Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-707-1: CUPS vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-707-1: CUPS vulnerabilities
# 1  
Old 01-12-2009
USN-707-1: CUPS vulnerabilities
Referenced CVEs:
CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377


Description:
===========================================================Ubuntu Security Notice USN-707-1 January 12, 2009cups, cupsys vulnerabilitiesCVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.12Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.9Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.3Ubuntu 8.10: cups 1.3.9-2ubuntu6.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that CUPS didn't properly handle adding a large number of RSSsubscriptions. A local user could exploit this and cause CUPS to crash, leadingto a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and8.10. (CVE-2008-5183)It was discovered that CUPS did not authenticate users when adding andcancelling RSS subscriptions. An unprivileged local user could bypass intendedrestrictions and add a large number of RSS subscriptions. This issue onlyapplied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)It was discovered that the PNG filter in CUPS did not properly handle certainmalformed images. If a user or automated system were tricked into opening acrafted PNG image file, a remote attacker could cause a denial of service orexecute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)It was discovered that the example pstopdf CUPS filter created log files in aninsecure way. Local users could exploit a race condition to create or overwritefiles with the privileges of the user invoking the program. This issue onlyapplied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question