10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Alin Rad Pop discovered that the Common UNIX Printing System is
vulnerable to an off-by-one buffer overflow in the code to process IPP
packets, which may lead to the execution of arbitrary code.
The cupsys version in the old stable distribution (sarge) is not
vulnerable to arbitrary code execution.
For the stable distribution (etch), this problem has been fixed in
version 1.2.7-4etch1. Updated packages for the arm architecture will be
provided later.
We recommend that you upgrade your cupsys packages.