-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0072
Package names: cups, curl
Summary: Multiple vulnerabilities
Date: 2005-12-16
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
cups
The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems. It has been developed by Easy Software
Products to promote a standard printing solution for all UNIX vendors
and users. CUPS provides the System V and Berkeley command-line
interfaces.
curl
Curl is a client to get documents/files from servers, using any of the
supported protocols. The command is designed to work without user
interaction or any kind of interactivity. Curl offers a busload of
useful tricks like proxy support, user authentication, ftp upload,
HTTP post, file transfer resume and more.
Problem description:
cups < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Some vulnerabilities have been reported in CUPS,
which can be exploited by malicious people to cause a DoS (Denial
of Service) and potentially to compromise a vulnerable system. The
vulnerabilities are caused due to the use of a vulnerable version
of Xpdf.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193 to this issue.
curl < TSL 3.0 > < TSL 2.2 >
- New upstream.
- SECURITY Fix: Stefan Esser has reported a vulnerability caused due
to an off-by-one error when parsing an URL that is longer than 256
bytes. By using a specially crafted URL, a two-byte overflow is
reportedly possible.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-4077 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2005/0072/>
MD5sums of the packages:
- --------------------------------------------------------------------------
d8d12f31987c99d9d7039bf46960c7a7 2.2/rpms/cups-1.1.23-6tr.i586.rpm
534106c5d3575bca7fa65d16d6f5b7a2 2.2/rpms/cups-devel-1.1.23-6tr.i586.rpm
fcb9a207708fa5f6c86d95d9be289a9f 2.2/rpms/cups-libs-1.1.23-6tr.i586.rpm
452de757471e7c9400ff157c5a5b7bf4 2.2/rpms/curl-7.15.1-1tr.i586.rpm
69d359630bff6fb459f936770552e637 2.2/rpms/curl-devel-7.15.1-1tr.i586.rpm
db924f1d3fe013a1313b290ac96e7eba 3.0/rpms/cups-1.1.23-10tr.i586.rpm
1787c4434e7d7ac7b77eca332b5df6c3 3.0/rpms/cups-devel-1.1.23-10tr.i586.rpm
9737a97234749fdec6c4ad44ad6120b8 3.0/rpms/cups-libs-1.1.23-10tr.i586.rpm
8a95fd5e987ffa5674447128ac0623a0 3.0/rpms/cups-samba-1.1.23-10tr.i586.rpm
cb1c270342cb59a5f0ef12f5b504b094 3.0/rpms/curl-7.15.1-1tr.i586.rpm
7244734c93ae10c1b41f62107d6136b1 3.0/rpms/curl-devel-7.15.1-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDvQgTi8CEzsK9IksRAgE6AJ0aO2QYfA4fKGd9sHCr5Ch6u2yAOwCeP8dV
zOenP4TJ1DDOUyXBB520Cb4=
=h4i0
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-announce
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
