862
http://secunia.com/advisories/26862
26982
http://secunia.com/advisories/26982
27156
http://secunia.com/advisories/27156
27281
http://secunia.com/advisories/27281
27308
http://secunia.com/advisories/27308
27637
30168
40127
http://osvdb.org/40127
ADV-2007-2704
http://www.vupen.com/english/advisories/2007/2704
ADV-2007-2705
http://www.vupen.com/english/advisories/2007/2705
DSA-1347
http://www.debian.org/security/2007/dsa-1347
DSA-1348
http://www.debian.org/security/2007/dsa-1348
DSA-1349
http://www.debian.org/security/2007/dsa-1349
DSA-1350
http://www.debian.org/security/2007/dsa-1350
DSA-1352
http://www.debian.org/security/2007/dsa-1352
DSA-1354
http://www.debian.org/security/2007/dsa-1354
DSA-1355
http://www.debian.org/security/2007/dsa-1355
DSA-1357
http://www.debian.org/security/2007/dsa-1357
GLSA-200709-12
http://security.gentoo.org/glsa/glsa-200709-12.xml
GLSA-200709-17
http://security.gentoo.org/glsa/glsa-200709-17.xml
GLSA-200710-08
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
GLSA-200710-20
http://security.gentoo.org/glsa/glsa-200710-20.xml
GLSA-200711-34
GLSA-200805-13
MDKSA-2007:158
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
MDKSA-2007:159
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
MDKSA-2007:160
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
MDKSA-2007:161
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
MDKSA-2007:162
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
MDKSA-2007:163
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
MDKSA-2007:164
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
MDKSA-2007:165
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
RHSA-2007:0720
http://www.redhat.com/support/errata/RHSA-2007-0720.html
RHSA-2007:0729
http://www.redhat.com/support/errata/RHSA-2007-0729.html
RHSA-2007:0730
http://www.redhat.com/support/errata/RHSA-2007-0730.html
RHSA-2007:0731
http://www.redhat.com/support/errata/RHSA-2007-0731.html
RHSA-2007:0732
http://www.redhat.com/support/errata/RHSA-2007-0732.html
RHSA-2007:0735
http://www.redhat.com/support/errata/RHSA-2007-0735.html
SSA:2007-222-05
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
SSA:2007-316-01
SUSE-SR:2007:015
http://www.novell.com/linux/security/advisories/2007_15_sr.html
SUSE-SR:2007:016
http://www.novell.com/linux/security/advisories/2007_16_sr.html
USN-496-1
http://www.ubuntu.com/usn/usn-496-1
USN-496-2
http://www.ubuntu.com/usn/usn-496-2
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://sourceforge.net/project/shownotes.php?release_id=535497
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.kde.org/info/security/advisory-20070730-1.txt
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
oval:org.mitre.oval:def:11149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.