- --------------------------------------------------------------------------
Debian Security Advisory DSA 232-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
January 20th, 2003                       Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : several
Problem-type   : remote
Debian-specific: no
CVE Id         : CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384

Multiple vulnerabilities were discovered in the Common Unix Printing
System (CUPS).  Several of these issues represent the potential for a
remote compromise or denial of service.  The Common Vulnerabilities
and Exposures project identifies the following problems:

 . CAN-2002-1383: Multiple integer overflows allow a remote attacker
   to execute arbitrary code via the CUPSd HTTP interface and the
   image handling code in CUPS filters.

 . CAN-2002-1366: Race conditions in connection with /etc/cups/certs/
   allow local users with lp privileges to create or overwrite
   arbitrary files.  This is not present in the potato version.

 . CAN-2002-1367: This vulnerabilities allows a remote attacker to add
   printers without authentication via a certain UDP packet, which can
   then be used to perform unauthorized activities such as stealing
   the local root certificate for the administration server via a
   "need authorization" page.

 . CAN-2002-1368: Negative lengths fed into memcpy() can cause a
   denial of service and possibly execute arbitrary code.

 . CAN-2002-1369: An unsafe strncat() function call processing the
   options string allows a remote attacker to execute arbitrary code
   via a buffer overflow.

 . CAN-2002-1371: Zero width images allows a remote attacker to
   execute arbitrary code via modified chunk headers.

 . CAN-2002-1372: CUPS does not properly check the return values of
   various file and socket operations, which could allow a remote
   attacker to cause a denial of service.

 . CAN-2002-1384: The cupsys package contains some code from the xpdf
   package, used to convert PDF files for printing, which contains an
   exploitable integer overflow bug.  This is not present in the
   potato version.

Even though we tried very hard to fix all problems in the packages for
potato as well, the packages may still contain other security related
problems.  Hence, we advise users of potato systems using CUPS to
upgrade to woody soon.

For the current stable distribution (woody), these problems have been fixed
in version 1.1.14-4.3.

For the old stable distribution (potato), these problems have been fixed
in version 1.0.4-12.1.

For the unstable distribution (sid), these problems have been fixed in
version 1.1.18-1.

We recommend that you upgrade your CUPS packages immediately.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

      
      Size/MD5 checksum:      640 4dc208e40f63d9489096094c816e0aab
      
      Size/MD5 checksum:    31087 d27ef43f96213e35a3fcd43aa14a4b5a
      
      Size/MD5 checksum:  3147998 d753d8b3c2506a9b97bf4f22ca53f38b

  Alpha architecture:

      
      Size/MD5 checksum:  2438248 aaa4524a445c43d51d45325f18a21a0e
      
      Size/MD5 checksum:    18050 34e299da4303b82a38a897d3574a430a
      
      Size/MD5 checksum:    87808 d7c294281899ab7a8e8d8158ff3d19bc
      
      Size/MD5 checksum:   117740 6342f1a851a3075493f277548613fb91

  ARM architecture:

      
      Size/MD5 checksum:  2335642 eb5abc77ec982a103cb99fd1ae44fb8e
      
      Size/MD5 checksum:    17042 54db853e04f164bdb6f7c3780a770f45
      
      Size/MD5 checksum:    64726 cac8881dd707af979bcc3b2c0774f7ad
      
      Size/MD5 checksum:    92574 f493560542d625644d3675fbf31a5c32

  Intel IA-32 architecture:

      
      Size/MD5 checksum:  2295330 3e977f66990a5d169d24088c22ffba34
      
      Size/MD5 checksum:    16746 d101cceb0b1929b21e8fa16b688b43aa
      
      Size/MD5 checksum:    64790 9db4d79646e4e69a763f9f73d87124a1
      
      Size/MD5 checksum:    83146 d62c83955dfb01d44c95a4e0066f4760

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:  2244722 e16fc52c24c8c89151e104292a6c598c
      
      Size/MD5 checksum:    16246 94271dc6ccfd72526b5a991b6506fd93
      
      Size/MD5 checksum:    60086 91f8d44a474e0258ab10c307ffe0099e
      
      Size/MD5 checksum:    76130 28bb402a4bcf5ed618089e7ef7d99650

  PowerPC architecture:

      
      Size/MD5 checksum:  2331374 889a07299be40970d018fc3a1415dbb4
      
      Size/MD5 checksum:    16620 40f83566033cc2e9485a706839415f85
      
      Size/MD5 checksum:    68346 ee6b562330731a40feee359827c2ec32
      
      Size/MD5 checksum:    89548 1eae59dd93ac2f66f0450ca6993fc076

  Sun Sparc architecture:

      
      Size/MD5 checksum:  2348864 9c7717d9a987f034145e8a5de53e5cfa
      
      Size/MD5 checksum:    16860 7f89e6c646e2fd71fdc64f377d994359
      
      Size/MD5 checksum:    71318 654ebb56f716c96073902a978cc3b463
      
      Size/MD5 checksum:    89346 06d607a21e84d6fb1b938ea3fcf48d43


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      703 731309263ec48b95ae0cb591d0ee59b4
      
      Size/MD5 checksum:    35406 11bfd58a768374b366c6d96f3f94cf7e
      
      Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f

  Alpha architecture:

      
      Size/MD5 checksum:  1899754 a0b0c290488522117526ae202a7ae2ff
      
      Size/MD5 checksum:    73784 5f1ce0319d6705a0675fb107f1494697
      
      Size/MD5 checksum:    92426 334048c0e66cf45b751209d41b131cef
      
      Size/MD5 checksum:  2445268 02a0f9b14cfd0406b47b4e07699af0ab
      
      Size/MD5 checksum:   137294 180a41e8d487fa823428ff6b5feab0e3
      
      Size/MD5 checksum:   180072 366b240f494c595371ebf0aa76495968

  ARM architecture:

      
      Size/MD5 checksum:  1821218 1a5a7b2f99adf59214af6310b528aaca
      
      Size/MD5 checksum:    67920 2e131a508ef69a99d4f31e00accd613f
      
      Size/MD5 checksum:    85106 89733fd8e141b714612e3fbe88aaf618
      
      Size/MD5 checksum:  2345270 1fd92dd3592d46102c123525ffba924f
      
      Size/MD5 checksum:   112238 37ba72995818f8d118ef364f8457361c
      
      Size/MD5 checksum:   149648 c0bcd3073c939bfe51c2ef6cc9271302

  Intel IA-32 architecture:

      
      Size/MD5 checksum:  1787724 09165107e5638a2ea9bafe23d12dbc22
      
      Size/MD5 checksum:    67420 c9b102f68e45060fc20b0453f2e985c2
      
      Size/MD5 checksum:    83568 b7b51133931295233b995a986acf730b
      
      Size/MD5 checksum:  2311406 cad54ef5642381a95566137fc5e490e9
      
      Size/MD5 checksum:   110296 cbbb26f20387c8045599bba4d5067541
      
      Size/MD5 checksum:   135740 b75c3c6e99eb435e55a20b2633edcae5

  Intel IA-64 architecture:

      
      Size/MD5 checksum:  2007820 1c6de4f61f495706a1e7e0e3e5bcf8b2
      
      Size/MD5 checksum:    76856 af4f10ddbbf39d2192b42c6b0e16cfe7
      
      Size/MD5 checksum:    96580 0204b611074a972894e8a3b3c2c4eaee
      
      Size/MD5 checksum:  2656224 6572d4626c36636f5479b852472a154c
      
      Size/MD5 checksum:   155042 f1cf6145bec0858378f78e65ff2a079c
      
      Size/MD5 checksum:   181986 09e81033fb7faf00339955ac17e493c5

  HP Precision architecture:

