[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CUPS vulnerabilities (remote root compromise)

On Fri, Dec 20, 2002 at 12:17:18AM -0600, David Ehle wrote:

> Hello all,
>    Is the Debian package of cups Vulnerable to the security issues
> detailed here?:
>    http://www.idefense.com/advisory/12.19.02.txt
> It doesn't  mentions version 1.1.15-4 explicitly, but the vulnerablites
> havn't been tested on many different Distros yet.
> If the Debian package is affected, does Mr. Licquia have a timetable on
> when our version will be patched?

Yes, it is vulnerable.  The version in woody is 1.1.14-3, and an advisory is
pending.  Unstable already has 1.1.18-1 which contains the fixes.

It sounds like you are running the testing version, in which case you must
handle your own security update.

 - mdz

Reply to: