Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2010-0490)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122351

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2010-0490)

Resumen: The remote host is missing an update for the 'cups' package(s) announced via the ELSA-2010-0490 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cups' package(s) announced via the ELSA-2010-0490 advisory.

Vulnerability Insight:
[1:1.3.7-18:.4]
- Don't set domain= for cookies.

[1:1.3.7-18:.3]
- Save classes.conf when a class member printer is
deleted (bug #594621, STR #3505).

[1:1.3.7-18:.2]
- Applied patch for CVE-2010-1748 (web interface memory disclosure,
STR #3577, bug #591983).
- Applied patch for CVE-2010-0542 (texttops unchecked memory
allocation failure leading to NULL pointer dereference, STR #3516,
bug #587746).
- Applied patch for CVE-2010-0540 (CUPS administrator web interface
CSRF, STR #3498, bug #588805).

[1:1.3.7-18:.1]
- Update classes when a printer is removed (bug #581902).

Affected Software/OS:
'cups' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0540
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 40871
http://www.securityfocus.com/bid/40871
Debian Security Information: DSA-2176 (Google Search)
http://www.debian.org/security/2011/dsa-2176
http://security.gentoo.org/glsa/glsa-201207-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382
http://www.securitytracker.com/id?1024122
http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535
Common Vulnerability Exposure (CVE) ID: CVE-2010-0542
BugTraq ID: 40943
http://www.securityfocus.com/bid/40943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365
http://securitytracker.com/id?1024121
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1748
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122351
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2010-0490)
Resumen:	The remote host is missing an update for the 'cups' package(s) announced via the ELSA-2010-0490 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cups' package(s) announced via the ELSA-2010-0490 advisory. Vulnerability Insight: [1:1.3.7-18:.4] - Don't set domain= for cookies. [1:1.3.7-18:.3] - Save classes.conf when a class member printer is deleted (bug #594621, STR #3505). [1:1.3.7-18:.2] - Applied patch for CVE-2010-1748 (web interface memory disclosure, STR #3577, bug #591983). - Applied patch for CVE-2010-0542 (texttops unchecked memory allocation failure leading to NULL pointer dereference, STR #3516, bug #587746). - Applied patch for CVE-2010-0540 (CUPS administrator web interface CSRF, STR #3498, bug #588805). [1:1.3.7-18:.1] - Update classes when a printer is removed (bug #581902). Affected Software/OS: 'cups' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0540 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 Debian Security Information: DSA-2176 (Google Search) http://www.debian.org/security/2011/dsa-2176 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:233 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382 http://www.securitytracker.com/id?1024122 http://secunia.com/advisories/40220 http://secunia.com/advisories/43521 http://www.vupen.com/english/advisories/2010/1481 http://www.vupen.com/english/advisories/2011/0535 Common Vulnerability Exposure (CVE) ID: CVE-2010-0542 BugTraq ID: 40943 http://www.securityfocus.com/bid/40943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365 http://securitytracker.com/id?1024121 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723
Copyright	Copyright (C) 2015 Greenbone AG