7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.864 High
EPSS
Percentile
98.6%
CentOS Errata and Security Advisory CESA-2008:1028
The Common UNIX® Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.
An integer overflow flaw, leading to a heap buffer overflow, was discovered
in the Portable Network Graphics (PNG) decoding routines used by the CUPS
image-converting filters, “imagetops” and “imagetoraster”. An attacker
could create a malicious PNG file that could, potentially, execute
arbitrary code as the “lp” user if the file was printed. (CVE-2008-5286)
CUPS users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-December/077637.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077640.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077646.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077647.html
Affected packages:
cups
cups-devel
cups-libs
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:1028
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | cups | < 1.1.17-13.3.55 | cups-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | ia64 | cups-devel | < 1.1.17-13.3.55 | cups-devel-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | ia64 | cups-libs | < 1.1.17-13.3.55 | cups-libs-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | ia64 | cups | < 1.1.17-13.3.55 | cups-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | ia64 | cups-devel | < 1.1.17-13.3.55 | cups-devel-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | ia64 | cups-libs | < 1.1.17-13.3.55 | cups-libs-1.1.17-13.3.55.ia64.rpm |
CentOS | 3 | s390 | cups | < 1.1.17-13.3.55 | cups-1.1.17-13.3.55.s390.rpm |
CentOS | 3 | s390 | cups-devel | < 1.1.17-13.3.55 | cups-devel-1.1.17-13.3.55.s390.rpm |
CentOS | 3 | s390 | cups-libs | < 1.1.17-13.3.55 | cups-libs-1.1.17-13.3.55.s390.rpm |
CentOS | 3 | s390x | cups | < 1.1.17-13.3.55 | cups-1.1.17-13.3.55.s390x.rpm |