First published: Fri Oct 10 2008(Updated: )
The Common UNIX Printing System (CUPS) provides a portable printing layer<br>for UNIX(R) operating systems.<br>A buffer overflow flaw was discovered in the SGI image format decoding<br>routines used by the CUPS image converting filter "imagetops". An attacker<br>could create a malicious SGI image file that could, possibly, execute<br>arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)<br>An integer overflow flaw leading to a heap buffer overflow was discovered<br>in the Text-to-PostScript "texttops" filter. An attacker could create a<br>malicious text file that could, possibly, execute arbitrary code as the<br>"lp" user if the file was printed. (CVE-2008-3640)<br>An insufficient buffer bounds checking flaw was discovered in the<br>HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a<br>malicious HP-GL/2 file that could, possibly, execute arbitrary code as the<br>"lp" user if the file was printed. (CVE-2008-3641)<br>Red Hat would like to thank regenrecht for reporting these issues.<br>All CUPS users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/cups | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-devel | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-devel | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-libs | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-libs | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-lpd | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups-lpd | <1.2.4-11.18.el5_2.2 | 1.2.4-11.18.el5_2.2 |
redhat/cups | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
redhat/cups | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
redhat/cups-devel | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
redhat/cups-libs | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
redhat/cups-libs | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
redhat/cups-devel | <1.1.22-0.rc1.9.27.el4_7.1 | 1.1.22-0.rc1.9.27.el4_7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.