blob: 1a6f8380480d9145fffbce56ceb1c379cd1e8cdd [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200804-01">
<title>CUPS: Multiple vulnerabilities</title>
Multiple vulnerabilities have been discovered in CUPS, allowing for the
remote execution of arbitrary code and a Denial of Service.
<product type="ebuild">cups</product>
<announced>April 01, 2008</announced>
<revised>April 01, 2008: 01</revised>
<package name="net-print/cups" auto="yes" arch="*">
<unaffected range="ge">1.2.12-r7</unaffected>
<vulnerable range="lt">1.2.12-r7</vulnerable>
CUPS provides a portable printing layer for UNIX-based operating
Multiple vulnerabilities have been reported in CUPS:
<li>regenrecht (VeriSign iDefense) discovered that the
cgiCompileSearch() function used in several CGI scripts in CUPS'
administration interface does not correctly calculate boundaries when
processing a user-provided regular expression, leading to a heap-based
buffer overflow (CVE-2008-0047).</li>
<li>Helge Blischke reported a
double free() vulnerability in the process_browse_data() function when
adding or removing remote shared printers (CVE-2008-0882).</li>
<li>Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
uses the code_size value from GIF images without properly checking it,
leading to a buffer overflow (CVE-2008-1373).</li>
<li>An unspecified
input validation error was discovered in the HP-GL/2 filter
<impact type="high">
A local attacker could send specially crafted network packets or print
jobs and possibly execute arbitrary code with the privileges of the
user running CUPS (usually lp), or cause a Denial of Service. The
vulnerabilities are exploitable via the network when CUPS is sharing
printers remotely.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-print/cups-1.2.12-r7&quot;</code>
<uri link="">CVE-2008-0047</uri>
<uri link="">CVE-2008-0053</uri>
<uri link="">CVE-2008-0882</uri>
<uri link="">CVE-2008-1373</uri>
<metadata tag="requester" timestamp="Sat, 08 Mar 2008 16:37:44 +0000">
<metadata tag="submitter" timestamp="Tue, 18 Mar 2008 13:25:31 +0000">
<metadata tag="bugReady" timestamp="Tue, 01 Apr 2008 19:15:08 +0000">