Summary
The remote host is missing an update to cups
announced via advisory FEDORA-2009-3769.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update cups' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3769
Insight
This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166.
PDF files are now converted to PostScript using the poppler package's pdftops program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname to cupsd.conf for each such name. The special line ServerAlias * disables checking (but this allows DNS rebinding attacks).
ChangeLog:
* Tue Apr 21 2009 Tim Waugh 1:1.3.10-1
- 1.3.10. No longer need ext, includeifexists, str2988, CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches.
- Requires poppler-utils.
- NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname for each such name. The special line ServerAlias * disables checking (but this allows DNS rebinding attacks).
References
Severity
Classification
-
CVE CVE-2008-1722, CVE-2008-5183, CVE-2008-5286, CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0164, CVE-2009-0166 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities