ID

VAR-200812-0322

CVE

CVE-2008-5286

TITLE

CUPS of _cupsImageReadPNG Integer overflow vulnerability in functions

DESCRIPTION

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. Common Unix Printing System(CUPS)是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务. CUPS PNG过滤器的_cupsImageReadPNG()函数中执行了以下计算： bufsize = img-＞xsize * img-＞ysize * 3; if ((bufsize / (img-＞ysize * 3)) != img-＞xsize) { fprintf(stderr, \"DEBUG： PNG image dimensions (\\%ux\\%u) too large!＼n\", (unsigned)width, (unsigned)height); fclose(fp); return (1); } 验证代码的img-＞ysize * 3可能会出现整数溢出，导致执行任意代码. CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to CUPS 1.3.10 are vulnerable. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. For the stable distribution (etch) this problem has been fixed in version 1.2.7-4etch6. For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in version 1.3.8-1lenny4. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent components: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4 Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb AMD64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa EwALyW+6s+Lgp2d1GI2ong4= =R0SH -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: CUPS "process_browse_data()" Double Free Vulnerability SECUNIA ADVISORY ID: SA28994 VERIFY ADVISORY: http://secunia.com/advisories/28994/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: CUPS 1.x http://secunia.com/product/921/ DESCRIPTION: A vulnerability has been discovered in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerability is caused due to an error within the "process_browse_data()" function when adding printers and classes. This can be exploited to free the same buffer twice by sending specially crafted browser packets to the UDP port on which cupsd is listening (by default port 631/UDP). The vulnerability is confirmed in version 1.3.5. SOLUTION: Update to version 1.3.6. PROVIDED AND/OR DISCOVERED BY: Reported as a CUPS bug by h.blischke. ORIGINAL ADVISORY: http://www.cups.org/str.php?L2656 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:028 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : January 24, 2009 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference (CVE-2008-5183). The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions (CVE-2008-5184). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9ff1555139c59b89ea0623dfdfff4de5 2008.0/i586/cups-1.3.6-1.4mdv2008.0.i586.rpm 3cda60090d2108259f55cdbc6cf372e5 2008.0/i586/cups-common-1.3.6-1.4mdv2008.0.i586.rpm 1fbbbf89a0341cf430905757bdc6c355 2008.0/i586/cups-serial-1.3.6-1.4mdv2008.0.i586.rpm f6eb5a73b984f77e851cb39826ba26a1 2008.0/i586/libcups2-1.3.6-1.4mdv2008.0.i586.rpm e8279e8427ef9c3ec9536abe94038423 2008.0/i586/libcups2-devel-1.3.6-1.4mdv2008.0.i586.rpm 9974e6ad715a853706ec26acf9ca73c3 2008.0/i586/php-cups-1.3.6-1.4mdv2008.0.i586.rpm 6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 355ce3cfb79a4aebbdabedb206a32e05 2008.0/x86_64/cups-1.3.6-1.4mdv2008.0.x86_64.rpm e3a2b95ac7138318d6cefab0fdf3face 2008.0/x86_64/cups-common-1.3.6-1.4mdv2008.0.x86_64.rpm fb0abf9e3d492edd06876b7d4cebe784 2008.0/x86_64/cups-serial-1.3.6-1.4mdv2008.0.x86_64.rpm 5b5196b27e24fb6ad910563ed884ce2e 2008.0/x86_64/lib64cups2-1.3.6-1.4mdv2008.0.x86_64.rpm e8b1cdbba7283ff2e9b76eb498f508d0 2008.0/x86_64/lib64cups2-devel-1.3.6-1.4mdv2008.0.x86_64.rpm 178ca59986af801a2c29611fa16ce2dd 2008.0/x86_64/php-cups-1.3.6-1.4mdv2008.0.x86_64.rpm 6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm Mandriva Linux 2008.1: 93a94c922f72f8844e232ed779a8c66c 2008.1/i586/cups-1.3.6-5.3mdv2008.1.i586.rpm eccb6a07dd53dbbeb490675c2cf311f0 2008.1/i586/cups-common-1.3.6-5.3mdv2008.1.i586.rpm 2ad9c7135f6d8a2217d34055ca8f57b3 2008.1/i586/cups-serial-1.3.6-5.3mdv2008.1.i586.rpm 62d4efcf07165da647db08d6636ac596 2008.1/i586/libcups2-1.3.6-5.3mdv2008.1.i586.rpm f0779950606ab9fa83b9de410a7beb70 2008.1/i586/libcups2-devel-1.3.6-5.3mdv2008.1.i586.rpm d0bd96dc1aec2dab736d538a7bd49a2b 2008.1/i586/php-cups-1.3.6-5.3mdv2008.1.i586.rpm abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 64aca60db93cd3886f58823155e2f982 2008.1/x86_64/cups-1.3.6-5.3mdv2008.1.x86_64.rpm 2cb2d9467430c4619ed23d37099ad2cc 2008.1/x86_64/cups-common-1.3.6-5.3mdv2008.1.x86_64.rpm 69b5f842144013c41c946783c898c1db 2008.1/x86_64/cups-serial-1.3.6-5.3mdv2008.1.x86_64.rpm 243a0d7da4c4e24ac8c7571a202e1627 2008.1/x86_64/lib64cups2-1.3.6-5.3mdv2008.1.x86_64.rpm 2d4bbbd60d026d3bc272001d447dc5ae 2008.1/x86_64/lib64cups2-devel-1.3.6-5.3mdv2008.1.x86_64.rpm e1a2d953fdc0dbb7eda2097f0e4c38e9 2008.1/x86_64/php-cups-1.3.6-5.3mdv2008.1.x86_64.rpm abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJe0RhmqjQ0CJFipgRAsXFAKDBJeogydK5chEfSmEpHuVXDsC6xQCgq+vl JbRgydRjIpXNqGzlnNrqXZI= =2ydF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.3.9-r1 >= 1.3.9-r1 Description =========== Several buffer overflows were found in: * The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI) * The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI) * The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense) * The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) Impact ====== A remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server. Workaround ========== None this time. Resolution ========== All CUPS users should upgrade to the latest version. # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1" References ========== [ 1 ] CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 [ 2 ] CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 [ 3 ] CVE-2008-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 [ 4 ] CVE-2008-5286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-707-1 January 12, 2009 cups, cupsys vulnerabilities CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.12 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.9 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.3 Ubuntu 8.10: cups 1.3.9-2ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183) It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184) It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286) It was discovered that the example pstopdf CUPS filter created log files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.diff.gz Size/MD5: 100650 effacab03a0a75663148e730badca56e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.dsc Size/MD5: 1060 e320589ea4731d43a927b6ea986e2ca9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.12_all.deb Size/MD5: 996 01d1b0dbc0bf6fed042b103b81d91293 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 36230 ac91b545a2f40de7c165f160928334be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 81912 f3ec3b95abadf43c3642d422bb1d8d64 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 2286872 779f854a26f5670c1183aac0a9adf15b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 6092 e4f7e6b58bbcf3656487d779ada528d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 77434 f7789b8cca7ea8f57ca2ca14f4cc1a9b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 25748 e2a92ba2421bafc00df0a6c1f99bcda8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 130184 6a0808bf1ea2650d8a97fc50ceee0aa6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 34766 ec9c0af53c98f9d904a8241331179a6d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 77990 c582e927e8d8bbdd29c5c111bc0dd162 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 2254158 f9e7ba99ce5ff49546a8922df47d0005 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 6092 969b76527edef12a2f3c77a77c97480e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 76550 2e653b4dac7063a7d290918bdafd43cf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 25748 cfff840b4e9984245fcd15d845183810 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 122384 ec7ddfb032ee70d393c65d9d90060ea0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 40466 119cafd93458295da6a6c8c12b35a262 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 89530 bc52672d7f4903f7ec745cbe778e4da2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 2301402 e3bf63715dbebb29410ce13098b645f1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 6088 68fd62d76fc0a4e2e515f5a644852e60 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 79208 b83506e935ffd0ac4c1311f003424f2b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 25744 cb2ca08057f83b9b40b60960712d8766 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 128150 597300fc1511305508b9c0e62c061660 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 35388 afe7217a6f8ebe6fba8f7668f8a6d5bf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 78722 0f5be23fb63000b5fb2945f4a40ad70a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 2287758 3b8180329fa4c55ece2b828e07d3366c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 6090 aee18e619e301cdd7472d6f6a326655c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 76468 398ecfef9fff03f088e4964ad0e76c71 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 25748 22655777c70067f973fef557c9196bdf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 123876 99879b6877338c254ae31dcd0f4bae29 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.diff.gz Size/MD5: 129791 3e27f46f569ec5719b5fe13fb78a9f14 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.dsc Size/MD5: 1226 3a8eb42c55eb55163497543c39f23124 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.9_all.deb Size/MD5: 1080428 2a130e02392de2ce721ac25a9a71ef0f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 37202 8a68cf9bfa98bda7cf30f6bfba41dd2e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 89510 e721173ffa8c31fc92703b908140e84c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 2034862 f512c15b34be6e169e9f947ca916ca93 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 60018 4f4e8635956b4b882074cc2760ebcb5e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 46878 197a3efe70b9864efe397bb27e455933 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 152008 c05765a56717613f12ca4e47dd751864 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 186748 03cda4eef301db2a8f2cb6f5344c9f02 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 36480 6742a1d19a47e85b583bfc6cc8e5bef1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 86482 33d1e6cc218245db992e2b8337d63fad http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 2018562 6217c3d4a08b575b0fd01a2f0b6d9965 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 58836 228f15292895fb6714cf83ac08376530 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 46256 a2a663a767af4beccac469b36af692b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 145696 099603137d153ed2f50e0154fde6811f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 183548 69d7d5292ed78f5a5dca16d9be7d9ebe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 36670 2f95875950737fb3b29d8170e0e842be http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 88296 51a1b00b3aa778300d6be240ca814448 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 2021580 ec2e3b013c825e7b1c269778d722c41f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 59622 38519a455e3dca46fdc55980903ef527 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 47694 2a305b565e33a52d5cfe71bb09d3fbc0 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 142418 b0423e069760ca141c0e73f07b7049fb http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 181750 8e286ae296e7b3fd216d7137a4c21c19 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 46502 a1296168b5d3706b8870d2aca19cfc4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 107760 d98d3f88cf3706b28ca9706e4f21897e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 2099848 088263da7a0baba49e4b28f000070cdf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 59484 85a44c9e70aadd41bdcb9401af938361 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 51846 4442245f4cf71913bbd642f5185f93a0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 146944 ca2f12efe3d8b1ef0711019a6f4be4a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 192530 47b0cc559fb4548701addb4e389beda1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 37568 441cbf24d055107a408220ea945357e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 89612 42f545e2092863afc31a6beb921ba803 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 2061116 df2be5541017e5a11f265dc0420d1de4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 58094 4602a5ee17eae8d0769901ffff089eac http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 45560 fce319567830955760626e98a52bd9e0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 148474 0fa2f0010fbd4b08d91b1c62765ed46e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 182570 ef1eec9c88b499b3cea8742fc31d8edf Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.diff.gz Size/MD5: 134438 a4a1876673e461e35cfec8952ca054f5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.dsc Size/MD5: 1441 2ced31d2fde396439410f30e758d7db2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.3_all.deb Size/MD5: 1144166 4893a05510da7c9b5434d00fc29e455f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 37532 480443df9d0723c844c0c0f6408169a2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 89978 0d287573cdcc4701998ce53af56dd3f9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 1880612 2314ea0930f6d00794e0176916b6da35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 60906 9042974135c36a37171a424b7d4a202d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 50368 3cd1eb8125943eaa9ee6dde601f4422e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 344934 c5aec8c571564cbd0c895145a875d02a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 177930 36d56cb0664534f425871d13d77e4b1a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 36968 6f01ef27169dfc9aa944c5049acbbe63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 88402 dd874fead670a6d57e90176ad1facc94 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 1863008 ff961e2dbb46de7be8722d88178a38e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 60100 0881e753bb681af3463d6ed8d11c09cf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 49846 07a541a01b7e231c9988e779a3f602d0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 339346 d5efe383bc97ce56837e36806bfba341 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 174778 a578d4f7a0fe9195167e7a0cafc37974 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 36678 3176e400d418ca744825919b30d1a248 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 88752 998f5ae89f57c5a3874a2bec71f435af http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 1865256 715aafc333b7d070b516950843cdf664 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 60548 39aa25aae6614a78a0b3c29e30d464f9 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 50860 1ba114f3487de2725c3704efbaf6a5c5 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 337010 98f33df59e831f8213370b533c9a6f7b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 173708 dca1c947f9af44e5d4c6bc2c604aa371 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 46930 5baf8d502a2bdca9954d98a542e92f1b http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 110824 b0aab96be927c4d4924df4c45049f8a0 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 1949124 d53346f89338971030ed9a202726849c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 59928 0c7f0193cfee10e401ca8304bc6a20bb http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 54930 694817b2babba26327d4b021a36f938a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 341674 78be76c752899ff02d96f7d9f4c8cbc1 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 183682 2dfb517ad5388b6471fc3f33148110c7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 38030 018dbd428bea31bff3efe42c650ab930 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 91034 0cdf41119c49465205ec9d85e0fcedcb http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 1897932 265d337f28fada008fdf22034c76d43b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 