Re: CUPS vulnerabilities (remote root compromise)

To: debian-security@lists.debian.org
Subject: Re: CUPS vulnerabilities (remote root compromise)
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 20 Dec 2002 21:29:30 -0500
Message-id: <20021221022930.GV12354@mizar.alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <Pine.LNX.4.44.0212200010260.30214-100000@agni.phys.iit.edu>
References: <Pine.LNX.4.44.0212200010260.30214-100000@agni.phys.iit.edu>

On Fri, Dec 20, 2002 at 12:17:18AM -0600, David Ehle wrote:

> 
> Hello all,
> 
>    Is the Debian package of cups Vulnerable to the security issues
> detailed here?:
>    http://www.idefense.com/advisory/12.19.02.txt
> 
> It doesn't  mentions version 1.1.15-4 explicitly, but the vulnerablites
> havn't been tested on many different Distros yet.
> 
> If the Debian package is affected, does Mr. Licquia have a timetable on
> when our version will be patched?

Yes, it is vulnerable.  The version in woody is 1.1.14-3, and an advisory is
pending.  Unstable already has 1.1.18-1 which contains the fixes.

It sounds like you are running the testing version, in which case you must
handle your own security update.

-- 
 - mdz

Reply to:

References:
- CUPS vulnerabilities (remote root compromise)
  - From: David Ehle <ehle@agni.phys.iit.edu>

Prev by Date: Re: FTP-SSL
Next by Date: Re: Need an advise about isolating a host in the DMZ
Previous by thread: CUPS vulnerabilities (remote root compromise)
Next by thread: /usr/lib/libkssl.so.2.0.2
Index(es):
- Date
- Thread