Dave Camp at Critical Path Software discovered a buffer overflow
in CUPS 1.1.23 and earlier could allow local admin users to execute
arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848).
The Red Hat Security Team also found two flaws in CUPS 1.1.x where
a malicious user on the local subnet could send a set of carefully
crafted IPP packets to the UDP port in such a way as to cause CUPS
to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash
Finally, another flaw was found in how CUPS handled the addition and
removal of remote printers via IPP that could allow a remote attacker
to send a malicious IPP packet to the UDP port causing CUPS to crash
The updated packages have been patched to correct these issues.
Corporate Server 3.0
71c1bd1c9099440da3e9afcfe4636525 corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm a73fba38dbcf62fd4c64590e5d754126 corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm 60b6e82788d5b0c51f68b0db44e31240 corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm 419d078e2df1396531c23cbbf2f2785d corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm 064e5b42b27c90602bf8e7c47200bef8 corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm
Corporate Server 3.0/X86_64
c33aff1c5bab9bce22f7a018f2fbfe7d corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm ba1cba41b479e332e8d43652af86756d corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm 211561645f6743343a0a9189ecd8e24e corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm d1cb2198f9b73cfb5d2ae3d69bacf12c corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm 104350956cda23c2e2f5bb05a22df9c7 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.