[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.21 UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.21 UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Fri, 21 Apr 2006 14:36:13 -0700
--
Dr. Ronald Joe Record
SCO Security Officer
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : CUPS Multiple Buffer Overflow
Vulnerabilities
Advisory number: SCOSA-2006.21
Issue date: 2006 April 18
Cross reference: fz533446
CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
______________________________________________________________________________
1. Problem Description
Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
The vulnerabilities are caused due to the use of a vulnerable
version of Xpdf.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 Cups package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21
4.2 Verification
MD5 (p533446.714.image) = 1bbbd92df9260f0ac32cf27ad03b4532
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533446.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533446.714.image
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://secunia.com/advisories/17976/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533446.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFERlkmaqoBO7ipriERAk7zAJ0Q+vs/nCHC44LI9s1Am73hFqJacACfYkhQ
OwhdzIoyILAJA3ZkI1bpi/A=
=s7Zo
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/