Debian: New cupsys packages fix several vulnerabilities

    Date20 Oct 2008
    CategoryDebian
    2233
    Posted ByLinuxSecurity Advisories
    It was discovered that insufficient bounds checking in the SGI image filter may lead to the execution of arbitrary code.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1656-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    October 20, 2008                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : cupsys
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-3639 CVE-2008-3640 CVE-2008-3641
    
    Several local vulnerabilities have been discovered in the Common UNIX
    Printing System. The Common Vulnerabilities and Exposures project
    identifies the following problems:
    
    CVE-2008-3639
    
        It was discovered that insufficient bounds checking in the SGI
        image filter may lead to the execution of arbitrary code.
    
    CVE-2008-3640
    
        It was discovered that an integer overflow in the Postscript
        conversion tool "texttops" may lead to the execution of arbitrary
        code.
    
    CVE-2008-3641
    
        It was discovered that insufficient bounds checking in the HPGL
        filter may lead to the execution of arbitrary code.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.2.7-4etch5.
    
    For the unstable distribution (sid) and the upcoming stable distribution
    (lenny), these problems have been fixed in version 1.3.8-1lenny2 of
    the source package cups.
    
    We recommend that you upgrade your cupsys package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
        Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz
        Size/MD5 checksum:   108662 eab5aa097eaf3e802b4c6f1c60da9a03
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc
        Size/MD5 checksum:     1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb
        Size/MD5 checksum:   893832 0e7571a4a56cef8f099ba9300ed7330d
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb
        Size/MD5 checksum:    46072 63a75f9fe31312a42725a786164f7762
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:    39310 8dad5588b86a4e1191025015d8e0c5be
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:  1092376 35c1cd14d3f26fefafbebf1a76983740
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:    85906 1d07dcf128e7b78992560b2794be29d4
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:   183726 06377f48f1ee358c494f30f9ab213e6b
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:  1614540 e87b439635e9b7f7c1fa1c6db2f7291c
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:    95570 8638b199a8adb989254cbe88ab11bb7d
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:   175262 08dbbe7e941af9c28f39107f907c618a
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb
        Size/MD5 checksum:    72690 1c099120f9fdcb334d8699b6238c0883
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:   142538 4f9183a690ac21a220771db117b1bcea
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:   162520 f04bafe61b0e06d21b67441916a4df2a
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:    36356 eea9b0c14ac248313264474f4a103478
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:    53022 f864e06d82bd0769e7c73d20aa6c3366
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:    80708 9e8a7d08f6762753005bc2ac7ac04db7
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:    86264 3784680669a08745d6c766213e3d60f3
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:  1576062 c5f275763d3cd0bec5e448965780ea0b
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb
        Size/MD5 checksum:  1088040 106654a5c5a746e5bd1043ca4309deae
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:   132042 b1da3e68e04c68712a7f2ecebbea59d3
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:  1026238 e776ce47912d97de7758029cddf18c41
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:   155174 2203ae0043e540bb4c083c3f302294a9
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:    78908 a60d8486ab41fe7064d84fdf1c057ce5
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:    48742 9c6f61fb9c5af3f1496c249eb79542ce
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:  1569620 943fdc257cdf387c1a161adff88623bd
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:    85468 3e9d699071d741d86c5e2fbcc91a5241
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb
        Size/MD5 checksum:    35940 0bb609f5c990c932c0fed843bb659062
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:    84800 df6569c3eaad919b7f7768a75277838f
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:    91988 08040e0dcc8cc99298d40aa370be50cc
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:  1624214 e5d55a0aeacee0d85d7899018725b3d3
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:   153956 e11bfd3cb812f0892238a676a3453967
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:   171790 5b483d2f739ed456d94cf28047b2b2f5
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:    39548 181a14e58af274287bf02f8a758b70b5
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:    57398 715a6f4bb1b68b8a384a85ac384de668
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb
        Size/MD5 checksum:  1032836 e1d9158ff6134678b976331566db0076
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:   999302 2ccf6ae0ef6f3d3dd56e484ba2199313
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:   160638 f22f7da23cd3dea82d49cc9900d62512
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:   138276 392028f61da2c29dcab1ffe3b4fe072f
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:  1548856 e1e04e47f556586eb83aff005d4870d2
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:    36474 9bea3cd926f04da508b6a714f0a1daac
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:    86776 f3188eafaa1bd01a7b92d9403aab03a1
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:    79878 ba1ed2b707101da54b3990b33ee1d877
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb
        Size/MD5 checksum:    53276 346cdebc7980089b28610ceb30f65519
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:   106226 829b2e5f435c8fb5eee03513654ee12f
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:   106998 08fcec24b8c165542d986a1fd174ddd3
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:    46336 32d29b5c2986070f5d5b909864952dc3
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:  1771030 e7b261b4627ee20a3083a4f18a382e24
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:   192370 576e218a37e677170e9201946f24da5a
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:  1108310 bdee8fbcfd10ba2847ab81ced8e9cc73
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:   204232 d5eb2138a8584813643dfe4e39d2fefb
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb
        Size/MD5 checksum:    74224 846a87584f78285569aee9c037b677d9
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:   158560 74bc73b9eb3c7494ce762f7beb9ab4cd
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:  1553460 cd35f3de34290840be09b1b10729d7b3
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:   150900 150e5405933cef2a8cf9147d88c9a4fb
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:    57860 2b7cdd4399e2893d2df0b5568d766239
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:    86996 d4776eace76cb37f72557a44d053a677
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:  1085494 429194a44228d669ecfa2acdeadf55e6
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:    36058 f28b3f705fd293fc82a256d571119452
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb
        Size/MD5 checksum:    77448 4a9be71b3fc25253b1e77c2594e7f508
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:    51880 d1b872415002b54aba1ef54833cd5564
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:    90008 fe2be6aba034693532a01b653781f501
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:  1576600 d954a84710f9671d34eca72922f8d1d8
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:   136868 ee633edb72a9d6d74481d9fe17d887d5
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:  1143388 320529a907596704df487d89978e1948
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:    41296 8e0fed6ae1645411f4daa52842ead589
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:   163206 d0fc59550e27b346adb422e4d82cecaf
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb
        Size/MD5 checksum:    88476 dfe47fbfeef0a714d6397ec9467165af
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:  1037260 a151e36916ffd7eae88e6b82cc0c08d7
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:    37420 b095022e25c603ee57748795c4ec423b
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:    82338 3417e5562b6aa064ab5d3d11f15a69fb
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:    87928 6eea10e5b223fbd5f5a8d524bb03ab8e
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:  1587330 8b66abd7e3156f3beeaa27fbd971cbde
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:   166710 10f172f4c48ab9981d7c48564a2142a4
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:   144932 3955c00c6293f7aec0a7cb9edb28a16d
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb
        Size/MD5 checksum:    52524 b4e639621d58f91a8ec32043534c008f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:    51826 8e3613f9041774f1dd42586782780fb5
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:   159434 d2352f19b51feab43fc17b5e3f17bb2b
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:   138734 8b53d144485267cb99ec8a32262446e8
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:  1577758 748b77d9e54a363d46cd61548e72df7c
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:   996834 0ad8037cbb3959581a0aeb29eb84a853
      http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:    85790 16bf4ce2378a68fc9b0ce4052e463e5d
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:    36062 426fe5dbac939828393d99e561abf0e3
      http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb
        Size/MD5 checksum:    78608 f469105c5d9f121c333d5e4ac315c7be
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.