Pardus: cups Buffer Overflow
Posted by Bill Keys   
There is a potential integer overflow in the validation code that could render the whole validation useless. IInteger overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-79            security at pardus.org.tr
------------------------------------------------------------------------
      Date: 2008-12-05
  Severity: 2
      Type: Local
------------------------------------------------------------------------

Summary
=======

There is a potential integer overflow in the validation code that could 
render the whole validation useless. 


Description
===========

IInteger overflow in the  _cupsImageReadPNG  function  in  CUPS  1.1.17 
through 1.3.9 allows remote attackers to execute arbitrary code  via  a 
PNG image with a large height value, which bypasses a validation  check 
and triggers a buffer overflow. 


Affected packages:

  Pardus 2008:
    cups, all before 1.3.9-55-8


Resolution
==========

There are update(s) for cups. You can update them via Package Manager or
with a single command from console: 

    pisi up cups

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8761
  * http://www.cups.org/str.php?L2974
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286

------------------------------------------------------------------------

-- 
Pardus Security Team
http://security.pardus.org.tr