Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0937
HistoryOct 10, 2008 - 8:49 a.m.

cups security update

2008-10-1008:49:24
CentOS Project
lists.centos.org
47

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.914 High

EPSS

Percentile

98.9%

JSON

CentOS Errata and Security Advisory CESA-2008:0937

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX® operating systems.

A buffer overflow flaw was discovered in the SGI image format decoding
routines used by the CUPS image converting filter “imagetops”. An attacker
could create a malicious SGI image file that could, possibly, execute
arbitrary code as the “lp” user if the file was printed. (CVE-2008-3639)

An integer overflow flaw leading to a heap buffer overflow was discovered
in the Text-to-PostScript “texttops” filter. An attacker could create a
malicious text file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3640)

An insufficient buffer bounds checking flaw was discovered in the
HP-GL/2-to-PostScript “hpgltops” filter. An attacker could create a
malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3641)

Red Hat would like to thank regenrecht for reporting these issues.

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-October/077474.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077475.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077476.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077477.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077478.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077479.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077486.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077487.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077492.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077493.html

Affected packages:
cups
cups-devel
cups-libs
cups-lpd

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0937

Related

openvas 52
nessus 26
slackware 1
osv 1
debian 1
redhat 2
oraclelinux 2
freebsd 1
ubuntu 1
gentoo 1
fedora 5
prion 4
zdi 1
debiancve 3
securityvulns 2
ubuntucve 3
veracode 3
checkpoint_advisories 3
cve 4
centos 1
openvas
openvas
CentOS Update for cups CESA-2008:0937 centos4 x86_64
2009-02-27 00:00:00
CentOS Update for cups CESA-2008:0937 centos3 i386
2009-02-27 00:00:00
FreeBSD Ports: cups-base
2008-11-01 00:00:00
nessus
nessus
Debian DSA-1656-1 : cupsys - several vulnerabilities
2008-10-21 00:00:00
Fedora 9 : cups-1.3.9-1.fc9 (2008-8844)
2008-10-16 00:00:00
Slackware 12.0 / 12.1 / current : cups (SSA:2008-312-01)
2008-11-09 00:00:00
slackware
slackware
[slackware-security] cups
2008-11-08 23:38:23
osv
osv
cupsys - several vulnerabilities
2008-10-20 00:00:00
debian
debian
[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities
2008-10-20 17:22:15
redhat
redhat
(RHSA-2008:0937) Important: cups security update
2008-10-10 00:00:00
(RHSA-2009:0308) Important: cups security update
2009-02-19 00:00:00
oraclelinux
oraclelinux
cups security update
2008-10-10 00:00:00
cups security update
2009-02-19 00:00:00
freebsd
freebsd
cups -- multiple vulnerabilities
2008-10-09 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2008-10-15 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2008-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9
2008-10-16 02:08:34
[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9
2008-12-09 11:35:52
[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8
2008-10-16 02:03:57
prion
prion
Design/Logic Flaw
2008-10-10 10:30:00
Integer overflow
2008-10-14 21:10:00
Heap overflow
2008-10-14 21:10:00
zdi
zdi
Apple CUPS HP-GL/2 Filter Remote Code Execution Vulnerability
2008-10-09 00:00:00
debiancve
debiancve
CVE-2008-3641
2008-10-10 10:30:00
CVE-2008-3640
2008-10-14 21:10:00
CVE-2008-3639
2008-10-14 21:10:00
securityvulns
securityvulns
Apple Mac OS X CUPS printing system code execution
2008-10-12 00:00:00
ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability
2008-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2008-3641
2008-10-10 00:00:00
CVE-2008-3640
2008-10-14 00:00:00
CVE-2008-3639
2008-10-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:35:05
Arbitrary Code Execution
2020-04-10 00:35:04
Arbitrary Code Execution
2020-04-10 00:35:04
checkpoint_advisories
checkpoint_advisories
Multiple Vendors CUPS HPGL Filter Remote Code Execution (CVE-2008-3641)
2009-10-22 00:00:00
Apple CUPS Text-to-PostScript texttops Filter Integer Overflow (CVE-2008-3640)
2010-01-10 00:00:00
Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow (CVE-2008-3639)
2010-06-13 00:00:00
cve
cve
CVE-2008-3641
2008-10-10 10:30:00
CVE-2008-3640
2008-10-14 21:10:00
CVE-2008-3639
2008-10-14 21:10:00
centos
centos
cups security update
2009-02-19 18:19:28

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.914 High

EPSS

Percentile

98.9%

JSON
Related for CESA-2008:0937
openvas52nessus26slackware1osv1debian1redhat2oraclelinux2freebsd1ubuntu1gentoo1fedora5prion4zdi1debiancve3securityvulns2ubuntucve3veracode3checkpoint_advisories3cve4centos1