Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: CUPS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722)
Ubuntu Security Notice USN-606-1               May 05, 2008
cupsys vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  cupsys                          1.2.2-0ubuntu0.6.06.9

Ubuntu 7.04:
  cupsys                          1.2.8-0ubuntu8.4

Ubuntu 7.10:
  cupsys                          1.3.2-1ubuntu7.7

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Thomas Pollet discovered that CUPS did not properly validate the size of
PNG images. A local attacker, and a remote attacker if printer sharing
is enabled, could send a crafted file and cause a denial of service or
possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS
and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor
CUPS profile. (CVE-2008-1722)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    98301 b8244292c56703685f0f4b87b62ad9f2
      Size/MD5:     1049 5c5401393990154569d8ed80ba6be9a1
      Size/MD5:  4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e

  Architecture independent packages:
      Size/MD5:      998 2f50f42c96d726c512d95d94dd63066b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    36222 92938e92d89e356b565b2cd9fa8f90e9
      Size/MD5:    81898 01d3dde4c8f2beed26189bcdf88aa9f4
      Size/MD5:  2286132 6b06e0a465d2e75b064f987fb9ae489b
      Size/MD5:     6092 1054eb120c58d7521512e13bdc81afb1
      Size/MD5:    76772 6a78082c54721a940a7ae3f54a9a72af
      Size/MD5:    25746 92704078a4998d034f145cc9311d993c
      Size/MD5:   129608 b15e72306de0dc8b0bd887e6edad78a3

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    34764 a1868bb57866e0ea313bd4d5806c4ee2
      Size/MD5:    77980 ce06a0b0ea27969219f438f6eef01eea
      Size/MD5:  2253484 555dfbaf17db56f1d15b8c3112948018
      Size/MD5:     6090 32d24370ecc83fe34b898378b68bbbc8
      Size/MD5:    75852 49b969a914bdddac005533d97a6761d0
      Size/MD5:    25742 8c06fc3c7b6619f6e4821a8d32180eaf
      Size/MD5:   121850 11fefc34a01b49bfee24d1ef1e260d7b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    40470 9fc1aa440d35749b60f0d47ee78c28be
      Size/MD5:    89532 0b91e3869dbf68145c14e0a58261110f
      Size/MD5:  2300756 0e54aa08b772b259dad2e5424861745f
      Size/MD5:     6094 ec2a7144e5e8a7bd976cf5fd5b089571
      Size/MD5:    78544 39cdc79699bd2dabdc8c540cae590c06
      Size/MD5:    25746 3aea74a499975c81d964074586a4e619
      Size/MD5:   127600 34fddb91661094a13862b79392d85e6a

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    35386 336e69cda20c4ccf8fe0795776fd1a46
      Size/MD5:    78720 6cc90f90d8085ea2c014df57fb21b759
      Size/MD5:  2287174 30bd7f7a6a9fa1e342c6b5468cc9b2ce
      Size/MD5:     6096 7972be11d7a836a3c4d3be36953f32a7
      Size/MD5:    75798 a6a477d040bd2b4dcf106b3c40691418
      Size/MD5:    25746 2b6e03e896a5e537fdbb2b358815df32
      Size/MD5:   123334 065648e7c0b2ba05e8fbbfa9e67b271d

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   156905 c9720e8af308c00c626dfe31c75498e1
      Size/MD5:     1143 389e73b34b23ff0b5aba6bfe2381ae68
      Size/MD5:  4293194 107affe95fcf1cd4aaed4a5c73f4b91f

  Architecture independent packages:
      Size/MD5:   926512 561de17dac8df73f87473fb40141e58a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    37404 0e1c6665582dda25c9842e5e988bcd58
      Size/MD5:    83232 3282d944a2ab5bae92410da03707eaf5
      Size/MD5:  1638364 cf08b8d3eb4daf97f8400ad730bacbe1
      Size/MD5:    56586 4dc099e328939ea76d6b0588abf42c9c
      Size/MD5:   104544 af46170e71cfa99d47cb8fcaf49e516d
      Size/MD5:   144854 5ceca2d47568eb6eb180d26cb8e5207c
      Size/MD5:   182448 b125ba4329d6d95afe4720484003d2b7

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    36730 585a19120aaf1f47545b7f4ec43c7285
      Size/MD5:    80758 7b7092e1211b7e4ffda248343268d5c3
      Size/MD5:  1620956 58d65d2c8987c19833b9e127313f831f
      Size/MD5:    55686 7cf94e25a7f7011f8c3d1c5fed7d527b
      Size/MD5:   104280 869ca0c5a57a46f4b2c9fa0f9855fd1d
      Size/MD5:   139316 9a8c664e8e1fd7fb7df1fdb826770ae8
      Size/MD5:   178744 4c639974c8aca031d7f2636dd67bc4d3

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    46766 bc7632e1aa2f6cc17585aad052df45fd
      Size/MD5:   101110 ec65855688c87906d85492f4a4562691
      Size/MD5:  1695638 bde2bdc468099d72e5b4039df6c700bc
      Size/MD5:    56384 a0ab539efefcf07f3315394978c312aa
      Size/MD5:   110192 ab83976c421039c24f80114f8da8d983
      Size/MD5:   141176 a969989284b11c6aeb9130fc31dd7782
      Size/MD5:   188356 4a33598ba22be8d68e15440b09c2b907

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    37784 2cce471b0733bc1a27bc1c2ec901be58
      Size/MD5:    83752 829ef79a25ea17ad1f6259fee182d02f
      Size/MD5:  1658916 51a849227e3672e3ebb7947492a35457
      Size/MD5:    54904 40b9ccd8c448a18ab71e2bca677f5ce6
      Size/MD5:   103834 c16646e1fa3fdeb3411e4e4650d28bf4
      Size/MD5:   141752 59737717209e8196d86ce7c11966c2fc
      Size/MD5:   178000 f52cd1d84c043633111970cfed2510e0

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   125892 363e12d4a66328e00b50b5b5ce4e8cb8
      Size/MD5:     1218 fc9e290b61e4ae36ce6fd63e0444fb82
      Size/MD5:  4848424 9e3e1dee4d872fdff0682041198d3d73

  Architecture independent packages:
      Size/MD5:  1080430 ba26e4de97c67d86d02ac1b33e9cd659

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    37208 431448363a2744f7009e2a81bf99fb29
      Size/MD5:    89514 bed07509d9526b1f068b49e4dea2f490
      Size/MD5:  2034586 5bdf69e150c39974bc0212d80f6cd94a
      Size/MD5:    60022 945ce536053aaa25cf56ad10ecd06698
      Size/MD5:    46888 8e5022c19fbf7edb5289ee90d846f8cd
      Size/MD5:   152016 5991988134cf892c41fa0fc7934655a1
      Size/MD5:   186124 ac90b7ce2eda1749c8e8229624877fe1

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    36474 910ca2fb837ea869b5936a46ea4cf50d
      Size/MD5:    86482 8be31b38cd928e5a475247fb8a24eafa
      Size/MD5:  2018120 aeeb67192f22adc7713e6a63d8ebc408
      Size/MD5:    58832 3339793ba8d58e2c2a979d0397477b89
      Size/MD5:    46272 56e0ec4ba94b7e585a47f648e222eaf3
      Size/MD5:   145696 fc0d0e47e66dcfaa6648ff534364b456
      Size/MD5:   182906 1af67dbd7f072b0053b24ac3511a00fe

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    36674 70f6213d7a5033d08f3ce96447b43acd
      Size/MD5:    88300 a77f210c2b3e9fb0572a9350072bced8
      Size/MD5:  2021064 f3de6177187c26f0fb0e6fc2a1ac405a
      Size/MD5:    59596 fc18838c4ce1a78fe0c8a42e2bf8a3d7
      Size/MD5:    47670 ab55965b53fad5dbc8cd6b8e2bcbd5fd
      Size/MD5:   142424 b850aee9cc42b867896566fc520e7c7f
      Size/MD5:   181120 9766647b71d266fb59c25d6683c491c8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    46506 61c03294a67ff041bb1c863c54c125de
      Size/MD5:   107740 3fa0874a415748f3a533b8e287d630a4
      Size/MD5:  2099302 18ae895fb05d68e405be6baa0d60917b
      Size/MD5:    59480 8d99cda0cd8dd54ffa31cb458521db3d
      Size/MD5:    51888 481826308e7f4adaf904c4dde4883290
      Size/MD5:   146958 7acf0945a87e7b813a6f7f65a913e94d
      Size/MD5:   191864 03420e2e084cdb50697a3e204c0eca95

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    37576 6b716889bb0d0ebde20b0287aecd67c6
      Size/MD5:    89606 e3e51b409c8a3ce280a91dc2df58613b
      Size/MD5:  2060578 55527887b71ea556c4a22991e15ece62
      Size/MD5:    58088 a3e49c2a9d7940553546ff8d28013a28
      Size/MD5:    45572 010d4b9fc1cc2e29d5915aa6391a1932
      Size/MD5:   148470 a6c315bb7b53743a8aa1cc7a63a9eb44
      Size/MD5:   181950 a8b6bc86b5fd73a21010c96ce3890e45

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.