57852 5ebf07d4d87d5c0ba46bb52b0cabe6bd http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 48224 ed14b7888ad80c70678b20881c6b9606 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 341382 ed914dcee1d36a7437ebdb46d44fba62 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 173608 98ee538398dcf7c112099d3e398b686e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.diff.gz Size/MD5: 328034 b25d444f40ebc1f17984cb538172480c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.dsc Size/MD5: 2043 3b36a5cadfe85ed62bf8b28de6ec7591 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu6.1_all.deb Size/MD5: 1162340 88ad6900549400af9f75f927227d45cb http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57652 7a33348b800c156e43a83e9083436bd5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57660 6c89ff2b1f7fe264b5caaaf986b36d9c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57652 ee1e3c3d68c190281678d7c1e7adadc9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57656 2e8d25c423fbc2e265b0d56633ebc67d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57670 b0c0e0f336be70d0c458b45936f98d0d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu6.1_all.deb Size/MD5: 4530 23fb36af369fe018cd11fb3291dcc3cc http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57656 46de04530c997f729b7dce967559c8b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 37318 7c4c4cadb4f9b7f6e2c6080b790e6ee1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 119788 72cab9079aeefee51e09a3b31ae592fa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 1682518 3180c4e3fa3d5cfe0b2b894898485fdd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 2172420 d7928f5c71b128511a0864db35ba6fe9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 352208 ba6478c9d8f3712b0c1e648e48bbb0c3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 172690 b2f7befc45ccf3bcd176186f9c48ceb1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 61404 a16ecd777aca26b88c24d16b69e5f193 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 52392 7a9f6aabf047ad3225f8ec44d2fb5540 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 36216 b4999abd3bf22b2963db0969b40da8e1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 115352 9ec804831b4557a4ada56602384ecc39 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 1542016 c120e8f977f4b19be21e3b3067ca0df5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 2139174 18db7072b040bc4f3319b3b51361a239 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 345996 53a7bdb95ee0b5d3b0f96c463710dadd http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 169534 efa2f12acaf19bfab23d60478b5586cd http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 60536 ceb4ded5423c0a25ddcc924d29e390f5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 51750 cf8f8190d6281a5881b8cc1922035758 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 36030 95ca36c48f733f3d709e94c2202e97db http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 114514 c44f5a21e630c130008be55aa258cb42 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 1571226 37ce539f88c38ba11a89515ddc188d2c http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 2135890 46cb00e52f60f8adc58496bc550a5ad9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 342976 e14329c1e782470735f35422c592b473 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 167800 9cbad1fe09d9904ae6e026987d85731a http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 60672 8a5ca81cd3803ad98afe963360242177 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 52440 07bf6935608f398215f2880d5be9fd25 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 43578 6876bb9233cf8352dfbf66bc95ddf7e9 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 138186 b3868a2e0d935a95e9083773859f1cbe http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 1663458 2bf2dae0699cf7dc45889dc678f20fcc http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 2264178 b5b51d8116a46689275f98ea94e946af http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 347972 af66fd54a390946c7b676cf54cb6e22e http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 176964 0605e8b21a449afea97a3f5060af63e1 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 61336 79c4d467e37c334effe0b5ee31238901 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 57492 a6d2f97d74132b1f2a40599398ecd9b1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 37220 31f862d50b31324596054730ea09f7d3 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 117632 b594a8cb5b194fef18a0393968fe0736 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 1490260 01fcb6d2d1c062dcdfd6cde440ef2a98 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 2200956 ebfffd46f41befdda3e30e3cb1ab521e http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 344800 6192418a2f2625f81551e9839d1187b4 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 165706 5804589b4f9bcc3bf016e3394f7acb7f http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 57906 34fef3b4e0a01df4a76c92768a8c292e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 49792 24e09a0af0155fd8a13ca3f1db035c6d

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

iljavs

SOURCES

LAST UPDATE DATE

2025-01-14T21:45:20.623000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE