Mandriva Update For Cups MDVSA-2010:233 (cups) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been patched to correct these issues.

Affected

cups on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2010-0540, CVE-2010-2941
CVSS Base Score: 7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:143 (netpbm)
Mandrake Security Advisory MDVSA-2009:147 (pidgin)
Mandrake Security Advisory MDVSA-2009:049-1 (pycrypto)
Mandrake Security Advisory MDVSA-2009:096 (printer-drivers)
Mandrake Security Advisory MDVSA-2009:185 (firefox)

Mandriva Update for cups MDVSA-2010:233 (cups)

Take action and discover your vulnerabilities