LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Yellow Dog alert YDU-20030602-3 (cups)



From:
    	      security <security@terrasoftsolutions.com>


To:
    	      yellowdog-updates@lists.terrasoftsolutions.com


Subject:
    	      Yellow Dog Linux Security Advisory: YDU-20030602-3


Date:
    	      Tue, 03 Jun 2003 18:46:03 -0600



Yellow Dog Linux Security Announcement
--------------------------------------

Package:	cups
Issue Date:	Jun 02,2003
Priority:	medium
Advisory ID: 	YDU-20030602-3


1. 	Topic:

	Updated cups packages are available.


2. 	Problem:

	"Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
	(Internet Printing Protocol) implementation. The IPP implementation is
	single-threaded, which means only one request can be serviced at a time.
	An attacker could make a partial request that does not time out and
	therefore creates a denial of service. In order to exploit this bug, an
	attacker must have the ability to make a TCP connection to the IPP port (by
	default 631).

	All print servers using CUPS should upgrade to these erratum packages,
	which contain a patch and are not vulnerable to this issue."

	(From Red Hat Advisory)

3. 	Solution:

    	a) Updating via apt...
    	We suggest that you use the apt-get program to keep your
    	system up-to-date. The following command(s) will retrieve
    	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install cups

    	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/cups-1.1.17-13.3.ppc.rpm
			ppc/cups-devel-1.1.17-13.3.ppc.rpm
			ppc/cups-libs-1.1.17-13.3.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
fa9716894a5292c3effeef6745ac0e7a  SRPMS/cups-1.1.17-13.3.src.rpm
7995a34dae24ac2ddd77822ada6d70f4  ppc/cups-1.1.17-13.3.ppc.rpm
c7bbbb1c7557557f7f2399f580a1795b  ppc/cups-devel-1.1.17-13.3.ppc.rpm
37c54d8fe1890d10074496066ce38cd0  ppc/cups-libs-1.1.17-13.3.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml


_______________________________________________
yellowdog-updates mailing list
yellowdog-updates@lists.terrasoftsolutions.com
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-updates
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds