• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Easy Software Products LPPassWd CUPS Password File Truncation Vulnerability

Solution:
RedHat has released advisories FEDORA-2004-559, and FEDORA-2004-560 to address this issue and other issues in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Ubuntu has released an advisory (USN-50-1) dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory GLSA 200412-25 to address various issues in CUPS. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23_rc1"

Gentoo has released an updated version of their CUPS advisory (GLSA 200412-25). Due to a recently discovered denial of service vulnerability, Gentoo advises that all CUPS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23"

For more information please see the referenced Gentoo advisory (GLSA 200412-25).

Red Hat has released an advisory (RHSA-2005:013-20) to address various issues in CUPS. Please see the advisory in Web references for more information.

Mandrake has released advisory MDKSA-2005:008 to address various issues related to CUPS. Please see the referenced advisory for more information.

SGI has released advisory 20050101-01-U (SGI Advanced Linux Environment 3 Security Update #23) to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages and patch 10137. Please see the referenced advisory for more information.

TurboLinux has released Security Announcement 17/Feb/2005 dealing with this and other issues; please see the reference section for more information.

Fedora has released Fedora Legacy Advisory (FLSA:2127) to address various issues affecting CUPS in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.


Easy Software Products CUPS 1.1.20

• Fedora cups-1.1.20-11.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-1.1.20-11.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-debuginfo-1.1.20-11.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-debuginfo-1.1.20-11.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-devel-1.1.20-11.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-devel-1.1.20-11.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-libs-1.1.20-11.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cups-libs-1.1.20-11.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Mandrake cups-1.1.20-5.5.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-1.1.20-5.5.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-1.1.20-5.5.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-common-1.1.20-5.5.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-common-1.1.20-5.5.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-common-1.1.20-5.5.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-serial-1.1.20-5.5.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-serial-1.1.20-5.5.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cups-serial-1.1.20-5.5.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64cups2-1.1.20-5.5.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64cups2-devel-1.1.20-5.5.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libcups2-1.1.20-5.5.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libcups2-1.1.20-5.5.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libcups2-devel-1.1.20-5.5.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libcups2-devel-1.1.20-5.5.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• TurboLinux cups-1.1.20-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/cups-1.1.20-4.i586.rpm


• TurboLinux cups-devel-1.1.20-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/cups-devel-1.1.20-4.i586.rpm


• TurboLinux cups-libs-1.1.20-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/cups-libs-1.1.20-4.i586.rpm


• Ubuntu cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20 final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20 final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20 final+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1 .20final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1 .20final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1 .20final+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu cupsys_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20fina l+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu cupsys_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20fina l+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu cupsys_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20fina l+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev _1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev _1.1.20final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev _1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1 .20final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1 .20final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1 .20final+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1. 1.20final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1. 1.20final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1. 1.20final+cvs20040330-4ubuntu16.3_powerpc.deb


• Ubuntu libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls 10_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb


• Ubuntu libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls 10_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb


• Ubuntu libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls 10_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb

Easy Software Products CUPS 1.1.22 rc1

• Fedora cups-1.1.22-0.rc1.8.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-1.1.22-0.rc1.8.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-debuginfo-1.1.22-0.rc1.8.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-debuginfo-1.1.22-0.rc1.8.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-devel-1.1.22-0.rc1.8.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-devel-1.1.22-0.rc1.8.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-libs-1.1.22-0.rc1.8.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cups-libs-1.1.22-0.rc1.8.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

SGI ProPack 3.0

• SGI patch10137.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 37.tar.gz