Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: CUPS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
Ubuntu Security Notice USN-539-1          November 06, 2007
cupsys vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  cupsys                          1.2.2-0ubuntu0.6.06.4

Ubuntu 6.10:
  cupsys                          1.2.4-2ubuntu3.1

Ubuntu 7.04:
  cupsys                          1.2.8-0ubuntu8.1

Ubuntu 7.10:
  cupsys                          1.3.2-1ubuntu7.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Alin Rad Pop discovered that CUPS did not correctly validate buffer
lengths when processing IPP tags.  Remote attackers successfully
exploiting this vulnerability would gain access to the non-root CUPS user
in Ubuntu 6.06 LTS, 6.10, and 7.04.  In Ubuntu 7.10, attackers would be
isolated by the AppArmor CUPS profile.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    95988 887b7433a2c466cd53b8958b199ce69a
      Size/MD5:     1049 c926d755141ac84c0dcb6a4807bee335
      Size/MD5:  4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e

  Architecture independent packages:
      Size/MD5:      996 70b340ac48048eda2b89ed43e28ce70b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    36226 22ead9e7fc21bed7bf2314087497c273
      Size/MD5:    81914 c8df9e84bc7c21f6c3e286618debf3f6
      Size/MD5:  2285414 efa35993223a02b1bbedbb19f429f8da
      Size/MD5:     6092 c72516721316bc68460edfe684f4500d
      Size/MD5:    75868 49d221c8ecd28ce62ab4f8338df86ce4
      Size/MD5:    25740 517c1a05dcaa9cbfb71cb6c0bd920026
      Size/MD5:   128708 cf64929a3767ec28f77c7c234bca708b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    34770 57d775da12f04a72e223900c4e36fb47
      Size/MD5:    77988 fbeb97da7812e6a29f45e4d555187769
      Size/MD5:  2252972 4524e2035bf13f14ff3d995aa325db61
      Size/MD5:     6092 29cfc3e0c8015d497757dc63bdac3f5a
      Size/MD5:    74928 8a4cfc206c78384966dab8f889860b2a
      Size/MD5:    25738 08e223b3904575b3ffc9d1b3b31a3779
      Size/MD5:   120924 4514543456d035fed767c586002dd2b8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    40466 89ff8a591af7ac92de20595975e4f9e9
      Size/MD5:    89532 4067c718bda148281b6a4e76167a0eaa
      Size/MD5:  2300010 fd09b51983feb51b23da8a4614d26631
      Size/MD5:     6096 9c18fc191888cfd79dcf00494ceb0194
      Size/MD5:    77612 d2b3b16e88b06e33fc4c7033451da62f
      Size/MD5:    25754 a6d55c97a3de4721a359c4b1b58ed036
      Size/MD5:   126682 3f07e0022f91ed04c3fdca7c03544660

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    35394 04d09f007f8e8ee8a9f372c38c7f72e6
      Size/MD5:    78728 f31a101d66420bb562ccdda6c04b2207
      Size/MD5:  2286676 dfa221d4ce0e4854e56cb659d0512ccb
      Size/MD5:     6090 83304ca0da72d038ed42ae89ce98a475
      Size/MD5:    74860 000939d01d5cba2c6744fc93311fab9b
      Size/MD5:    25738 05ce183804cff585fc99120ea3a9fb3d
      Size/MD5:   122412 d9be2d1bdaf2fad0b44534a9a2d47021

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   109941 665a870c1cf5adb587a60b6db4889446
      Size/MD5:     1059 78efd8a1b6195944895d2bbb4c35b559
      Size/MD5:  4091480 46722ad2dc78b12b5c05db2d080fe784

  Architecture independent packages:
      Size/MD5:   869542 d2c7397e25330919cb901d2a2ab25be1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    36714 7289bc124673d8ba5df9ea02c526b9b7
      Size/MD5:    82512 be2c26768a6ee7bffe501f17ba3e3554
      Size/MD5:  1479860 8bcf3391b09a322c288c4574efd8b93f
      Size/MD5:     6122 cbbf9e646b4eb0455a05d54df8a50b1d
      Size/MD5:    94996 8cd066efdbe5739db67ff1256caea94d
      Size/MD5:    26134 1952e2fe5b0446bba7c02e1a8a7e5f2d
      Size/MD5:   171762 a756b69bc597702038a60bd049464341

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    36272 ef34255bf5934b982ea52c44ccfe24a9
      Size/MD5:    80094 809c6d1b7fd9ff647e4200114351a841
      Size/MD5:  1463038 e1af09f8d407a0e9d32327dc0afcabf9
      Size/MD5:     6120 05763e7f32a97ee767297853a9d80caf
      Size/MD5:    94812 85232b05e2d843d900ae0120be190e88
      Size/MD5:    26142 c0d9227761967cc89733b381ac2443dd
      Size/MD5:   168880 ef912c8188ee6ec8bcfd4f7af03d08d8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    41802 d7b7fcf725ea39dceb8e837967fd5988
      Size/MD5:    91156 6ba1c52e1748a47e1c7fb9b975079287
      Size/MD5:  1497450 8d9419490b7f42f6c3ca2be11c530ba3
      Size/MD5:     6124 858044bb1f73e729581453b9916c94d4
      Size/MD5:    97190 9ce1ff4bcbaff137658ced2f0ff16e03
      Size/MD5:    26142 c01ca304bf2d913381bf982788694fc6
      Size/MD5:   172170 23c9f0d574934487a96f6b713140471f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    36282 b2f43786e4e52ea709be150e7e87c7c5
      Size/MD5:    80228 6fa862afe21c63ba2c531c6b3b8c764e
      Size/MD5:  1488564 f1c2df86b246dfb20240e9eb614f269f
      Size/MD5:     6126 9441fb957ceaa1ee5e8b802a2466f62d
      Size/MD5:    94034 7e0608a288e1a734269e9d97cca440b3
      Size/MD5:    26146 3c4f3b0fdaff5801a624ac6b8f6546f4
      Size/MD5:   168180 4fbc2bf0aa39e2876d3c672ef2d5c8d1

