Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Slackware: 2015-188-01 Critical: CUPS Configuration Flaw Attack

slackware
Calendar Grey July 8, 2015
Dist Slackware Esm H88
Updated packaging for Slackware addresses a critical vulnerability that could lead to conflicts within configuration files. Ensure you update promptly.
New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/cups-1.5.4-i486-4_slack14.1.txz: Rebuilt. This release fixes a security issue: CWE-911: Improper Update of Reference Count - CVE-2015-1158 This bug could allow an attacker to upload a replacement CUPS configuration file and mount further attacks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2015-1158 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical patch attack Slackware configuration CUPS

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/cups-1.3.11-i486-3_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/cups-1.3.11-x86_64-3_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.5-i486-3_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.5-x86_64-3_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/cups-1.4.6-i486-2_slack13.37.txz
Updated package for Slackware x86_64...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 package: f013abe1761fb1a3a962ee6bb63bb12c cups-1.3.11-i486-3_slack13.0.txz
Slackware x86_64 13.0 package: 88c5e1cf46eab8fd0d101e8411f10251 cups-1.3.11-x86_64-3_slack13.0.txz
Slackware 13.1 package: f71f2b3066f4af9c407df75b1535f179 cups-1.4.5-i486-3_slack13.1.txz
Slackware x86_64 13.1 package: 2bf27108c7c2772e8adbd984efb0c55e cups-1.4.5-x86_64-3_slack13.1.txz
Slackware 13.37 package: 0db4e57246873b1817f7332f90dd245f cups-1.4.6-i486-2_slack13.37.txz
Slackware x86_64 13.37 package: 8d3ce5ec82218ebb001c0b46d891895a cups-1.4.6-x86_64-2_slack13.37.txz
Slackware 14.0 package: c9130b507a69775f68eb1ca71c2c746c cups-1.5.4-i486-3_slack14.0.txz
Slackware x86_64 14.0 package: e91436f9885350bc63a2d9484f974e66 cups-1.5.4-x86_64-3_slack14.0.txz
Slackware 14.1 package: e7887e9c90b7501edca14157a85f7c3c cups-1.5.4-i486-4_slack14.1.txz
Slackware x86_64 14.1 package: 712faf20c729a442d6229de6942aefc5 cups-1.5.4-x86_64-4_slack14.1.txz
Slackware -current package: b92d4ad6d8da3487ca0445915ef6aa38 ap/cups-2.0.3-i486-1.txz
Slackware x86_64 -current package: f740e4376110c797ef1926d5a94bea5a ap/cups-2.0.3-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical patch attack Slackware configuration CUPS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg cups-1.5.4-i486-4_slack14.1.txz Then, restart the cups server: # sh /etc/rc.d/rc.cups restart

Related News

Your message here