ID de Prueba:	1.3.6.1.4.1.25623.1.0.60732
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0206
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0206. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the lp user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters imagetops and imagetoraster. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the lp user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the pdftops filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the lp user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0206.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0053 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 28304 http://www.securityfocus.com/bid/28304 BugTraq ID: 28334 http://www.securityfocus.com/bid/28334 Cert/CC Advisory: TA08-079A http://www.us-cert.gov/cas/techalerts/TA08-079A.html Debian Security Information: DSA-1625 (Google Search) http://www.debian.org/security/2008/dsa-1625 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html http://security.gentoo.org/glsa/glsa-200804-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356 http://www.redhat.com/support/errata/RHSA-2008-0192.html http://www.redhat.com/support/errata/RHSA-2008-0206.html http://www.securitytracker.com/id?1019672 http://secunia.com/advisories/29420 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 http://secunia.com/advisories/29630 http://secunia.com/advisories/29634 http://secunia.com/advisories/29655 http://secunia.com/advisories/29659 http://secunia.com/advisories/29750 http://secunia.com/advisories/31324 SuSE Security Announcement: SUSE-SA:2008:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html http://www.ubuntu.com/usn/usn-598-1 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: macos-cups-inputvalidation-unspecified(41272) https://exchange.xforce.ibmcloud.com/vulnerabilities/41272 Common Vulnerability Exposure (CVE) ID: CVE-2008-1373 BugTraq ID: 28544 http://www.securityfocus.com/bid/28544 Bugtraq: 20080404 rPSA-2008-0136-1 cups (Google Search) http://www.securityfocus.com/archive/1/490486/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479 http://www.securitytracker.com/id?1019739 http://secunia.com/advisories/29661 http://www.vupen.com/english/advisories/2008/1059/references XForce ISS Database: cups-gifreadlzw-bo(41587) https://exchange.xforce.ibmcloud.com/vulnerabilities/41587 Common Vulnerability Exposure (CVE) ID: CVE-2008-1374 Bugtraq: 20080806 rPSA-2008-0245-1 cups (Google Search) http://www.securityfocus.com/archive/1/495164/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9636 http://secunia.com/advisories/31388 XForce ISS Database: cups-pdftops-bo(41758) https://exchange.xforce.ibmcloud.com/vulnerabilities/41758 Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.redhat.com/support/errata/RHSA-2005-354.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 Common Vulnerability Exposure (CVE) ID: CVE-2005-0206 http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 http://www.mandriva.com/security/advisories?name=MDKSA-2005:056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107 http://www.redhat.com/support/errata/RHSA-2005-034.html http://www.redhat.com/support/errata/RHSA-2005-053.html http://www.redhat.com/support/errata/RHSA-2005-057.html http://www.redhat.com/support/errata/RHSA-2005-132.html http://www.redhat.com/support/errata/RHSA-2005-213.html
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.