----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.

Download and test it today:
https://psi.secunia.com/

Read more about this new version:
https://psi.secunia.com/?page=changelog

----------------------------------------------------------------------

TITLE:
SUSE update for cups

SECUNIA ADVISORY ID:
SA29251

VERIFY ADVISORY:
http://secunia.com/advisories/29251/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
>From local network

OPERATING SYSTEM:
SuSE Linux Enterprise Server 8
http://secunia.com/product/1171/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
openSUSE 10.2
http://secunia.com/product/13375/
openSUSE 10.3
http://secunia.com/product/16124/
SUSE Linux 10.1
http://secunia.com/product/10796/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for cups. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Two vulnerabilities are caused due to a memory leak and a double free
error when adding or removing remote shared printers via IPP. This can
be exploited to crash the CUPS daemon by e.g. exhausting all available
memory or causing memory to be freed twice by sending specially
crafted IPP packets to a vulnerable service.

For more information about the third vulnerability:
SA28994

SOLUTION:
Apply updated packages and restart cups.

x86 Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-22.9.i586.rpm
58a5a276cce67effbd6fbe8154bbfb61

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-1.2.12-22.9.i586.rpm
6d40b6ce8b5fd0a72cd25d8f6fbf8859

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1.2.12-22.9.i586.rpm
9b3055b00b3ca8ff417b72a981b9e301

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.2.12-22.9.i586.rpm
8f8e73fe3aece7a53f4f51bfce87d921

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.11.i586.rpm
ce2f6be0cf30e3b71b646e62a029cb79

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.11.i586.rpm
0a23fa9760a2a88cd1e8451b8d5b48a6

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.11.i586.rpm
b87ce06a93ee2ef1062153b2a8689749

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.11.i586.rpm
7fc972995c533e45ce7577545576e1b9

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.38.i586.rpm
4ef1069e44543a4e07048b21128c19a3

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.38.i586.rpm
a0ed40efdfa03596535ff90d990409cb

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.38.i586.rpm
f205135dea30ff1079e342e86ac0c240

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.38.i586.rpm
3e82329efd71ea8987c6f5ad06f1dcc3

Power PC Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-22.9.ppc.rpm
1de1c175ed2609c7b6fb17adf619a3bd

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1.2.12-22.9.ppc.rpm
e9b59c6c02679bf8ef010fdc9133211e

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.2.12-22.9.ppc.rpm
c82e8802db9f891d8d0b8ee4ca6f1b0c

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2.12-22.9.ppc.rpm
46fd5eddc31037acd8a26bcb11d351d4

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.11.ppc.rpm
3d688a3ec198f3c9a31951caf95ddbb6

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.11.ppc.rpm
e50f0eca33d3666c938648fafd472e1b

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.11.ppc.rpm
cffbbe682c5970e95a42af1c2a5321d5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.11.ppc.rpm
aef41b836d4b0f71daa623ae0fead618

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.38.ppc.rpm
9878a85c10c4c1299a6f6e8d7887d701

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.38.ppc.rpm
074944cc0244f49ea5ca0c39866e5e85

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.38.ppc.rpm
aed89c7c4d0832c7df289cf28b73cfe9

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.38.ppc.rpm
6fb7c82e682182e4e584ede96c87f2de

x86-64 Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.12-22.9.x86_64.rpm
fd8d905a8129fdcf79f17b6c35a1e99c

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-client-1.2.12-22.9.x86_64.rpm
eb74b82bc67cd0bf048ac75d56e86c54

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.9.x86_64.rpm
30a69685925386b6fd6a287463f5c596

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.9.x86_64.rpm
c47e7346ffa3054b9e79b06f4a68f4da

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.9.x86_64.rpm
15784eb2174e331113e3fd7f313fcf38

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.11.x86_64.rpm
3ed2e2dbb567a458071bf2f15e36fcab

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.11.x86_64.rpm
746c10e52f6e34b004906dcb705b4d3f

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.11.x86_64.rpm
becb337fcdc4e04325d8abe940056751

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.11.x86_64.rpm
2eeec7af8a643fa95bdf38f9e00b67fa

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12.11.x86_64.rpm
1f7552edbbc1c7d06c7c68924f3bce8d

SUSE LINUX 10.1:

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.38.x86_64.rpm
e987389ac8c86b42e35c8ec7937b837d

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.38.x86_64.rpm
a8daa44c9179ab1fd4fbeee199861658

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.38.x86_64.rpm
ce844e64c5340593a9da6828afe279b9

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.38.x86_64.rpm
e5548c55b068f015d7e18f5e02e7ce2e

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-40.38.x86_64.rpm
5d2a7df4d6c7c38f2fd0be0860fcee70

Sources:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-22.9.src.rpm
c8beb8c8be3b611388b81bd3e7c3d9b0

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.11.src.rpm
6a7c78bf03906366efc3c7b996db0382

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.38.src.rpm
6fadf975197cd21eb83174d32ee192c7

Open Enterprise Server

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

Novell Linux POS 9

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

Novell Linux Desktop 9

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

SuSE Linux Enterprise Server 8

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

SUSE Linux Enterprise Server 10 SP1

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

SUSE Linux Enterprise Desktop 10 SP1

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

SUSE SLES 9

http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html

ORIGINAL ADVISORY:
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html

OTHER REFERENCES:
SA28994:
http://secunia.com/advisories/28994/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------