Yellow Dog Linux Security Advisory: YDU-20030602-3
security
yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:46:03 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: cups
Issue Date: Jun 02,2003
Priority: medium
Advisory ID: YDU-20030602-3
1. Topic:
Updated cups packages are available.
2. Problem:
"Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
(Internet Printing Protocol) implementation. The IPP implementation is
single-threaded, which means only one request can be serviced at a time.
An attacker could make a partial request that does not time out and
therefore creates a denial of service. In order to exploit this bug, an
attacker must have the ability to make a TCP connection to the IPP port (by
default 631).
All print servers using CUPS should upgrade to these erratum packages,
which contain a patch and are not vulnerable to this issue."
(From Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install cups
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/cups-1.1.17-13.3.ppc.rpm
ppc/cups-devel-1.1.17-13.3.ppc.rpm
ppc/cups-libs-1.1.17-13.3.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
fa9716894a5292c3effeef6745ac0e7a SRPMS/cups-1.1.17-13.3.src.rpm
7995a34dae24ac2ddd77822ada6d70f4 ppc/cups-1.1.17-13.3.ppc.rpm
c7bbbb1c7557557f7f2399f580a1795b ppc/cups-devel-1.1.17-13.3.ppc.rpm
37c54d8fe1890d10074496066ce38cd0 ppc/cups-libs-1.1.17-13.3.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml