USN-760-1: CUPS vulnerability

16 April 2009

cups, cupsys vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 6.06 LTS

Software Description

  • cups
  • cupsys


It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
libcupsimage2 - 1.3.9-2ubuntu9.1
Ubuntu 8.04 LTS
libcupsimage2 - 1.3.7-1ubuntu3.4
Ubuntu 7.10
libcupsimage2 - 1.3.2-1ubuntu7.10
Ubuntu 6.06 LTS
libcupsimage2 - 1.2.2-0ubuntu0.6.06.13

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the necessary changes.