Lucene search
Gentoo FoundationGLSA-200812-11HistoryDec 10, 2008 - 12:00 a.m.
CUPS: Multiple vulnerabilities
2008-12-1000:00:00
Gentoo Foundation
security.gentoo.org
18
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.914 High
EPSS
Percentile
98.9%
Background
CUPS is the Common Unix Printing System.
Description
Several buffer overflows were found in:
- The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI)
- The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI)
- The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense)
- The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs)
Impact
A remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server.
Workaround
None this time.
Resolution
All CUPS users should upgrade to the latest version.
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.9-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-print/cups | < 1.3.9-r1 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200812-11 (cups)
2008-12-23 00:00:00
Gentoo Security Advisory GLSA 200812-11 (cups)
2008-12-23 00:00:00
CentOS Update for cups CESA-2008:0937 centos4 x86_64
2009-02-27 00:00:00
nessus
nessus
GLSA-200812-11 : CUPS: Multiple vulnerabilities
2008-12-11 00:00:00
Debian DSA-1656-1 : cupsys - several vulnerabilities
2008-10-21 00:00:00
Fedora 9 : cups-1.3.9-1.fc9 (2008-8844)
2008-10-16 00:00:00
slackware
slackware
[slackware-security] cups
2008-11-08 23:38:23
osv
osv
cupsys - several vulnerabilities
2008-10-20 00:00:00
centos
centos
cups security update
2008-10-10 08:49:24
cups security update
2008-12-15 16:56:30
cups security update
2009-02-19 18:19:28
debian
debian
[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities
2008-10-20 17:22:15
[SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution
2008-12-02 21:17:21
freebsd
freebsd
cups -- multiple vulnerabilities
2008-10-09 00:00:00
cups -- potential buffer overflow in PNG reading code
2008-10-17 00:00:00
oraclelinux
oraclelinux
cups security update
2008-10-10 00:00:00
cups security update
2009-02-19 00:00:00
cups security update
2008-12-15 00:00:00
redhat
redhat
(RHSA-2008:0937) Important: cups security update
2008-10-10 00:00:00
(RHSA-2008:1028) Moderate: cups security update
2008-12-15 00:00:00
(RHSA-2009:0308) Important: cups security update
2009-02-19 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2008-10-15 00:00:00
CUPS vulnerabilities
2009-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9
2008-12-09 11:35:52
[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9
2008-10-16 02:08:34
[SECURITY] Fedora 8 Update: cups-1.3.9-2.fc8
2008-12-09 11:38:29
checkpoint_advisories
checkpoint_advisories
ubuntucve
ubuntucve
cve
cve
prion
prion
Integer overflow
2008-12-01 15:30:00
Design/Logic Flaw
2008-10-10 10:30:00
Integer overflow
2008-10-14 21:10:00
debiancve
debiancve
zdi
zdi
Apple CUPS HP-GL/2 Filter Remote Code Execution Vulnerability
2008-10-09 00:00:00
securityvulns
securityvulns
Apple Mac OS X CUPS printing system code execution
2008-10-12 00:00:00
ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability
2008-10-12 00:00:00
CUPS integer overflow
2008-12-03 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:35:05
Arbitrary Code Execution
2020-04-10 00:35:04
Arbitrary Code Execution
2020-04-10 00:35:04
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.914 High
EPSS
Percentile
98.9%
Related for GLSA-200812-11