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   155095 52513c439fec8c78c48a45ef8e0a9239
      Size/MD5:     1143 34b55728d981b0c3ec791cd8991d403c
      Size/MD5:  4293194 107affe95fcf1cd4aaed4a5c73f4b91f

  Architecture independent packages:
      Size/MD5:   925888 18dafb7eb1f5cec57b847e55dd8331ac

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    37412 7f86fab55c2cc3737ff5e69e25bf0702
      Size/MD5:    83236 5fbd1196afe0bd6e550fb321f2782d31
      Size/MD5:  1637808 ae776c056b762feecd3d617b6df6d52f
      Size/MD5:    56370 6bda96ff34d9c588a2ec014a75146382
      Size/MD5:   103816 b9b8711f0299a6016d2c721ec5f48793
      Size/MD5:   144866 f711975752d18e590a0b3a041a35ee72
      Size/MD5:   181804 ba928a50ff529df7134882b0677880b7

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    36718 64495c92a36df2e220114f98edb3a966
      Size/MD5:    80748 273ec427e07ca79cdb90e4baebe706eb
      Size/MD5:  1620456 1a169315a2d4fc2597983d87b00e8e55
      Size/MD5:    55450 475ba8191e71a8a9b7bf2d4325cc9a08
      Size/MD5:   103510 c86edc841b1f9b839bf7d37f57b32b52
      Size/MD5:   139314 0ebebbae6a4a8eb0b55c10a7a6b69ef5
      Size/MD5:   178088 39862561ed28fbb12cdc8fcef204ebbe

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    46768 59c50e789be3a446399295d91fe23d72
      Size/MD5:   101100 57768b27c0b147cdcdf5195d309ea64c
      Size/MD5:  1694754 3a1bddb133a33f3fca70698a0c2c5680
      Size/MD5:    56226 5278c38b2459e2ff4a1d66e2bebf1929
      Size/MD5:   109386 4171fe71a1c13d2761286a495ab902f9
      Size/MD5:   141186 6092cb17da0ba91f471fcd4c26493ca4
      Size/MD5:   187696 19d992efe3664fc225b5b2509a9f67c7

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    37792 1229318e19fea14c162e886a4cd3038f
      Size/MD5:    83746 b8fdb160da61b53c2bec3a7d42b441d5
      Size/MD5:  1658494 b28afc739f814d59984613de648e8882
      Size/MD5:    54748 8d2fc3cfc0c933fafb158a57a1c2f682
      Size/MD5:   103066 a2fc3f9f334ae81668ee88cadb7dee4a
      Size/MD5:   141752 484f233e39b2eee887682cdfa2aa7223
      Size/MD5:   177362 809572b7b7fd5d51d91c958a47d1429f

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   122603 4ef55178e71ad9c3f216b97f9b4e852c
      Size/MD5:     1218 90651abdcdd9c6aa1d50cc28d5acbb16
      Size/MD5:  4848424 9e3e1dee4d872fdff0682041198d3d73

  Architecture independent packages:
      Size/MD5:  1080378 9ca8d832823a0b6a84e8e1c4a8486ae6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    37104 02a2c6eba401c3150518059657a453b3
      Size/MD5:    89256 1545a9ee87cfd71e2de0e74c917c0ed9
      Size/MD5:  2033090 edad44784ecb9cbc94c9341319e45c47
      Size/MD5:    59884 b6d97372d7950320ef370d8a37de1449
      Size/MD5:    46742 b6a4ebbd59ac700ecdd9f9822082405b
      Size/MD5:   152012 7e7470fffe78461963bee457d45d352a
      Size/MD5:   184970 152816945fad40c140cb52b67fcdbd59

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    36394 c1f24fd32902bdd7df78f1d2beaa9dd2
      Size/MD5:    86256 c0ebaeaa6cccffb13245aeb66920d56e
      Size/MD5:  2016878 93ac895ecf824466c515f47d2cd4d073
      Size/MD5:    58622 013536c6c2e029cf0ee2a05cdbe94956
      Size/MD5:    46104 77a7b9f19704bb955dc2e0e0054080d0
      Size/MD5:   145702 01cc17e2378ac77ad47407af4a578af4
      Size/MD5:   181790 503467f112afe4aee22977d0186fa5c1

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    46398 10b726e9465cfa0c3e13cf9351759688
      Size/MD5:   107526 67120a05ba7f2bbebcecb2bd778514d7
      Size/MD5:  2097938 69a2779592897cafa2c1cd0c9f91e43b
      Size/MD5:    59342 5b2b9c73e62bb129dc2ec14698d8a930
      Size/MD5:    51688 be38fdbdbb3a1e367788432ed90ed20a
      Size/MD5:   146960 918e2c916ee5e2cffd11a30a3111f5c4
      Size/MD5:   190738 3208c0bcbaa41cd06ada7d1e828daf48

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    37476 8a9c433afe2d2f445b939ac260679eda
      Size/MD5:    89414 c26897d413cebabfb405b5ac290e6b04
      Size/MD5:  2059088 743c276b85435c6420dd790d5f962da7
      Size/MD5:    57890 e0cbd66499796e3726dd34c492138420
      Size/MD5:    45422 417f88109562bf1f7f2fb9c0b1995b99
      Size/MD5:   148482 b430ae21adcad6eaa7b55061f3bc2d9f
      Size/MD5:   180788 5096a4c0a94e28f4e84119e85231039a

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.