PROBLEM: | Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). |
PLATFORM: | Debian GNU/Linux 4.0 (etch) |
DAMAGE: | Possibly run arbitrary code. |
SOLUTION: | Upgrade to the appropriate version. |
VULNERABILITY ASSESSMENT: |
The risk is LOW. Could possibly run arbitrary code through crafted HP-GL and GIF files. |
CVSS 2 BASE SCORE: TEMPORAL SCORE: VECTOR: |
6.5 5.4 (AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C) |
LINKS: | |
CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/s-371.shtml |
ORIGINAL BULLETIN: | http://docs.info.apple.com/article.html?artnum=307430 |
CVE: | CVE-2008-0053 CVE-2008-1373 CVE-2008-1722 |
[***** Start Debian Security Advisory DSA-1625-1 *****]
Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems:
Buffer overflows in the HP-GL input filter allowed to possibly run arbitrary code through crafted HP-GL files.
Buffer overflow in the GIF filter allowed to possibly run arbitrary code through crafted GIF files.
Integer overflows in the PNG filter allowed to possibly run arbitrary code through crafted PNG files.
For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch4 of package cupsys.
For the testing (lenny) and unstable distribution (sid), these problems have been fixed in version 1.3.7-2 of package cups.
We recommend that you upgrade your cupsys package.
MD5 checksums of the listed files are available in the original advisory.
[***** End Debian Security Advisory DSA-1625-1 *****]
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org