Test Kennung:	1.3.6.1.4.1.25623.1.0.63889
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2009:024 (cups)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2009:024. The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. This file could lead to an integer overflow in the 'imagetops' filter which caused an heap overflow later. This bug is probably exploitable remotely by users having remote access to the CUPS server and allows the execution of arbitrary code with the privileges of the cupsd process. (CVE-2009-0163) The second issue affects the JBIG2 decoding of the 'pdftops' filter. The JBIG2 decoding routines are vulnerable to various software failure types like integer and buffer overflows and it is believed to be exploit- able remotely to execute arbitrary code with the privileges of the cupsd process. (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183) Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:024 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0146 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 34568 http://www.securityfocus.com/bid/34568 Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search) http://www.securityfocus.com/archive/1/502761/100/0/threaded Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search) http://www.securityfocus.com/archive/1/502750/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1790 (Google Search) http://www.debian.org/security/2009/dsa-1790 Debian Security Information: DSA-1793 (Google Search) http://www.debian.org/security/2009/dsa-1793 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html http://security.gentoo.org/glsa/glsa-200904-20.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632 http://www.redhat.com/support/errata/RHSA-2009-0429.html http://www.redhat.com/support/errata/RHSA-2009-0430.html http://www.redhat.com/support/errata/RHSA-2009-0431.html RedHat Security Advisories: RHSA-2009:0458 http://rhn.redhat.com/errata/RHSA-2009-0458.html http://www.redhat.com/support/errata/RHSA-2009-0480.html http://www.securitytracker.com/id?1022073 http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34755 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 http://secunia.com/advisories/34963 http://secunia.com/advisories/34991 http://secunia.com/advisories/35037 http://secunia.com/advisories/35064 http://secunia.com/advisories/35065 http://secunia.com/advisories/35074 http://secunia.com/advisories/35618 http://secunia.com/advisories/35685 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 SuSE Security Announcement: SUSE-SA:2009:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.vupen.com/english/advisories/2009/1065 http://www.vupen.com/english/advisories/2009/1066 http://www.vupen.com/english/advisories/2009/1077 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2010/1040 Common Vulnerability Exposure (CVE) ID: CVE-2009-0147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 Common Vulnerability Exposure (CVE) ID: CVE-2009-0163 BugTraq ID: 34571 http://www.securityfocus.com/bid/34571 Debian Security Information: DSA-1773 (Google Search) http://www.debian.org/security/2009/dsa-1773 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546 http://www.redhat.com/support/errata/RHSA-2009-0428.html http://www.securitytracker.com/id?1022070 http://secunia.com/advisories/34722 http://secunia.com/advisories/34747 http://www.ubuntu.com/usn/usn-760-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-0165 XForce ISS Database: multiple-jbig2-unspecified(50377) https://exchange.xforce.ibmcloud.com/vulnerabilities/50377 Common Vulnerability Exposure (CVE) ID: CVE-2009-0166 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778 Common Vulnerability Exposure (CVE) ID: CVE-2009-0799 CERT/CC vulnerability note: VU#196617 http://www.kb.cert.org/vuls/id/196617 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204 http://www.securitytracker.com/id?1022072 http://secunia.com/advisories/34746 http://www.vupen.com/english/advisories/2009/1076 Common Vulnerability Exposure (CVE) ID: CVE-2009-0800 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323 Common Vulnerability Exposure (CVE) ID: CVE-2009-1179 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892 http://secunia.com/advisories/35379 http://www.vupen.com/english/advisories/2009/1522 Common Vulnerability Exposure (CVE) ID: CVE-2009-1180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926 Common Vulnerability Exposure (CVE) ID: CVE-2009-1181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683 Common Vulnerability Exposure (CVE) ID: CVE-2009-1182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735 Common Vulnerability Exposure (CVE) ID: CVE-2009-1183 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.