Linux Security
Linux Security
Linux Security

Debian: New cupsys packages fix multiple vulnerabilities

Date 25 Mar 2008
3183
Posted By LinuxSecurity Advisories
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1530-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                           Noah Meyerhans
March 25, 2008                        https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0047 CVE-2008-0882
Debian Bug     : 472105 467653

Several local/remote vulnerabilities have been discovered in cupsys, the
Common Unix Printing System.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2008-0047
Heap-based buffer overflow in CUPS, when printer sharing is enabled,
allows remote attackers to execute arbitrary code via crafted search
expressions.

CVE-2008-0882
Double free vulnerability in the process_browse_data function in CUPS
1.3.5 allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via crafted packets to the
cupsd port (631/udp), related to an unspecified manipulation of a
remote printer.

For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch3

We recommend that you upgrade your cupsys packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch                                                 
- - -------------------------------                                               

Stable updates are available for alpha, amd64, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz
    Size/MD5 checksum:   104776 b684811e24921a7574798108ac6988d7
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.dsc
    Size/MD5 checksum:     1084 0276f8e59e00181d39d204a28494d18c
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
    Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498

Architecture independent packages:

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb
    Size/MD5 checksum:   927322 65b1ff3cb7b8bbbe3b334ee43875aac4
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb
    Size/MD5 checksum:    45654 0b4ce3e9c2af460c5b694b906f450b12

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:  1097006 45800a6b2c1dd7068843ade84480259d
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:    39262 4f645e439999611b07348ad50e4da57d
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:   174890 9affa7a1f2dc6548fcffb9a456181a3a
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:    86292 23431d4bfae9599caba759d4b0a3a8c0
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:    94814 6be946280a3c9fadfd070f7284255df0
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:  1609104 ecdd9f65f8799605a1efeac0d4eae774
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:   184372 7720c886672d63cdeb501314beacc4b5
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_alpha.deb
    Size/MD5 checksum:    72428 2b4ed65a0a33b7cf32756c2b0cd925de

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:    52858 badd0d21043714aa2c612b45323890a1
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:  1574654 cf1c04e898f7380fdd338ecafb69185e
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:    85652 24c3d3e054306785ccc958f1894a2b18
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:   142534 7ad95206e0e450f8df27c9d858809ddb
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:   162008 44f8d076b07194023c8ef4348a56e97a
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:    36352 5a4f9dc02fa0f8fb6936859c0fb1bd61
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:  1086740 d466f2f5d8cb17ae0013dd99db5bcbb0
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_amd64.deb
    Size/MD5 checksum:    80704 d45a4a7461defd4c6b96bbfc292e3183

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:  1565044 7c19a56cb4a782487e104a01f31e0b47
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:    37600 fa90419b34b6733ef32f13797e4606f3
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:    79892 7460f7b76d597bcb02bdc0fe5897a32a
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:    86674 aebef9f4a309afdff01a7cce17b6f57b
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:   997608 e754dc8df237302fac7019754e42352b
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:    53418 b45cf2a324d52524244351d213c8be41
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:   137686 b726701fdb3e8948e5111e2e831bf853
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb
    Size/MD5 checksum:   160080 c029e686ec624c2fdf156f885d1daf5c

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:  1770478 73e7565983c31c3e651dd55acb38c0c7
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:   203722 9d2b9b9d1c3999a3f4ccf7e5e446bd1a
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:  1107480 d0898394febd60b7bf80e1e4ff335a39
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:    73934 5156c8db255299aa66053bb4415cde19
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:   106208 db2ad0519d15ee795758f72b3c093068
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:   106220 8228fb0ccf8cc888973731f2aa72c8c4
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:   192358 c1ee340a3e893b3f22adb138923167c2
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_ia64.deb
    Size/MD5 checksum:    46324 771aaa1b244d01eacdd62e8e963d434f

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:    86208 03d9d365f1c41e2efc36fc1a19dcb813
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:  1096636 65217c4fc57a23e065c9da14dfad6c9d
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:  1567240 46f2194418cb1d5800c44ae13bcd51ee
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:    57520 02e313bad869d4c50a6dde506765633b
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:   157528 f42c10ade950e4faa4403da4e8d740c4
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:    76156 d4778055a8900dcb6eaf2100a8172b63
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:   150976 5c00fd263eb81453450af5d5e79fe5b4
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mips.deb
    Size/MD5 checksum:    36114 4ba209d715050a942d0c9025869378fe

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:    86404 41a26e5e4196385e67dddee0337c0ade
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:   158050 1b5af4a50dcfe41ec2b35af9a47d40b3
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:    36060 09d1cfdfb2e925b3f846d22cf760ba11
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:  1552652 67cf88cac0c510bec526c49025d7cbe0
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:  1084290 082931629866ea5a6aba940997698af7
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:    57694 6e120d7fc4a6643eb208333b30e7c5c9
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:    77448 f411d88639ee78a68d46ece45e91368f
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mipsel.deb
    Size/MD5 checksum:   150900 09be1543e6cd767098a3af2a70791036

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:   136866 623ea75ab7f6603f9ddc9276389c90ea
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:   162686 5766c22ea9cad4f8e5acbf8dd6ad48f6
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:    87910 767921a7b2ed329a3107da1f0dbb7dda
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:    41298 875908633ca26db04739a334b03c42c2
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:    89998 0c81d4c99f07d7b0cdcd91a2a9a6ad28
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:    51788 87423f593d57c4c9d0cc80cfafa28f87
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:  1142146 6c4479057269b64596d123d5cf859747
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_powerpc.deb
    Size/MD5 checksum:  1575696 eb08aafdd1c60d707b874a31dcab67b4

s390 architecture (IBM S/390)

  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:   166184 d748308d0a477ad16a42e25671f49dd9
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:    37422 6a3f5390f4ff82bd1c8ef4d64f0fcc46
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:  1036106 08ad799adaeb1ccd9538048e685d69d6
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:    87194 e881e70f5b31b800989f14fd4e97368f
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:    52256 ec508d448806c889b0c79aed8d95cc3e
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:    82340 c9ab3bc26da68abdde50d365b4224434
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:   144934 61cf1f32851be64340ffb36b266ee0a7
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_s390.deb
    Size/MD5 checksum:  1586624 1921d0bc3b7b03d4ed952ecb4b0b561b

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:    78500 74d7872d04914d26d5a4baa768437603
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:    51572 93fd782dbbc7148c9f96b18ad7ebe111
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:    84622 6eb7012156c87266af9802d38f1dd366
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:   158596 68ca94de2c329c162ae40ac5b79af29b
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:    36018 61ffbfc960bea5c6fda52ffefa8886b7
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:   991000 3135666aadf8d4f4cd273fbd7d50cfca
  https://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:   139570 e281ec84c08bcac3f54d5017b6917e0b
  https://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_sparc.deb
    Size/MD5 checksum:  1561792 21cd9a3e1e89ba96aa11890858194b82


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":83.67,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.16,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8.16,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.