Debian: 'CUPS' update

    Date19 Nov 2000
    CategoryDebian
    2326
    Posted ByLinuxSecurity Advisories
    Mandrake has recently released a security advisory against CUPSraising two issues
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                           Martin Schulze
    November 19, 2000
    - ------------------------------------------------------------------------
    
    Package        : cupsys
    Problem type   : remote misuse of printer
    Debian-specific: no
    
    Mandrake has recently released a security advisory against CUPS
    raising two issues:
     
     1. CUPS sends broadcast packets, which can keep dial-on-demand lines
        up and otherwise irritate network administrators.
     
     2. CUPS has a rather vague problem to the effect of "everyone on the
        Internet can get to your printers".
    
    The first problem is not a problem either in Debian's potato (2.2) or
    woody (unstable).  Our cupsys packages are shipped with browsing
    turned off by default.
    
    The second problem has to do with CUPS's configuration.  CUPS does
    access control in a similar way to Apache, and is configured by
    default in a similar way to Apache.  This isn't terribly appropriate
    in the case of allowing people to attach to printers.  Administrative
    tasks still aren't allowed, but Internet users could (for example) run
    all the paper out of your printer.  Debian as shipped in potato and
    woody is vulnurable to this latter problem.
    
    The fix is simply to configure access control to reflect your real
    wishes, which is done in /etc/cups/cupsd.conf.  This can be done with
    the current packages (in both potato and woody).
    
    This has been fixed in version 1.0.4-8 (or 1.1.4-2 for unstable) and
    we recommend that you upgrade your cupsys packages immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
      
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      Packages for sparc are not available at this moment; they
      will be announced later at  http://security.debian.org/
    
      Source archives:
    
        
    http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-8.diff.gz
          MD5 checksum: 94b68f4e4615db5f3ca2a696211d1726
        
    http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-8.dsc
          MD5 checksum: cce24eb93aa48df72695b765911b66cf
        
    http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4.orig.tar.gz
          MD5 checksum: d753d8b3c2506a9b97bf4f22ca53f38b
    
      Alpha architecture:
    
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys-bsd_1.0.4-8_alpha.deb
          MD5 checksum: 2f5387a3bb28c4cab3584c782e64dba2
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-8_alpha.deb
          MD5 checksum: e57dcc292495cc993a7dba330984f7a1
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1-dev_1.0.4-8_alpha.deb
          MD5 checksum: b1366abfaba4e2e40cec456d1492b3d1
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1_1.0.4-8_alpha.deb
          MD5 checksum: e76ea83780a34fdd2ef12f7f9ddea91e
    
      Intel ia32 architecture:
    
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys-bsd_1.0.4-8_i386.deb
          MD5 checksum: 2705429adc5c13c6c3e5091777c78bf8
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-8_i386.deb
          MD5 checksum: b0a0aba119abf96a114e3f365941fdab
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1-dev_1.0.4-8_i386.deb
          MD5 checksum: de478e5b8acf1352a8dad673d7bff1dd
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1_1.0.4-8_i386.deb
          MD5 checksum: f0e04e59279387c079b19c58caed73ba
    
      Motorola 680x0 architecture:
    
        
    http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys-bsd_1.0.4-8_m68k.deb
          MD5 checksum: 1762122427ef722bd85f7a88380e9bf3
        
    http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-8_m68k.deb
          MD5 checksum: 4cf26c54f12097833ec43519a33644f8
        
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1-dev_1.0.4-8_m68k.deb
          MD5 checksum: 5da5c5b7eb59bd0dd8234ca333eeccbe
        
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1_1.0.4-8_m68k.deb
          MD5 checksum: 109c60a3c088443668e140b1216db90e
    
      Sun Sparc architecture:
    
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys-bsd_1.0.4-8_sparc.deb
          MD5 checksum: e3de38c1ffc8f42f5184accf7e8c33fa
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-8_sparc.deb
          MD5 checksum: 5c5c795850c2d8860510ab84e21d77ad
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1-dev_1.0.4-8_sparc.deb
          MD5 checksum: 00a5bc66a6462cbd13aaf0d937a9caa4
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1_1.0.4-8_sparc.deb
          MD5 checksum: e246041757d48ac540c5105c94bf11b5
    
      PowerPC architecture:
    
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys-bsd_1.0.4-8_powerpc.deb
          MD5 checksum: 4353686f5bd1ed22e5b62b0645de4b38
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-8_powerpc.deb
          MD5 checksum: eacc46971574fcbc7f3167c3442d3752
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1-dev_1.0.4-8_powerpc.deb
          MD5 checksum: 7cb32304728135e4b8a2c2fe425a1cd7
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1_1.0.4-8_powerpc.deb
          MD5 checksum: 49ae282dc20db9cb9253030bf6c3b656
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    
    Debian GNU/Linux unstable alias woody
    - -------------------------------------
    
      Source archives:
    
        
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4-2.diff.gz
          MD5 checksum: ca5a4a1e1c94b6bc6167c3688b3633e4
        
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4-2.dsc
          MD5 checksum: c1d9c0e9ea78b52b027b4940370aba47
        
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4.orig.tar.gz
          MD5 checksum: 3d0014eef7fcd591203e359330364fd1
    
      Intel ia32 architecture:
    
        
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/devel/libcupsys2-dev_1.1.4-2.deb
          MD5 checksum: c0e7e18a9fe1665e9b1084cadfc85fb6
        
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/libs/libcupsys2_1.1.4-2.deb
          MD5 checksum: 033bd0fe54fc698dcfcdcb3c2a719b2c
        
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys-bsd_1.1.4-2.deb
          MD5 checksum: a496984c22dc766e5900a5666b05b7d4
        
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys-client_1.1.4-2.deb
          MD5 checksum: caa3d24f7400a99b81df73f0e3c31ea5
        
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys_1.1.4-2.deb
          MD5 checksum: 86bc283123a7b1a065e66916f8911381
    
      Packages for other architectures will be available soon.
    
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.