thr3ads.net - Secure testing team - [Secure-testing-team] Bug#572940: CVE-2010-0302: Incomplete security fix [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2010-Mar-07 18:57 UTC

[Secure-testing-team] Bug#572940: CVE-2010-0302: Incomplete security fix

Package: cups
Severity: important
Tags: security

The upstream patch for CVE-2009-3553 turned out to be incomplete. Please
see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0302 for a
description and a patch.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages cups depends on:
ii  adduser                      3.112       add and remove users and groups
pn  cups-common                  <none>      (no description available)
ii  debconf [debconf-2.0]        1.5.28      Debian configuration management sy
ii  ghostscript                  8.71~dfsg-2 The GPL Ghostscript PostScript/PDF
pn  libavahi-compat-libdnssd1    <none>      (no description available)
ii  libc6                        2.10.2-6    Embedded GNU C Library: Shared lib
ii  libcups2                     1.4.2-9.1   Common UNIX Printing System(tm) - 
ii  libcupsimage2                1.4.2-9.1   Common UNIX Printing System(tm) - 
ii  libdbus-1-3                  1.2.20-2    simple interprocess messaging syst
ii  libgnutls26                  2.8.5-2     the GNU TLS library - runtime libr
pn  libkrb53                     <none>      (no description available)
ii  libldap-2.4-2                2.4.17-2.1  OpenLDAP libraries
ii  libpam0g                     1.1.1-2     Pluggable Authentication Modules l
ii  libpaper1                    1.1.23+nmu2 library for handling paper charact
pn  libslp1                      <none>      (no description available)
ii  lsb-base                     3.2-23      Linux Standard Base 3.2 init scrip
ii  perl-modules                 5.10.1-11   Core Perl modules
ii  poppler-utils [xpdf-utils]   0.12.2-2.1  PDF utilitites (based on libpopple
ii  procps                       1:3.2.8-8   /proc file system utilities
ii  ssl-cert                     1.0.25      simple debconf wrapper for OpenSSL

Versions of packages cups recommends:
pn  avahi-utils               <none>         (no description available)
pn  cups-client               <none>         (no description available)
ii  foomatic-filters          4.0-20090509-1 OpenPrinting printer support - fil
pn  smbclient                 <none>         (no description available)

Versions of packages cups suggests:
pn  cups-bsd                  <none>         (no description available)
pn  cups-driver-gutenprint    <none>         (no description available)
pn  cups-pdf                  <none>         (no description available)
ii  foomatic-db               20090616-1     OpenPrinting printer support - dat
ii  foomatic-db-engine        4.0-20090509-2 OpenPrinting printer support - pro
pn  hplip                     <none>         (no description available)
pn  xpdf-korean | xpdf-japane <none>         (no description available)

Secure testing team - Mar 2010 - Bug#572940: CVE-2010-0302: Incomplete security fix

[Secure-testing-team] Bug#572940: CVE-2010-0302: Incomplete security fix