Yellow Dog Linux Security Advisory: YDU-20030602-3

security yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:46:03 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	cups
Issue Date:	Jun 02,2003
Priority:	medium
Advisory ID: 	YDU-20030602-3


1. 	Topic:

	Updated cups packages are available.


2. 	Problem:

	"Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
	(Internet Printing Protocol) implementation. The IPP implementation is
	single-threaded, which means only one request can be serviced at a time.
	An attacker could make a partial request that does not time out and
	therefore creates a denial of service. In order to exploit this bug, an
	attacker must have the ability to make a TCP connection to the IPP port (by
	default 631).

	All print servers using CUPS should upgrade to these erratum packages,
	which contain a patch and are not vulnerable to this issue."

	(From Red Hat Advisory)

3. 	Solution:

    	a) Updating via apt...
    	We suggest that you use the apt-get program to keep your
    	system up-to-date. The following command(s) will retrieve
    	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install cups

    	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/cups-1.1.17-13.3.ppc.rpm
			ppc/cups-devel-1.1.17-13.3.ppc.rpm
			ppc/cups-libs-1.1.17-13.3.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
fa9716894a5292c3effeef6745ac0e7a  SRPMS/cups-1.1.17-13.3.src.rpm
7995a34dae24ac2ddd77822ada6d70f4  ppc/cups-1.1.17-13.3.ppc.rpm
c7bbbb1c7557557f7f2399f580a1795b  ppc/cups-devel-1.1.17-13.3.ppc.rpm
37c54d8fe1890d10074496066ce38cd0  ppc/cups-libs-1.1.17-13.3.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml