-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: 	SCOSA-2006.21
Issue date: 		2006 April 18
Cross reference:	fz533446
			CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 
______________________________________________________________________________


1. Problem Description

	Some vulnerabilities have been reported in CUPS, which can
	be exploited by malicious people to cause a DoS (Denial of
	Service) and potentially to compromise a vulnerable system.
	
	The vulnerabilities are caused due to the use of a vulnerable
	version of Xpdf.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the names CVE-2005-3191,
	CVE-2005-3192, and CVE-2005-3193 to these issues.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4			Cups package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21


	4.2 Verification

	MD5 (p533446.714.image) = 1bbbd92df9260f0ac32cf27ad03b4532

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download p533446.714.image to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/p533446.714.image


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
		http://secunia.com/advisories/17976/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533446.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFERlkmaqoBO7ipriERAk7zAJ0Q+vs/nCHC44LI9s1Am73hFqJacACfYkhQ
OwhdzIoyILAJA3ZkI1bpi/A=
=s7Zo
-----END PGP SIGNATURE-----