Alerta de Segurança Debian

DSA-566-1 cupsys -- entrada não sanitizada

Data do Alerta:
14 Out 2004
Pacotes Afetados:
cupsys
Vulnerável:
Sim
Referência à base de dados de segurança:
No dicionário CVE do Mitre: CVE-2004-0923.
Alertas, notas de incidentes e vulnerabilidades do CERT: VU#557062.
Informações adicionais:

Um vazamento de informações foi detectado no CUPS (Common Unix Printing System), o Sistema Comum de Impressão Unix, que pode levar à revelação de informações sensíveis, como nomes de usuários e senha que são escritos nos arquivos de log.

O patch usado elimina apenas as informações de autenticação na URI do dispositivo que é registrada no arquivo error_log. Ele não elimina a URI das tabelas de processo e ambiente, que são o motivo pelo qual os desenvolvedores do CUPS não recomendam aos administradores de sistemas codificarem informações de autenticação na URI dos dispositivos.

Para a distribuição estável (woody), este problema foi corrigido na versão 1.1.14-5woody7.

Para a distribuição instável (sid), este problema foi corrigido na versão 1.1.20final+rc1-9.

Nós recomendamos que você atualize seu pacote CUPS.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.dsc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.diff.gz
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_alpha.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_alpha.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_alpha.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_alpha.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_alpha.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_m68k.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_m68k.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_m68k.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_m68k.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_m68k.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.