Linux Security
    Linux Security
    Linux Security

    Debian: CUPS multiple vulnerabilities DSA-232-1

    Date 20 Jan 2003
    Posted By LinuxSecurity Advisories
    Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS).
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 232-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    January 20th, 2003             
    - --------------------------------------------------------------------------
    Package        : cupsys
    Vulnerability  : several
    Problem-type   : remote
    Debian-specific: no
    CVE Id         : CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384
    Multiple vulnerabilities were discovered in the Common Unix Printing
    System (CUPS).  Several of these issues represent the potential for a
    remote compromise or denial of service.  The Common Vulnerabilities
    and Exposures project identifies the following problems:
     . CAN-2002-1383: Multiple integer overflows allow a remote attacker
       to execute arbitrary code via the CUPSd HTTP interface and the
       image handling code in CUPS filters.
     . CAN-2002-1366: Race conditions in connection with /etc/cups/certs/
       allow local users with lp privileges to create or overwrite
       arbitrary files.  This is not present in the potato version.
     . CAN-2002-1367: This vulnerabilities allows a remote attacker to add
       printers without authentication via a certain UDP packet, which can
       then be used to perform unauthorized activities such as stealing
       the local root certificate for the administration server via a
       "need authorization" page.
     . CAN-2002-1368: Negative lengths fed into memcpy() can cause a
       denial of service and possibly execute arbitrary code.
     . CAN-2002-1369: An unsafe strncat() function call processing the
       options string allows a remote attacker to execute arbitrary code
       via a buffer overflow.
     . CAN-2002-1371: Zero width images allows a remote attacker to
       execute arbitrary code via modified chunk headers.
     . CAN-2002-1372: CUPS does not properly check the return values of
       various file and socket operations, which could allow a remote
       attacker to cause a denial of service.
     . CAN-2002-1384: The cupsys package contains some code from the xpdf
       package, used to convert PDF files for printing, which contains an
       exploitable integer overflow bug.  This is not present in the
       potato version.
    Even though we tried very hard to fix all problems in the packages for
    potato as well, the packages may still contain other security related
    problems.  Hence, we advise users of potato systems using CUPS to
    upgrade to woody soon.
    For the current stable distribution (woody), these problems have been fixed
    in version 1.1.14-4.3.
    For the old stable distribution (potato), these problems have been fixed
    in version 1.0.4-12.1.
    For the unstable distribution (sid), these problems have been fixed in
    version 1.1.18-1.
    We recommend that you upgrade your CUPS packages immediately.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
      Source archives:
          Size/MD5 checksum:      640 4dc208e40f63d9489096094c816e0aab
          Size/MD5 checksum:    31087 d27ef43f96213e35a3fcd43aa14a4b5a
          Size/MD5 checksum:  3147998 d753d8b3c2506a9b97bf4f22ca53f38b
      Alpha architecture:
          Size/MD5 checksum:  2438248 aaa4524a445c43d51d45325f18a21a0e
