COMMAND

    cupsys

SYSTEMS AFFECTED

    Linux

PROBLEM

    Following is based  on a Debian  Security Advisory.   Mandrake has
    recently released  a security  advisory against  CUPS raising  two
    issues:

        1. CUPS sends broadcast packets, which can keep dial-on-demand
           lines up and otherwise irritate network administrators.
        2. CUPS has a rather vague problem to the effect of  "everyone
           on the Internet can get to your printers".

    The first problem is not a problem either in Debian's potato (2.2)
    or woody  (unstable).  Their cupsys  packages  are  shipped   with
    browsing turned off by default.

    The second problem has to do with CUPS's configuration.  CUPS does
    access control in  a similar way  to Apache, and  is configured by
    default  in  a  similar  way  to  Apache.   This  isn't   terribly
    appropriate in the case of allowing people to attach to  printers.
    Administrative  tasks  still  aren't  allowed,  but Internet users
    could (for example) run all the paper out of your printer.  Debian
    as  shipped  in  potato  and  woody  is  vulnurable to this latter
    problem.

SOLUTION

    The fix is simply to configure access control to reflect your real
    wishes, which is done in  /etc/cups/cupsd.conf.  This can be  done
    with the current packages (in  both potato and woody) for  Debian.
    This has been fixed in version 1.0.4-8 (or 1.1.4-2 for unstable):

        http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-8.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-8.dsc
        http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys-bsd_1.0.4-8_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-8_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1-dev_1.0.4-8_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1_1.0.4-8_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys-bsd_1.0.4-8_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-8_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1-dev_1.0.4-8_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1_1.0.4-8_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys-bsd_1.0.4-8_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-8_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1-dev_1.0.4-8_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1_1.0.4-8_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys-bsd_1.0.4-8_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-8_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1-dev_1.0.4-8_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1_1.0.4-8_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys-bsd_1.0.4-8_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-8_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1-dev_1.0.4-8_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1_1.0.4-8_powerpc.deb
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4-2.diff.gz
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4-2.dsc
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cupsys_1.1.4.orig.tar.gz
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/devel/libcupsys2-dev_1.1.4-2.deb
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/libs/libcupsys2_1.1.4-2.deb
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys-bsd_1.1.4-2.deb
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys-client_1.1.4-2.deb
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cupsys_1.1.4-2.deb