Yellow Dog Linux Security Announcement
--------------------------------------

Package:	cups
Issue Date:	Jun 02,2003   
Priority:	medium
Advisory ID: 	YDU-20030602-3


1. 	Topic:

	Updated cups packages are available.


2. 	Problem:

	"Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
	(Internet Printing Protocol) implementation. The IPP implementation is
	single-threaded, which means only one request can be serviced at a time.
	An attacker could make a partial request that does not time out and
	therefore creates a denial of service. In order to exploit this bug, an
	attacker must have the ability to make a TCP connection to the IPP port (by
	default 631).

	All print servers using CUPS should upgrade to these erratum packages,
	which contain a patch and are not vulnerable to this issue."

	(From Red Hat Advisory)

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install cups  

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/cups-1.1.17-13.3.ppc.rpm
			ppc/cups-devel-1.1.17-13.3.ppc.rpm
			ppc/cups-libs-1.1.17-13.3.ppc.rpm

		Yellow Dog Linux 2.3
                ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/cups-libs-1.1.14-15.4a.ppc.rpm
			ppc/cups-devel-1.1.14-15.4a.ppc.rpm
			ppc/cups-1.1.14-15.4a.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
fa9716894a5292c3effeef6745ac0e7a  SRPMS/cups-1.1.17-13.3.src.rpm
7995a34dae24ac2ddd77822ada6d70f4  ppc/cups-1.1.17-13.3.ppc.rpm
c7bbbb1c7557557f7f2399f580a1795b  ppc/cups-devel-1.1.17-13.3.ppc.rpm
37c54d8fe1890d10074496066ce38cd0  ppc/cups-libs-1.1.17-13.3.ppc.rpm

[Yellow Dog Linux 2.3]
fe0b6b31f7b384a511e1edcdc9140344  SRPMS/cups-1.1.14-15.4a.src.rpm
53742c10a32a77c15701d475e8e7835d  ppc/cups-libs-1.1.14-15.4a.ppc.rpm
e6a8abe34ed983bbdb7dc311fbe01493  ppc/cups-devel-1.1.14-15.4a.ppc.rpm
b76841f48824845add70dac449f29edc  ppc/cups-1.1.14-15.4a.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml