ID

VAR-200803-0013

CVE

CVE-2008-0047

TITLE

CUPS of cgiCompileSearch() Heap-based buffer overflow vulnerability in functions

DESCRIPTION

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in a denial of service. CUPS 1.3.5 is reported vulnerable; other versions may be affected as well. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1530-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans March 25, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0047 CVE-2008-0882 Debian Bug : 472105 467653 Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch3 We recommend that you upgrade your cupsys packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Stable updates are available for alpha, amd64, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz Size/MD5 checksum: 104776 b684811e24921a7574798108ac6988d7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.dsc Size/MD5 checksum: 1084 0276f8e59e00181d39d204a28494d18c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb Size/MD5 checksum: 927322 65b1ff3cb7b8bbbe3b334ee43875aac4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb Size/MD5 checksum: 45654 0b4ce3e9c2af460c5b694b906f450b12 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 1097006 45800a6b2c1dd7068843ade84480259d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 39262 4f645e439999611b07348ad50e4da57d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 174890 9affa7a1f2dc6548fcffb9a456181a3a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 86292 23431d4bfae9599caba759d4b0a3a8c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 94814 6be946280a3c9fadfd070f7284255df0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 1609104 ecdd9f65f8799605a1efeac0d4eae774 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 184372 7720c886672d63cdeb501314beacc4b5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 72428 2b4ed65a0a33b7cf32756c2b0cd925de amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 52858 badd0d21043714aa2c612b45323890a1 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 1574654 cf1c04e898f7380fdd338ecafb69185e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 85652 24c3d3e054306785ccc958f1894a2b18 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 142534 7ad95206e0e450f8df27c9d858809ddb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 162008 44f8d076b07194023c8ef4348a56e97a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 36352 5a4f9dc02fa0f8fb6936859c0fb1bd61 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 1086740 d466f2f5d8cb17ae0013dd99db5bcbb0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 80704 d45a4a7461defd4c6b96bbfc292e3183 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb Size/MD5 checksum: 1565044 7c19a56cb4a782487e104a01f31e0b47 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb Size/MD5 checksum: 37600 fa90419b34b6733ef32f13797e4606f3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb Size/MD5 checksum: 79892 7460f7b76d597bcb02bdc0fe5897a32a http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb Size/MD5 checksum: 86674 aebef9f4a309afdff01a7cce17b6f57b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb Size/MD5 checksum: 997608 e754dc8df237302fac7019754e42352b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb Size/MD5 checksum: 53418 b45cf2a324d52524244351d213c8be41 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb Size/MD5 checksum: 137686 b726701fdb3e8948e5111e2e831bf853 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb Size/MD5 checksum: 160080 c029e686ec624c2fdf156f885d1daf5c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 1770478 73e7565983c31c3e651dd55acb38c0c7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 203722 9d2b9b9d1c3999a3f4ccf7e5e446bd1a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 1107480 d0898394febd60b7bf80e1e4ff335a39 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 73934 5156c8db255299aa66053bb4415cde19 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 106208 db2ad0519d15ee795758f72b3c093068 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 106220 8228fb0ccf8cc888973731f2aa72c8c4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 192358 c1ee340a3e893b3f22adb138923167c2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 46324 771aaa1b244d01eacdd62e8e963d434f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mips.deb Size/MD5 checksum: 86208 03d9d365f1c41e2efc36fc1a19dcb813 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mips.deb Size/MD5 checksum: 1096636 65217c4fc57a23e065c9da14dfad6c9d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mips.deb Size/MD5 checksum: 1567240 46f2194418cb1d5800c44ae13bcd51ee http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mips.deb Size/MD5 checksum: 57520 02e313bad869d4c50a6dde506765633b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mips.deb Size/MD5 checksum: 157528 f42c10ade950e4faa4403da4e8d740c4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mips.deb Size/MD5 checksum: 76156 d4778055a8900dcb6eaf2100a8172b63 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mips.deb Size/MD5 checksum: 150976 5c00fd263eb81453450af5d5e79fe5b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mips.deb Size/MD5 checksum: 36114 4ba209d715050a942d0c9025869378fe mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 86404 41a26e5e4196385e67dddee0337c0ade http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 158050 1b5af4a50dcfe41ec2b35af9a47d40b3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 36060 09d1cfdfb2e925b3f846d22cf760ba11 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 1552652 67cf88cac0c510bec526c49025d7cbe0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 1084290 082931629866ea5a6aba940997698af7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 57694 6e120d7fc4a6643eb208333b30e7c5c9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 77448 f411d88639ee78a68d46ece45e91368f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 150900 09be1543e6cd767098a3af2a70791036 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 136866 623ea75ab7f6603f9ddc9276389c90ea http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 162686 5766c22ea9cad4f8e5acbf8dd6ad48f6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 87910 767921a7b2ed329a3107da1f0dbb7dda http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 41298 875908633ca26db04739a334b03c42c2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 89998 0c81d4c99f07d7b0cdcd91a2a9a6ad28 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 51788 87423f593d57c4c9d0cc80cfafa28f87 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 1142146 6c4479057269b64596d123d5cf859747 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 1575696 eb08aafdd1c60d707b874a31dcab67b4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_s390.deb Size/MD5 checksum: 166184 d748308d0a477ad16a42e25671f49dd9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_s390.deb Size/MD5 checksum: 37422 6a3f5390f4ff82bd1c8ef4d64f0fcc46 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_s390.deb Size/MD5 checksum: 1036106 08ad799adaeb1ccd9538048e685d69d6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_s390.deb Size/MD5 checksum: 87194 e881e70f5b31b800989f14fd4e97368f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_s390.deb Size/MD5 checksum: 52256 ec508d448806c889b0c79aed8d95cc3e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_s390.deb Size/MD5 checksum: 82340 c9ab3bc26da68abdde50d365b4224434 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_s390.deb Size/MD5 checksum: 144934 61cf1f32851be64340ffb36b266ee0a7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_s390.deb Size/MD5 checksum: 1586624 1921d0bc3b7b03d4ed952ecb4b0b561b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 78500 74d7872d04914d26d5a4baa768437603 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 51572 93fd782dbbc7148c9f96b18ad7ebe111 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 84622 6eb7012156c87266af9802d38f1dd366 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 158596 68ca94de2c329c162ae40ac5b79af29b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 36018 61ffbfc960bea5c6fda52ffefa8886b7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 991000 3135666aadf8d4f4cd273fbd7d50cfca http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 139570 e281ec84c08bcac3f54d5017b6917e0b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 1561792 21cd9a3e1e89ba96aa11890858194b82 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH6RVAYrVLjBFATsMRAozSAJ9kTMEJ+adGZ1Sn0N6kOyhCmJU0HACeK7Xp 2NTRUT1F1Cu9Xrm9EGvmg3M= =Fgu/ -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-598-1 April 02, 2008 cupsys vulnerabilities CVE-2008-0047, CVE-2008-0053, CVE-2008-0882, CVE-2008-1373 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.8 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.3 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.3 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.6 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0047) It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0053) It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882) It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1373) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.diff.gz Size/MD5: 97650 b7ac4b760066920314d4596541cf716e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.dsc Size/MD5: 1049 26e617c4b5c0848d56f872895e279a86 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.8_all.deb Size/MD5: 998 c7d4013c3b9e3655e2fd2e9719d4d2af amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 36218 9eff8fd692afe5ae17ca80f269a0ca6b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 81906 ac05150f42e5671c5cdc73ba8f85cb5b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 2286026 acd4a48c676556fc7260bbd86db0416b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 6096 3df7829bfb8766de94a4ef2ff0be824f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 76654 0d67c8599d4e2accf4f7ee31b498fdc7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 25758 14617ef9d38146ceaf89b4e9775e2fb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 129498 5cd8c821b31dddde0c200a61570d48b6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 34766 88ac5bced1d508f9695b4b4f4ae0f82a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 77988 84db3f3ad17936d5015a26353c55bc6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 2253492 2cc1ec94caf6344a555ece9f69b51fe2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 6088 00226da0a854f64bd5b18ace219de031 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 75744 73038a225d7301b4b5f8085219c97c81 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 25740 52699a4b9dea621f4332db5856f8b574 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 121718 2e904399c40c9f83e451bb2e964820c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 40464 7e6bd3ec6312eef104737ffed5e19c3c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 89542 8b9353d17d9402495f2404a9ab837b92 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 2300680 65597d07917b8753a0af6f6aae1276db http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 6096 d6cb4780e6f4545bc8566cce92fb8346 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 78442 c75b4f47491227c2504649902a040855 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 25742 372a1c972e97e1722a844430780ae6c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 127478 afad79a272bbe434675f24d7a3ca91ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 35396 b44ad7e913ff064d2a3fb73121771686 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 78724 a8bff0942be4b14ece6dde8fd38b6f5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 2287122 2415f6a5410a63b98ba32ecdf8fbcfb7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 6094 384dc8a7b9c8dfbefa42d7b5fbb836c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 75678 6258f4d4c1b55d90b34cee1caa12dc35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 25740 ca7f1a4412f42d739d51c1ddbc09045a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 123214 801292f8a2652b579a82b7a7c52e9ffd Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.diff.gz Size/MD5: 111410 fb84af4bcf007f2f7299394e0be32412 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.dsc Size/MD5: 1059 430be555857b7aa5cc01431466487aaf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.3_all.deb Size/MD5: 870052 97e82b21269a8bb5e7ac995cc4cb665d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 36706 eb308fea40f4b7d159304b4b875b2329 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 82506 3b04032674acc75d3184f537af144d3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 1480680 18b1537c8238b225e6ba2bb51570b942 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 6122 b324305be458b5207d242efc230d06c1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 95522 fce843ba1e5c51ec7a8161f0a0828acc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 26138 041e52bad239d993b22d65873705a751 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 172282 cf3fd3c84c83b36aa453ca2e071ab74c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 36260 c2daeb19fee1ebfe794be09ebefef1c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 80108 c599f739a103867967a78f91569db74e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 1463912 d22879a24e9f1ff1d12e7845ad596cc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 6124 01628551a9fc66423789f02853d0d9ba http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 95352 b6084c36087da3aa1a3c8d44f9a9d0a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 26142 838499ddbf886c5514ef11c6e4bdeda9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 169404 8262471b1cdb9991fbde554a31c74508 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 41802 b703ca8629e5df46fc1f1d45acd20581 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 91148 caca2486db7794b133539af9b939a607 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 1498496 0662d077dfae2d1b6b00db7a0966366b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 6128 792c5ee645b0f7a7e1d63d9206348c52 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 97682 b37660eb88a487e5f7c49b9ed6f1c937 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 26144 b834556e6374093f5652754dd8c0ff6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 172694 3174ff36eaa0bc4ac7f4df02299413ca sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 36292 2cd1ea5a42eff193ca8a4c2ec53aefa1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 80238 10b95fff38cb0436cf30a30e683cc27d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 1489214 119f077088e3b2009c896fd395448717 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 6128 204a14898a9508a980e71d33792cfb59 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 94574 a87580c3fd22da592dd5496190afb871 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 26142 e7b959209cad884220bb1cacb2cd0555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 168700 1f717ec06409999b5a40bb89dcedb5b0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.diff.gz Size/MD5: 156263 0147ec4c77b27e20df2a3ad514c2dd8e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.dsc Size/MD5: 1143 7fb2ad1b1c8e57b09805fc9d6c1e027d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.3_all.deb Size/MD5: 926414 97df229c931f7eb05af5a5cb623635ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 37412 20fb406aae21e63dc8c9723e178505af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 83238 9aa9eb876585e32757c83783d79b0a02 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 1638304 7673386b3a9d63c09bd3647cf5dad877 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 56378 32e2acb4fe5ef7aab8b8896a8d40166c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 104324 649109ddb522145730c67b93a870eefe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 144860 c0fb60ebae640e565607f0cdfd7094b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 182344 204887dda2791a61417415c4466a51d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 36722 22030307f71a44ca7b30921aef0bf46a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 80738 c92706978d65b9a409d93e704c5662b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 1620944 bc9a1e338567e27aee10cded16abbcc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 55472 15cd34697cca79ee83498691da531d37 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 104028 3d13c92bf5f0c9a26f3a8ba534dc6dec http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 139332 c33597e3bbce0d41df0efe84c2b59377 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 178604 a93713bb9b422a0460d42dc35eb7f8b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 46768 682b1e104c73d8820a5b39ba79de7883 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 101104 78dcf70528f5682b2499efa0b03f6a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 1695542 06c8b6b43afa525b07718d410eed6438 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 56226 27ce8328e4cfc184ef64fdfe5bcf1b45 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 109886 607c9d1bdc4eaf3627031f98f59948be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 141172 501aee8031dd71ce2166e79bfca04129 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 188236 ccbcdb277477728c10dac36435924085 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 37788 7da1fb58e7d4b6bfd71ed47b1ba5d201 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 83750 69a59033ea6458f3f82046aee46ba4bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 1658908 b35167112445c8bc3c1281604412f534 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 54756 b877de97919e00870c84850b1e074555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 103574 204efb55b2d46f00cd4f8ddc429d805f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 141742 5e411c3199e1a1296dbd7cd7c6958e1a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 177884 4e1b218fd113193e4cf149aea90ec6c7 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.diff.gz Size/MD5: 125298 81ae6b42c7dd12a1797a63d19c644a8c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.dsc Size/MD5: 1218 c56faedc440fc2b16f9a1f396a607d1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.6_all.deb Size/MD5: 1080444 5d01f105292a526744e5622a14a9aed4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 37204 c3425972caa02e7a25321f49d47c6f9b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 89504 5411f2454e0d2a0323e9951cb15a534d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 2034570 c8d6548bd1ba7cb841b196e762da492c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 59890 150d59889adc8fd0cb185989876a355d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 46780 e15952781e93e862194d453320605bbc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 152020 32c671873dfad4e39104da5c3a6e935e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 186028 1a1404a7d67078e31c8819bf3d8d4dae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 36476 a982fce3918a91c74e92fb515f1c6d65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 86484 0e4d80917e070f7b2f109de81f96bc4d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 2018116 cff3abb1b69d797d616e73c93885de3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 58634 6d2590c49af04215519a87e857463652 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 46140 0ebe76bdf799336e0b2d01d0a0eca72c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 145694 6766e6515de26b782e211840f330b93e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 182802 c62bc1107e748c200e6969a239ae8b9b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 46498 044a54c557dd4006bb40a13dd2c2b156 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 107752 76e4020feb1778e713389fc6bdb86ea9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 2099222 73d517a40d877a238856a232e6be64c9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 59342 8530840cf85bf44c8803fd064b61e1f7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 51716 9d30c790a4b94ac07670d7e15c2e41ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 146948 f73327e30e2778bdcf4543c04855e6a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 191752 46d534c4c477657ab03419d18f91728f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 37564 1771f3f6f2ceb1864696801f7f420e93 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 89606 69149447dbd4e3b36185bd977202f837 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 2060610 ed932d7ee05e745bc0af647d361e7d99 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 57900 7369866ac9adb6abd966e2d1e2f95b42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 45440 60eda5d4cc12eb2c35817d6c0d4ef43a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 148476 8e1d119a91b8c6d8d15032b27a498235 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 181842 8283739361474f00d65f9bf52d7c0e3d . Finally, a vulnerability in how CUPS handled GIF files was found by Tomas Hoger of Red Hat, similar to previous issues corrected in PHP, gd, tk, netpbm, and SDL_image (CVE-2008-1373). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 4ecbfe664ba6820bf06dc406133e265c 2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm 6d51733a95884e36cca9570738537ff6 2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm abe0591d8b2b390a82dffcd2fed43b14 2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm 91ffe19d342810de71e056e213056552 2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm 71fd9246da1e48b2dc6a60ceeae41e48 2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm bd0f3b69fe5dc7bddd6c121200db014d 2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: d9423a942f4f779959cfe489866b52f5 2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm 8b13ba591a7dc53c658876dae447ce17 2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm 9e434edde16c05fded1b706adaae859d 2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm 9733f3116c8488148471af3d5bdafd16 2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm fbb5010088c23aa2cf635875179adc3c 2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm 00e05d49f33ef5d0067287ef1a27246c 2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.1: dc81f96bd48732eed770b0090b333695 2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm 3545d312400a8f5aad55e323d2ff3543 2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm f4656b26df51f63813a49006415a783b 2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm ab1869c8ddeda927fdfbc49c386756f1 2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm 5de192ed26380212896fcd376a1b3e23 2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm a347c58fc3e76e064cabf8425d0245ab 2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1faa57f00d0577f6d25cddf7fccd7edb 2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm 26a14fabfef38f2fd4ab88c6184d4e2f 2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm b5a49bfbeb004af58e1e5f9c1660dece 2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm 6b81f4e888dec6e94231b01fd5d162bf 