          Size/MD5 checksum:    18050 34e299da4303b82a38a897d3574a430a
          Size/MD5 checksum:    87808 d7c294281899ab7a8e8d8158ff3d19bc
          Size/MD5 checksum:   117740 6342f1a851a3075493f277548613fb91
      ARM architecture:
          Size/MD5 checksum:  2335642 eb5abc77ec982a103cb99fd1ae44fb8e
          Size/MD5 checksum:    17042 54db853e04f164bdb6f7c3780a770f45
          Size/MD5 checksum:    64726 cac8881dd707af979bcc3b2c0774f7ad
          Size/MD5 checksum:    92574 f493560542d625644d3675fbf31a5c32
      Intel IA-32 architecture:
          Size/MD5 checksum:  2295330 3e977f66990a5d169d24088c22ffba34
          Size/MD5 checksum:    16746 d101cceb0b1929b21e8fa16b688b43aa
          Size/MD5 checksum:    64790 9db4d79646e4e69a763f9f73d87124a1
          Size/MD5 checksum:    83146 d62c83955dfb01d44c95a4e0066f4760
      Motorola 680x0 architecture:
          Size/MD5 checksum:  2244722 e16fc52c24c8c89151e104292a6c598c
          Size/MD5 checksum:    16246 94271dc6ccfd72526b5a991b6506fd93
          Size/MD5 checksum:    60086 91f8d44a474e0258ab10c307ffe0099e
          Size/MD5 checksum:    76130 28bb402a4bcf5ed618089e7ef7d99650
      PowerPC architecture:
          Size/MD5 checksum:  2331374 889a07299be40970d018fc3a1415dbb4
          Size/MD5 checksum:    16620 40f83566033cc2e9485a706839415f85
          Size/MD5 checksum:    68346 ee6b562330731a40feee359827c2ec32
          Size/MD5 checksum:    89548 1eae59dd93ac2f66f0450ca6993fc076
      Sun Sparc architecture:
          Size/MD5 checksum:  2348864 9c7717d9a987f034145e8a5de53e5cfa
          Size/MD5 checksum:    16860 7f89e6c646e2fd71fdc64f377d994359
          Size/MD5 checksum:    71318 654ebb56f716c96073902a978cc3b463
          Size/MD5 checksum:    89346 06d607a21e84d6fb1b938ea3fcf48d43
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      703 731309263ec48b95ae0cb591d0ee59b4
          Size/MD5 checksum:    35406 11bfd58a768374b366c6d96f3f94cf7e
          Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f
      Alpha architecture:
          Size/MD5 checksum:  1899754 a0b0c290488522117526ae202a7ae2ff
          Size/MD5 checksum:    73784 5f1ce0319d6705a0675fb107f1494697
          Size/MD5 checksum:    92426 334048c0e66cf45b751209d41b131cef
          Size/MD5 checksum:  2445268 02a0f9b14cfd0406b47b4e07699af0ab
          Size/MD5 checksum:   137294 180a41e8d487fa823428ff6b5feab0e3
          Size/MD5 checksum:   180072 366b240f494c595371ebf0aa76495968
      ARM architecture:
          Size/MD5 checksum:  1821218 1a5a7b2f99adf59214af6310b528aaca
          Size/MD5 checksum:    67920 2e131a508ef69a99d4f31e00accd613f
          Size/MD5 checksum:    85106 89733fd8e141b714612e3fbe88aaf618
          Size/MD5 checksum:  2345270 1fd92dd3592d46102c123525ffba924f
          Size/MD5 checksum:   112238 37ba72995818f8d118ef364f8457361c
          Size/MD5 checksum:   149648 c0bcd3073c939bfe51c2ef6cc9271302
      Intel IA-32 architecture:
          Size/MD5 checksum:  1787724 09165107e5638a2ea9bafe23d12dbc22
          Size/MD5 checksum:    67420 c9b102f68e45060fc20b0453f2e985c2
          Size/MD5 checksum:    83568 b7b51133931295233b995a986acf730b
          Size/MD5 checksum:  2311406 cad54ef5642381a95566137fc5e490e9
          Size/MD5 checksum:   110296 cbbb26f20387c8045599bba4d5067541
          Size/MD5 checksum:   135740 b75c3c6e99eb435e55a20b2633edcae5
      Intel IA-64 architecture:
          Size/MD5 checksum:  2007820 1c6de4f61f495706a1e7e0e3e5bcf8b2
          Size/MD5 checksum:    76856 af4f10ddbbf39d2192b42c6b0e16cfe7
          Size/MD5 checksum:    96580 0204b611074a972894e8a3b3c2c4eaee
          Size/MD5 checksum:  2656224 6572d4626c36636f5479b852472a154c
          Size/MD5 checksum:   155042 f1cf6145bec0858378f78e65ff2a079c
          Size/MD5 checksum:   181986 09e81033fb7faf00339955ac17e493c5
      HP Precision architecture:
          Size/MD5 checksum:  1881256 ee399012eb45487e1e83d30c9a10174b
          Size/MD5 checksum:    70232 a3949939d591d301d7e209c6ea5a36ed
          Size/MD5 checksum:    89246 0b2314247edf8a9476392b7bc67c2ac0
          Size/MD5 checksum:  2455474 c1792566e4cc052c7ca7b88bed96424a
          Size/MD5 checksum:   125938 58143366bbacda6689e29612a05acd9b
          Size/MD5 checksum:   158762 5836cf0d3768ede7d67a23523457baa2
      Motorola 680x0 architecture:
          Size/MD5 checksum:  1754948 d6640d147a05f075158590191e80af7c
          Size/MD5 checksum:    65696 667e3dd5023a876908702c5f2e0071e8
          Size/MD5 checksum:    80820 2c71139899e3d9e9b992c230f4a5c97e
          Size/MD5 checksum:  2260812 73049e9e3f2ad0fdfab6beb1a7d1cf0e
          Size/MD5 checksum:   105532 2cbfd4ba400ca04caa39cba0a0f747c7
          Size/MD5 checksum:   128090 3947055497519ffaa0890036e93fc24a
      Big endian MIPS architecture:
          Size/MD5 checksum:  1811434 e9da6135a9df048682b179d2908fa8d7
          Size/MD5 checksum:    67348 ed057f08a3bafd3634a2ef6e7eab5b5a
          Size/MD5 checksum:    80794 ec9c303425b6c7ca0bedb340a8201f97
          Size/MD5 checksum:  2404100 12f65dac839b6d2d55a1f0276e7977ee
          Size/MD5 checksum:   112088 819aeef46301ba2c8166af1cad942ff0
          Size/MD5 checksum:   150376 b733e7eb1639ecae09a7c2c4f6ea9843
      Little endian MIPS architecture:
          Size/MD5 checksum:  1812224 719c8d133b723c67ccfef6a900f7e2ef
          Size/MD5 checksum:    67320 6162a88599d2bc21cead4e3ee5b831cf
          Size/MD5 checksum:    80814 9b42a74de3e7e01b9987b4f53f860364
          Size/MD5 checksum:  2406454 52841d08e5547fd033b0166c841ca5b8
          Size/MD5 checksum:   111808 461bc2686de9f820e838bace6bcc1ffb
          Size/MD5 checksum:   150196 7efb68d1171369bb54c9e782928d5497
      PowerPC architecture:
          Size/MD5 checksum:  1799712 5e5226117797dbdf5d7689303596a394
          Size/MD5 checksum:    67330 86410befd2ea69507a51f71ed823f918
          Size/MD5 checksum:    82924 4744992e3df7a94df6a3f4cbbe023c28
          Size/MD5 checksum:  2359234 fd1f62c0a8f9a323739193101094490d
          Size/MD5 checksum:   116026 818379da14940b9ea9005194b648af65
          Size/MD5 checksum:   144332 d7d5380c7ae4cfce492702f1db4b9376
      IBM S/390 architecture:
          Size/MD5 checksum:  1794976 48433fc4e46a79f6ae5fda1188ef876e
          Size/MD5 checksum:    68726 77be9718f9b8e591741de9593376e487
          Size/MD5 checksum:    85452 63aa415bcc67611fd6e1cc1878997c99
          Size/MD5 checksum:  2337080 22caf75ee1a362e738dd213d404a93ab
          Size/MD5 checksum:   114600 82d05e55a06f699d03eae259fb36e4b8
          Size/MD5 checksum:   140140 bf46320d0fe2af6de8461bcfeea5165b
      Sun Sparc architecture:
          Size/MD5 checksum:  1844650 ac5ea5b374299e68779dcbbfa6d25423
          Size/MD5 checksum:    70292 12590365cf4023189e815371d4099e33
          Size/MD5 checksum:    83726 9bde67d3c4d371d41f0a332a263240ee
          Size/MD5 checksum:  2354114 8525f1296681d5e77d5c0c64b9554576
          Size/MD5 checksum:   119750 894d0f5c439332d26d85c2aa3bee2693
          Size/MD5 checksum:   145916 ef0a899b95e949cb3991ffb81a29110c
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.