Referenced CVEs:
CVE-2007-5849, CVE-2007-6358
Description:
=========================================================== Ubuntu Security Notice USN-563-1 January 09, 2008cupsys vulnerabilitiesCVE-2007-5849, CVE-2007-6358===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.6Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.2Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.2Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.3In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Wei Wang discovered that the SNMP discovery backend did not correctlycalculate the length of strings. If a user were tricked into scanningfor printers, a remote attacker could send a specially crafted packetand possibly execute arbitrary code.Elias Pipping discovered that temporary files were not handled safelyin certain situations when converting PDF to PS. A local attacker couldcause a denial of service.
More...