2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm 256313a9ac10203a7d59deb6ff0a3da0 2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm 41e268b0e9e8a5e256c9af6192dfcae0 2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 27ee99856a1c4448cdee618f2db8ae52 2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm 09a6026a683b1ea029b63b0480aa2d4b 2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm 7974c9c3a572a389fea83250cd57c8e1 2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm a6432e417d401b7900113763255bf8c3 2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm cfb0fd68a1d60f1dfa985da0bb79190f 2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm aba1862f9db0e18f09d581ef0a95fde8 2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b18f356dc9fc5cda784e576e3f20a801 2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm bccc98b2ad3205d2c301036ba9d28f61 2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm 1c1837c8a8eb04609daa405553ab7fe8 2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm 5748bf84c1239e2b4255446cbf6c8285 2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm bd593d10e724d5fcb41a474ceb985996 2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm f2db5dfbb8dc8327965a45a5d88e0b6d 2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Corporate 3.0: 21bb1e12de3ad442d1abcf6b748e4612 corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm 0b98a618d204f1cb5d93cfc8bc17ce04 corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm b4d7d4823f4a052f1b88de95c15fdd35 corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm 15ff4fca1070bde09536ef5c152f93fa corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm 29a49e9cd1dab4afc7d4b45f756db2ec corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 3.0/X86_64: f977134efb9f309911bfc1b4850e82f0 corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm 36fff0b8424e4f651e6f055c70008521 corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm 696c4e4cc405b9ca56f22819fa2f818b corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm 942d626665fe5a05f879411e7ca80030 corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm e191a6945b87e3b33617a3de06561d3e corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 4.0: a091b07a3a414304cf24e76ab99d3afe corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm 4cabdbd655b65028ee5bdfb3452f4506 corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm 534437dd5a286f0484df0e2cdfd9e636 corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm 0dd449c47be977964034d699749738f7 corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm 6aad89786cfec35bc5e81eb3a1dc8cd4 corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm fc46181aa746a4f637d66681fb975560 corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7c7624e35383c614691e4063215f8d65 corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 17f29e8614a988900a09305adfd1c85b corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm 773484820406d7285608081cb7e262d2 corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm a53e7a817a42ccc1ac5a5daa7602c4d8 corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm ad933e76d237bbb83bf568071566ba37 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm 4c6d20646db4de2ab03907c9b6705067 corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH88NLmqjQ0CJFipgRAvgQAJ9PyMfRvtdcft3hCuqCnGg+4dLucQCgrz1i QDjzjtxa/ZH8ibtkLnEJNvQ= =7iZK -----END PGP SIGNATURE----- . iDefense Security Advisory 03.18.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 18, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. For more information, visit the vendor's website at the following URL. http://www.cups.org/ II. CUPS listens on TCP port 631 for requests. This interface provides access to several CGI applications used to administer CUPS and provide information about print jobs. By passing a specially crafted request, an attacker can trigger a heap based buffer overflow. III. Depending on the underlying operating system and distribution, CUPS may run as the lp, daemon, or a different user. In order to exploit this vulnerability remotely, the targeted host must be sharing a printer(s) on the network. If a printer is not being shared, where CUPS only listens on the local interface, this vulnerability could only be used to elevate privileges locally. IV. V. WORKAROUND Disabling printer sharing will prevent this vulnerability from being exploited remotely. However, local users will still be able to obtain the privileges of the CUPS service user. VI. VENDOR RESPONSE Apple Inc. has addressed this vulnerability within Security Update 2008-002. For more information, visit the following URL. http://docs.info.apple.com/article.html?artnum=307562 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0047 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/26/2008 Initial vendor notification 02/26/2008 Initial vendor response 03/18/2008 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: April 01, 2008 Bugs: #211449, #212364, #214068 ID: 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.2.12-r7 >= 1.2.12-r7 Description =========== Multiple vulnerabilities have been reported in CUPS: * regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047). * Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373). Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7" References ========== [ 1 ] CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 [ 2 ] CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 [ 3 ] CVE-2008-0882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 [ 4 ] CVE-2008-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

regenrecht

SOURCES

LAST UPDATE DATE

2024-11-24T20:42:32.461000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE