MDVSA-2010:233 -- Mandriva cupsID: oval:org.secpod.oval:def:300104 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings . ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted IPP request . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.1 |