Debian: CUPS information leak fix

    Date14 Oct 2004
    CategoryDebian
    2836
    Posted ByLinuxSecurity Advisories
    An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 566-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 14th, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : cupsys
    Vulnerability  : unsanitised input
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0923
    CERT advisory  : VU#557062
    
    An information leak has been detected in CUPS, the Common UNIX
    Printing System, which may lead to the disclosure of sensitive
    information, such as user names and passwords which are written into
    log files.
    
    The used patch only eliminates the authentication information in the
    device URI which is logged in the error_log file.  It does not
    eliminate the URI from the environment and process table, which is why
    the CUPS developers recommend that system administrators do not code
    authentication information in device URIs in the first place.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.1.14-5woody7.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.1.20final+rc1-9.
    
    We recommend that you upgrade your CUPS package.
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.dsc
          Size/MD5 checksum:      710 cc64cacbd7546a5609d78f47dbcd0e78
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.diff.gz
          Size/MD5 checksum:    39147 90020c9ccf4c20d75545d2b9fc804f12
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
          Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:  1899802 4f68d49c505e401ec65c45fc89baaef0
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:    74186 87538022f3f049de24a67524f6b6e374
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:    92828 a97dec155e925386ec24723825fb821b
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:  2445680 b0ee9dc5e73ab807fc4befa4f62ed2e4
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:   137850 4c95ecf39a123d7fc2b20a11471478d4
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_alpha.deb
          Size/MD5 checksum:   180786 1daecceb7cfdce5a2715ae10cd227c0d
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:  1821486 8e7f3aca59e978f96d5d85ed7d9b132c
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:    68322 6cb0d1d79e7c630e62a316f9991d04c6
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:    85500 303f4eb613479f112c84f496190c9b72
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:  2345676 99216618a594ee5bb5a87c3023428355
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:   112826 52e2ea3acbdcfdb3b0182833b5713541
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_arm.deb
          Size/MD5 checksum:   150236 b49e83f022a165d4a1c84b757d3f9292
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:  1788306 a96f7bf460aa90e3f26e0a0dff99090d
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:    67852 ee72adda3436557359f244a48088ee5d
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:    84012 fdcfac62cfdd73d412a82d6f7d4d5659
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:  2311820 8fe69ac7ea5cf3fb82f25387a6c3be71
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:   110854 3e9c9b1102844a6f82c853682b1c2e77
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_i386.deb
          Size/MD5 checksum:   136426 827b43571bfed94ccf6e7dd6d423d1b8
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:  2007756 3a4d0833b9efea469ff3a839ecb699a9
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:    77250 aec887b9d536409c3888be0519b92e4f
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:    96978 b4088ed3cbdf7707e1454761fa737ae7
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:  2656628 3d1c5e6c5d9e690eb365051e2b547a38
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:   155830 c57c5e454626ab01a048ad5e891f1e04
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_ia64.deb
          Size/MD5 checksum:   182796 c0392a8c7865cb50d04be0e94652950e
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:  1881442 563a1aa0dd580b6ad3c6c0a2349dca4a
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:    70642 5621e5d9b87d09518989007f56226829
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:    89672 3b0e46f09ddf5729ecf1ff2ffd96e330
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:  2455902 b2cec64fb76c5897e80ae5f1dcac544e
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:   126408 1e2d78fb9ea9ccf33c8795e299c80472
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_hppa.deb
          Size/MD5 checksum:   159394 4f3b418889cca6c58a6f43e45f4a850b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:  1754764 f87db50992018fe8b5de25211b574426
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:    66118 296777959e50722e6b9f9d6faa4cfc1b
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:    81236 32a5503de356745eec4e1c635038fceb
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:  2261258 c019c2ae5fcbd0971f3d2cda8d9e3847
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:   106082 4a9d724f386e377d1fd85fa99889f59a
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_m68k.deb
          Size/MD5 checksum:   128650 667a278f8fcb605687c98b23b3f3aafe
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:  1811334 a4c2911a2e87d42a1dbc9184ef9c0816
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:    67744 413e2cd4d055e0b4c75328cb31ba7fac
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:    81192 33d5eea8d3c413e7a99e1124de8fc45a
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:  2404494 015fa93177953806525c84386a2d08c8
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:   112614 74ee1d6ea3fb489e6a9934000ff458cd
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mips.deb
          Size/MD5 checksum:   151050 93d3f6cf6aa5dff4864020f919628e21
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:  1811896 beefa067ccaea12fa4d68d5678960c3d
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:    67718 e557c54204935027615e54070022d266
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:    81200 9261e171865e9b90abe5e3c32b7985c6
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:  2406850 8c076e85e74f2bb724e8861caf5cbd1a
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:   112422 899ee72e7435f36443cf2682fd1eedfc
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mipsel.deb
          Size/MD5 checksum:   150868 3ac0b70dd963fd9d691778f3db475e78
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:  1800310 e91d519ebb667d0fc014197c9fc50bbf
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:    67750 f612f520350723784e7e412b5c5c6d76
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:    83326 3d6ac0b7cac6a22b7a8ab35d3284d426
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:  2359640 b68c2880e24184dd822858ff0f8c2c6c
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:   116626 965df8a04738453a1be6dcadfb185425
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_powerpc.deb
          Size/MD5 checksum:   145072 1f5234bbf22e3d4e87ab83e05c293aee
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:  1795398 5fb02f410f015da208095d47dd544225
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:    69130 5c18941172e2a104778aa738e77af8e4
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:    85850 3426a67e51a4681b509b8c2fb960b36d
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:  2337448 6e27c255720ee9be9a463155a44a30ab
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:   115168 ceb391d9471abff5410adfde83d063c7
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_s390.deb
          Size/MD5 checksum:   140690 0123cc8d43645684800913c441572d9a
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:  1845052 2cea12827ac192d5e53aabf6f9d15c0c
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:    70706 4585deca2f2105f00f89fe2a90dc81b5
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:    84132 f81ebff2f338f9c0a847cbc75e465aa6
         http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:  2354524 a171535afe6b378f471d2b7098538698
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:   120310 9bd1fd569c5727431647a1649e89d2f7
         http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_sparc.deb
          Size/MD5 checksum:   146600 6e5b4f99e8f1e6d2fe09d6037f2d16e1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.