      
      Size/MD5 checksum:  1881256 ee399012eb45487e1e83d30c9a10174b
      
      Size/MD5 checksum:    70232 a3949939d591d301d7e209c6ea5a36ed
      
      Size/MD5 checksum:    89246 0b2314247edf8a9476392b7bc67c2ac0
      
      Size/MD5 checksum:  2455474 c1792566e4cc052c7ca7b88bed96424a
      
      Size/MD5 checksum:   125938 58143366bbacda6689e29612a05acd9b
      
      Size/MD5 checksum:   158762 5836cf0d3768ede7d67a23523457baa2

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:  1754948 d6640d147a05f075158590191e80af7c
      
      Size/MD5 checksum:    65696 667e3dd5023a876908702c5f2e0071e8
      
      Size/MD5 checksum:    80820 2c71139899e3d9e9b992c230f4a5c97e
      
      Size/MD5 checksum:  2260812 73049e9e3f2ad0fdfab6beb1a7d1cf0e
      
      Size/MD5 checksum:   105532 2cbfd4ba400ca04caa39cba0a0f747c7
      
      Size/MD5 checksum:   128090 3947055497519ffaa0890036e93fc24a

  Big endian MIPS architecture:

      
      Size/MD5 checksum:  1811434 e9da6135a9df048682b179d2908fa8d7
      
      Size/MD5 checksum:    67348 ed057f08a3bafd3634a2ef6e7eab5b5a
      
      Size/MD5 checksum:    80794 ec9c303425b6c7ca0bedb340a8201f97
      
      Size/MD5 checksum:  2404100 12f65dac839b6d2d55a1f0276e7977ee
      
      Size/MD5 checksum:   112088 819aeef46301ba2c8166af1cad942ff0
      
      Size/MD5 checksum:   150376 b733e7eb1639ecae09a7c2c4f6ea9843

  Little endian MIPS architecture:

      
      Size/MD5 checksum:  1812224 719c8d133b723c67ccfef6a900f7e2ef
      
      Size/MD5 checksum:    67320 6162a88599d2bc21cead4e3ee5b831cf
      
      Size/MD5 checksum:    80814 9b42a74de3e7e01b9987b4f53f860364
      
      Size/MD5 checksum:  2406454 52841d08e5547fd033b0166c841ca5b8
      
      Size/MD5 checksum:   111808 461bc2686de9f820e838bace6bcc1ffb
      
      Size/MD5 checksum:   150196 7efb68d1171369bb54c9e782928d5497

  PowerPC architecture:

      
      Size/MD5 checksum:  1799712 5e5226117797dbdf5d7689303596a394
      
      Size/MD5 checksum:    67330 86410befd2ea69507a51f71ed823f918
      
      Size/MD5 checksum:    82924 4744992e3df7a94df6a3f4cbbe023c28
      
      Size/MD5 checksum:  2359234 fd1f62c0a8f9a323739193101094490d
      
      Size/MD5 checksum:   116026 818379da14940b9ea9005194b648af65
      
      Size/MD5 checksum:   144332 d7d5380c7ae4cfce492702f1db4b9376

  IBM S/390 architecture:

      
      Size/MD5 checksum:  1794976 48433fc4e46a79f6ae5fda1188ef876e
      
      Size/MD5 checksum:    68726 77be9718f9b8e591741de9593376e487
      
      Size/MD5 checksum:    85452 63aa415bcc67611fd6e1cc1878997c99
      
      Size/MD5 checksum:  2337080 22caf75ee1a362e738dd213d404a93ab
      
      Size/MD5 checksum:   114600 82d05e55a06f699d03eae259fb36e4b8
      
      Size/MD5 checksum:   140140 bf46320d0fe2af6de8461bcfeea5165b

  Sun Sparc architecture:

      
      Size/MD5 checksum:  1844650 ac5ea5b374299e68779dcbbfa6d25423
      
      Size/MD5 checksum:    70292 12590365cf4023189e815371d4099e33
      
      Size/MD5 checksum:    83726 9bde67d3c4d371d41f0a332a263240ee
      
      Size/MD5 checksum:  2354114 8525f1296681d5e77d5c0c64b9554576
      
      Size/MD5 checksum:   119750 894d0f5c439332d26d85c2aa3bee2693
      
      Size/MD5 checksum:   145916 ef0a899b95e949cb3991ffb81a29110c


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/