What Are You Looking For?

Sign Up
Date:         Fri, 10 Oct 2008 14:03:17 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: cups security update
Issue date:	2008-10-10
CVE Names:	CVE-2008-3639 CVE-2008-3640 CVE-2008-3641

A buffer overflow flaw was discovered in the SGI image format decoding
routines used by the CUPS image converting filter "imagetops". An attacker
could create a malicious SGI image file that could, possibly, execute
arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)

An integer overflow flaw leading to a heap buffer overflow was discovered
in the Text-to-PostScript "texttops" filter. An attacker could create a
malicious text file that could, possibly, execute arbitrary code as the
"lp" user if the file was printed. (CVE-2008-3640)

An insufficient buffer bounds checking flaw was discovered in the
HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a
malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
"lp" user if the file was printed. (CVE-2008-3641)

SL 3.0.x

      SRPMS:
cups-1.1.17-13.3.54.src.rpm
      i386:
cups-1.1.17-13.3.54.i386.rpm
cups-devel-1.1.17-13.3.54.i386.rpm
cups-libs-1.1.17-13.3.54.i386.rpm
      x86_64:
cups-1.1.17-13.3.54.x86_64.rpm
cups-devel-1.1.17-13.3.54.x86_64.rpm
cups-libs-1.1.17-13.3.54.i386.rpm
cups-libs-1.1.17-13.3.54.x86_64.rpm

SL 4.x

      SRPMS:
cups-1.1.22-0.rc1.9.27.el4_7.1.src.rpm
      i386:
cups-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
      x86_64:
cups-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
cups-1.2.4-11.18.el5_2.2.src.rpm
      i386:
cups-1.2.4-11.18.el5_2.2.i386.rpm
cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
cups-lpd-1.2.4-11.18.el5_2.2.i386.rpm
      x86_64:
cups-1.2.4-11.18.el5_2.2.x86_64.rpm
cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
cups-devel-1.2.4-11.18.el5_2.2.x86_64.rpm
cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm
cups-lpd-1.2.4-11.18.el5_2.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-3639 cups SL3.x, SL4.x, SL5.x i386/x86_64

Important: cups security update

Summary

Date:         Fri, 10 Oct 2008 14:03:17 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: cups security updateIssue date:	2008-10-10CVE Names:	CVE-2008-3639 CVE-2008-3640 CVE-2008-3641A buffer overflow flaw was discovered in the SGI image format decodingroutines used by the CUPS image converting filter "imagetops". An attackercould create a malicious SGI image file that could, possibly, executearbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)An integer overflow flaw leading to a heap buffer overflow was discoveredin the Text-to-PostScript "texttops" filter. An attacker could create amalicious text file that could, possibly, execute arbitrary code as the"lp" user if the file was printed. (CVE-2008-3640)An insufficient buffer bounds checking flaw was discovered in theHP-GL/2-to-PostScript "hpgltops" filter. An attacker could create amalicious HP-GL/2 file that could, possibly, execute arbitrary code as the"lp" user if the file was printed. (CVE-2008-3641)SL 3.0.x      SRPMS:cups-1.1.17-13.3.54.src.rpm      i386:cups-1.1.17-13.3.54.i386.rpmcups-devel-1.1.17-13.3.54.i386.rpmcups-libs-1.1.17-13.3.54.i386.rpm      x86_64:cups-1.1.17-13.3.54.x86_64.rpmcups-devel-1.1.17-13.3.54.x86_64.rpmcups-libs-1.1.17-13.3.54.i386.rpmcups-libs-1.1.17-13.3.54.x86_64.rpmSL 4.x      SRPMS:cups-1.1.22-0.rc1.9.27.el4_7.1.src.rpm      i386:cups-1.1.22-0.rc1.9.27.el4_7.1.i386.rpmcups-devel-1.1.22-0.rc1.9.27.el4_7.1.i386.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm      x86_64:cups-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpmcups-devel-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpmSL 5.x      SRPMS:cups-1.2.4-11.18.el5_2.2.src.rpm      i386:cups-1.2.4-11.18.el5_2.2.i386.rpmcups-devel-1.2.4-11.18.el5_2.2.i386.rpmcups-libs-1.2.4-11.18.el5_2.2.i386.rpmcups-lpd-1.2.4-11.18.el5_2.2.i386.rpm      x86_64:cups-1.2.4-11.18.el5_2.2.x86_64.rpmcups-devel-1.2.4-11.18.el5_2.2.i386.rpmcups-devel-1.2.4-11.18.el5_2.2.x86_64.rpmcups-libs-1.2.4-11.18.el5_2.2.i386.rpmcups-libs-1.2.4-11.18.el5_2.2.x86_64.rpmcups-lpd-1.2.4-11.18.el5_2.2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo