RHSA-2008:0937: Important: cups security update

First published: Fri Oct 10 2008(Updated: )

The Common UNIX Printing System (CUPS) provides a portable printing layer<br>for UNIX(R) operating systems.<br>A buffer overflow flaw was discovered in the SGI image format decoding<br>routines used by the CUPS image converting filter "imagetops". An attacker<br>could create a malicious SGI image file that could, possibly, execute<br>arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)<br>An integer overflow flaw leading to a heap buffer overflow was discovered<br>in the Text-to-PostScript "texttops" filter. An attacker could create a<br>malicious text file that could, possibly, execute arbitrary code as the<br>"lp" user if the file was printed. (CVE-2008-3640)<br>An insufficient buffer bounds checking flaw was discovered in the<br>HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a<br>malicious HP-GL/2 file that could, possibly, execute arbitrary code as the<br>"lp" user if the file was printed. (CVE-2008-3641)<br>Red Hat would like to thank regenrecht for reporting these issues.<br>All CUPS users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2008:0937
• agent/software-canonical-lookup
• package-manager/redhat