blob: 54f58a7c2ad738e3ab08fb75013382d5412c84e8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200412-25">
<title>CUPS: Multiple vulnerabilities</title>
Multiple vulnerabilities have been found in CUPS, ranging from local Denial
of Service attacks to the remote execution of arbitrary code.
<product type="ebuild">CUPS</product>
<announced>December 28, 2004</announced>
<revised>January 12, 2005: 02</revised>
<access>remote and local</access>
<package name="net-print/cups" auto="yes" arch="*">
<unaffected range="ge">1.1.23</unaffected>
<vulnerable range="lt">1.1.23</vulnerable>
The Common UNIX Printing System (CUPS) is a cross-platform print
spooler, hpgltops is a CUPS filter handling printing of HPGL files and
lppasswd is a program used locally to manage spooler passwords.
CUPS makes use of vulnerable Xpdf code to handle PDF files
(CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer
overflow in the ParseCommand function in hpgl-input.c in the hpgltops
program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several
problems in the lppasswd program: it ignores some write errors
(CAN-2004-1268), it can leave the file in place
(CAN-2004-1269) and it does not verify that file is
different from STDERR (CAN-2004-1270).
<impact type="high">
The Xpdf and hpgltops vulnerabilities may be exploited by a remote
attacker to execute arbitrary code by sending specific print jobs to a
CUPS spooler. The lppasswd vulnerabilities may be exploited by a local
attacker to write data to the CUPS password file or deny further
password modifications.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-print/cups-1.1.23&quot;</code>
<uri link="">CAN-2004-1125</uri>
<uri link="">CAN-2004-1267</uri>
<uri link="">CAN-2004-1268</uri>
<uri link="">CAN-2004-1269</uri>
<uri link="">CAN-2004-1270</uri>
<uri link="">Ariel Berkman Advisory</uri>
<uri link="">Bartlomiej Sieka Advisory</uri>
<metadata tag="requester" timestamp="Mon, 27 Dec 2004 17:52:31 +0000">
<metadata tag="submitter" timestamp="Tue, 28 Dec 2004 09:42:46 +0000">
<metadata tag="bugReady" timestamp="Tue, 28 Dec 2004 12:52:03 +0000">