Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 566-1] New CUPS packages fix information leak
From: debian-security-announce () lists debian org
Date: Thu, 14 Oct 2004 17:27:26 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 566-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
October 14th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : unsanitised input
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0923
CERT advisory  : VU#557062

An information leak has been detected in CUPS, the Common UNIX
Printing System, which may lead to the disclosure of sensitive
information, such as user names and passwords which are written into
log files.

The used patch only eliminates the authentication information in the
device URI which is logged in the error_log file.  It does not
eliminate the URI from the environment and process table, which is why
the CUPS developers recommend that system administrators do not code
authentication information in device URIs in the first place.

For the stable distribution (woody) this problem has been fixed in
version 1.1.14-5woody7.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.20final+rc1-9.

We recommend that you upgrade your CUPS package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.dsc
      Size/MD5 checksum:      710 cc64cacbd7546a5609d78f47dbcd0e78
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.diff.gz
      Size/MD5 checksum:    39147 90020c9ccf4c20d75545d2b9fc804f12
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
      Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:  1899802 4f68d49c505e401ec65c45fc89baaef0
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:    74186 87538022f3f049de24a67524f6b6e374
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:    92828 a97dec155e925386ec24723825fb821b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:  2445680 b0ee9dc5e73ab807fc4befa4f62ed2e4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:   137850 4c95ecf39a123d7fc2b20a11471478d4
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_alpha.deb
      Size/MD5 checksum:   180786 1daecceb7cfdce5a2715ae10cd227c0d

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:  1821486 8e7f3aca59e978f96d5d85ed7d9b132c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:    68322 6cb0d1d79e7c630e62a316f9991d04c6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:    85500 303f4eb613479f112c84f496190c9b72
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:  2345676 99216618a594ee5bb5a87c3023428355
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:   112826 52e2ea3acbdcfdb3b0182833b5713541
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_arm.deb
      Size/MD5 checksum:   150236 b49e83f022a165d4a1c84b757d3f9292

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:  1788306 a96f7bf460aa90e3f26e0a0dff99090d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:    67852 ee72adda3436557359f244a48088ee5d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:    84012 fdcfac62cfdd73d412a82d6f7d4d5659
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:  2311820 8fe69ac7ea5cf3fb82f25387a6c3be71
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:   110854 3e9c9b1102844a6f82c853682b1c2e77
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_i386.deb
      Size/MD5 checksum:   136426 827b43571bfed94ccf6e7dd6d423d1b8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:  2007756 3a4d0833b9efea469ff3a839ecb699a9
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:    77250 aec887b9d536409c3888be0519b92e4f
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:    96978 b4088ed3cbdf7707e1454761fa737ae7
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:  2656628 3d1c5e6c5d9e690eb365051e2b547a38
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:   155830 c57c5e454626ab01a048ad5e891f1e04
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_ia64.deb
      Size/MD5 checksum:   182796 c0392a8c7865cb50d04be0e94652950e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:  1881442 563a1aa0dd580b6ad3c6c0a2349dca4a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:    70642 5621e5d9b87d09518989007f56226829
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:    89672 3b0e46f09ddf5729ecf1ff2ffd96e330
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:  2455902 b2cec64fb76c5897e80ae5f1dcac544e
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:   126408 1e2d78fb9ea9ccf33c8795e299c80472
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_hppa.deb
      Size/MD5 checksum:   159394 4f3b418889cca6c58a6f43e45f4a850b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:  1754764 f87db50992018fe8b5de25211b574426
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:    66118 296777959e50722e6b9f9d6faa4cfc1b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:    81236 32a5503de356745eec4e1c635038fceb
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:  2261258 c019c2ae5fcbd0971f3d2cda8d9e3847
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:   106082 4a9d724f386e377d1fd85fa99889f59a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_m68k.deb
      Size/MD5 checksum:   128650 667a278f8fcb605687c98b23b3f3aafe

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:  1811334 a4c2911a2e87d42a1dbc9184ef9c0816
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:    67744 413e2cd4d055e0b4c75328cb31ba7fac
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:    81192 33d5eea8d3c413e7a99e1124de8fc45a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:  2404494 015fa93177953806525c84386a2d08c8
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:   112614 74ee1d6ea3fb489e6a9934000ff458cd
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mips.deb
      Size/MD5 checksum:   151050 93d3f6cf6aa5dff4864020f919628e21

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:  1811896 beefa067ccaea12fa4d68d5678960c3d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:    67718 e557c54204935027615e54070022d266
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:    81200 9261e171865e9b90abe5e3c32b7985c6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:  2406850 8c076e85e74f2bb724e8861caf5cbd1a
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:   112422 899ee72e7435f36443cf2682fd1eedfc
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mipsel.deb
      Size/MD5 checksum:   150868 3ac0b70dd963fd9d691778f3db475e78

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:  1800310 e91d519ebb667d0fc014197c9fc50bbf
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:    67750 f612f520350723784e7e412b5c5c6d76
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:    83326 3d6ac0b7cac6a22b7a8ab35d3284d426
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:  2359640 b68c2880e24184dd822858ff0f8c2c6c
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:   116626 965df8a04738453a1be6dcadfb185425
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_powerpc.deb
      Size/MD5 checksum:   145072 1f5234bbf22e3d4e87ab83e05c293aee

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:  1795398 5fb02f410f015da208095d47dd544225
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:    69130 5c18941172e2a104778aa738e77af8e4
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:    85850 3426a67e51a4681b509b8c2fb960b36d
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:  2337448 6e27c255720ee9be9a463155a44a30ab
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:   115168 ceb391d9471abff5410adfde83d063c7
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_s390.deb
      Size/MD5 checksum:   140690 0123cc8d43645684800913c441572d9a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:  1845052 2cea12827ac192d5e53aabf6f9d15c0c
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:    70706 4585deca2f2105f00f89fe2a90dc81b5
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:    84132 f81ebff2f338f9c0a847cbc75e465aa6
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:  2354524 a171535afe6b378f471d2b7098538698
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:   120310 9bd1fd569c5727431647a1649e89d2f7
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_sparc.deb
      Size/MD5 checksum:   146600 6e5b4f99e8f1e6d2fe09d6037f2d16e1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBbprdW5ql+IAeqTIRAs2XAKCaRQ490/C8iFKprrBBK8CsbnjVEQCaApFb
HfNhjsxtZ0wRnppgq06sO7w=
=gN6K
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 566-1] New CUPS packages fix information leak debian-security-announce (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault