USN-606-1: CUPS vulnerability

5 May 2008

cupsys vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.06 LTS

Software Description

  • cupsys

Details

Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
cupsys - 1.3.2-1ubuntu7.7
Ubuntu 7.04
cupsys - 1.2.8-0ubuntu8.4
Ubuntu 6.06 LTS
cupsys - 1.2.2-0ubuntu0.6.06.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References