Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200904-20 ] CUPS: Multiple vulnerabilities
Date: Thu, 23 Apr 2009 21:55:35
Message-Id: 49F0E3D8.1090008@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200904-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: CUPS: Multiple vulnerabilities
9 Date: April 23, 2009
10 Bugs: #263070
11 ID: 200904-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple errors in CUPS might allow for the remote execution of
19 arbitrary code or DNS rebinding attacks.
20
21 Background
22 ==========
23
24 CUPS, the Common Unix Printing System, is a full-featured print server.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-print/cups < 1.3.10 >= 1.3.10
33
34 Description
35 ===========
36
37 The following issues were reported in CUPS:
38
39 * iDefense reported an integer overflow in the _cupsImageReadTIFF()
40 function in the "imagetops" filter, leading to a heap-based buffer
41 overflow (CVE-2009-0163).
42
43 * Aaron Siegel of Apple Product Security reported that the CUPS web
44 interface does not verify the content of the "Host" HTTP header
45 properly (CVE-2009-0164).
46
47 * Braden Thomas and Drew Yao of Apple Product Security reported that
48 CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,
49 found earlier in xpdf and poppler.
50
51 Impact
52 ======
53
54 A remote attacker might send or entice a user to send a specially
55 crafted print job to CUPS, possibly resulting in the execution of
56 arbitrary code with the privileges of the configured CUPS user -- by
57 default this is "lp", or a Denial of Service. Furthermore, the web
58 interface could be used to conduct DNS rebinding attacks.
59
60 Workaround
61 ==========
62
63 There is no known workaround at this time.
64
65 Resolution
66 ==========
67
68 All CUPS users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2009-0146
77 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
78 [ 2 ] CVE-2009-0147
79 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
80 [ 3 ] CVE-2009-0163
81 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
82 [ 4 ] CVE-2009-0164
83 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
84 [ 5 ] CVE-2009-0166
85 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
86
87 Availability
88 ============
89
90 This GLSA and any updates to it are available for viewing at
91 the Gentoo Security Website:
92
93 http://security.gentoo.org/glsa/glsa-200904-20.xml
94
95 Concerns?
96 =========
97
98 Security is a primary focus of Gentoo Linux and ensuring the
99 confidentiality and security of our users machines is of utmost
100 importance to us. Any security concerns should be addressed to
101 security@g.o or alternatively, you may file a bug at
102 http://bugs.gentoo.org.
103
104 License
105 =======
106
107 Copyright 2009 Gentoo Foundation, Inc; referenced text
108 belongs to its owner(s).
109
110 The contents of this document are licensed under the
111 Creative Commons - Attribution / Share Alike license.
112
113 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature