Summary
The remote host is missing an update to cups
announced via advisory FEDORA-2009-3753.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update cups' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3753
Insight
Update Information:
This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166.
PDF files are now converted to PostScript using the poppler package's pdftops program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname to cupsd.conf for each such name.
The special line ServerAlias * disables checking (but this allows DNS rebinding attacks).
ChangeLog:
* Tue Apr 21 2009 Tim Waugh 1:1.3.10-1
- 1.3.10. No longer need ext, includeifexists, str2988, CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches.
- Requires poppler-utils.
- NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add ServerAlias hostname for each such name. The special line ServerAlias * disables checking (but this allows DNS rebinding attacks).
* Fri Apr 17 2009 Tim Waugh
- Fixed getnameddest patch (bug #481481, STR #3082).
* Wed Jan 28 2009 Tim Waugh 1:1.3.9-4
- Always supply document-name when printing a file (STR #3055).
- Load MIME type rules correctly (bug #426089, STR #3059).
- Fixed quotas (STR #3077, STR #3078).
- Removed all patch fuzz.
References
Severity
Classification
-
CVE CVE-2008-1373, CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641, CVE-2008-5183, CVE-2008-5286, CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0164, CVE-2009-0166 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities