Mandriva Update For Cups MDVSA-2010:233 (cups) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been patched to correct these issues.

Affected

cups on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2010-0540, CVE-2010-2941

CVSS	Base Score: 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:095 (ghostscript)
Mandrake Security Advisory MDVSA-2009:132 (libsndfile)
Mandrake Security Advisory MDVSA-2009:076 (avahi)
Mandrake Security Advisory MDVSA-2009:128 (libmodplug)
Mandrake Security Advisory MDVSA-2009:073 (sarg)

Mandriva Update for cups MDVSA-2010:233 (cups)

Take action and discover your vulnerabilities