ELSA-2010-0490

Опубликовано: 17 июн. 2010

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2010-0490: cups security update (IMPORTANT)

[1:1.3.7-18:.4]

Don't set domain= for cookies.

[1:1.3.7-18:.3]

Save classes.conf when a class member printer is deleted (bug #594621, STR #3505).

[1:1.3.7-18:.2]

Applied patch for CVE-2010-1748 (web interface memory disclosure, STR #3577, bug #591983).
Applied patch for CVE-2010-0542 (texttops unchecked memory allocation failure leading to NULL pointer dereference, STR #3516, bug #587746).
Applied patch for CVE-2010-0540 (CUPS administrator web interface CSRF, STR #3498, bug #588805).

[1:1.3.7-18:.1]

Update classes when a printer is removed (bug #581902).

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

cups

1.3.7-18.el5_5.4

cups-devel

1.3.7-18.el5_5.4

cups-libs

1.3.7-18.el5_5.4

cups-lpd

1.3.7-18.el5_5.4

Oracle Linux x86_64

cups

1.3.7-18.el5_5.4

cups-devel

1.3.7-18.el5_5.4

cups-libs

1.3.7-18.el5_5.4

cups-lpd

1.3.7-18.el5_5.4

Oracle Linux i386

cups

1.3.7-18.el5_5.4

cups-devel

1.3.7-18.el5_5.4

cups-libs

1.3.7-18.el5_5.4

cups-lpd

1.3.7-18.el5_5.4

Связанные CVE

CVE-2010-0540

CVE-2010-0542

CVE-2010-1748

Ссылки на источники

Связанные уязвимости

CVE-2010-0540

ubuntu

около 15 лет назад

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

CVE-2010-0540

redhat

около 15 лет назад

CVE-2010-0540

nvd

около 15 лет назад

CVE-2010-0540

debian

около 15 лет назад

Cross-site request forgery (CSRF) vulnerability in the web interface i ...

GHSA-hfwh-42mw-69v8

github

около 3 лет назад