10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.914 High
EPSS
Percentile
98.9%
CentOS Errata and Security Advisory CESA-2008:0937
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX® operating systems.
A buffer overflow flaw was discovered in the SGI image format decoding
routines used by the CUPS image converting filter “imagetops”. An attacker
could create a malicious SGI image file that could, possibly, execute
arbitrary code as the “lp” user if the file was printed. (CVE-2008-3639)
An integer overflow flaw leading to a heap buffer overflow was discovered
in the Text-to-PostScript “texttops” filter. An attacker could create a
malicious text file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3640)
An insufficient buffer bounds checking flaw was discovered in the
HP-GL/2-to-PostScript “hpgltops” filter. An attacker could create a
malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3641)
Red Hat would like to thank regenrecht for reporting these issues.
All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-October/077474.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077475.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077476.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077477.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077478.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077479.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077486.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077487.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077492.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077493.html
Affected packages:
cups
cups-devel
cups-libs
cups-lpd
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0937
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | cups | < 1.1.17-13.3.54 | cups-1.1.17-13.3.54.i386.rpm |
CentOS | 3 | i386 | cups-devel | < 1.1.17-13.3.54 | cups-devel-1.1.17-13.3.54.i386.rpm |
CentOS | 3 | i386 | cups-libs | < 1.1.17-13.3.54 | cups-libs-1.1.17-13.3.54.i386.rpm |
CentOS | 3 | x86_64 | cups | < 1.1.17-13.3.54 | cups-1.1.17-13.3.54.x86_64.rpm |
CentOS | 3 | x86_64 | cups-devel | < 1.1.17-13.3.54 | cups-devel-1.1.17-13.3.54.x86_64.rpm |
CentOS | 3 | i386 | cups-libs | < 1.1.17-13.3.54 | cups-libs-1.1.17-13.3.54.i386.rpm |
CentOS | 3 | x86_64 | cups-libs | < 1.1.17-13.3.54 | cups-libs-1.1.17-13.3.54.x86_64.rpm |
CentOS | 3 | ia64 | cups | < 1.1.17-13.3.54 | cups-1.1.17-13.3.54.ia64.rpm |
CentOS | 3 | ia64 | cups-devel | < 1.1.17-13.3.54 | cups-devel-1.1.17-13.3.54.ia64.rpm |
CentOS | 3 | ia64 | cups-libs | < 1.1.17-13.3.54 | cups-libs-1.1.17-13.3.54.ia64.rpm |