(RHSA-2008:0937) Important: cups security update

2008-10-1000:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.919 High

EPSS

Percentile

98.7%

JSON

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX® operating systems.

A buffer overflow flaw was discovered in the SGI image format decoding
routines used by the CUPS image converting filter “imagetops”. An attacker
could create a malicious SGI image file that could, possibly, execute
arbitrary code as the “lp” user if the file was printed. (CVE-2008-3639)

An integer overflow flaw leading to a heap buffer overflow was discovered
in the Text-to-PostScript “texttops” filter. An attacker could create a
malicious text file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3640)

An insufficient buffer bounds checking flaw was discovered in the
HP-GL/2-to-PostScript “hpgltops” filter. An attacker could create a
malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
“lp” user if the file was printed. (CVE-2008-3641)

Red Hat would like to thank regenrecht for reporting these issues.

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ppccups-lpd< 1.2.4-11.18.el5_2.2cups-lpd-1.2.4-11.18.el5_2.2.ppc.rpm
RedHat4ia64cups-devel< 1.1.22-0.rc1.9.27.el4_7.1cups-devel-1.1.22-0.rc1.9.27.el4_7.1.ia64.rpm
RedHat4i386cups-libs< 1.1.22-0.rc1.9.27.el4_7.1cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
RedHat5s390xcups-libs< 1.2.4-11.18.el5_2.2cups-libs-1.2.4-11.18.el5_2.2.s390x.rpm
RedHat4ppc64cups-libs< 1.1.22-0.rc1.9.27.el4_7.1cups-libs-1.1.22-0.rc1.9.27.el4_7.1.ppc64.rpm
RedHat5s390xcups-devel< 1.2.4-11.18.el5_2.2cups-devel-1.2.4-11.18.el5_2.2.s390x.rpm
RedHat5ia64cups-libs< 1.2.4-11.18.el5_2.2cups-libs-1.2.4-11.18.el5_2.2.ia64.rpm
RedHat5ia64cups-devel< 1.2.4-11.18.el5_2.2cups-devel-1.2.4-11.18.el5_2.2.ia64.rpm
RedHat5ppccups< 1.2.4-11.18.el5_2.2cups-1.2.4-11.18.el5_2.2.ppc.rpm
RedHat5x86_64cups-libs< 1.2.4-11.18.el5_2.2cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	ppc	cups-lpd	< 1.2.4-11.18.el5_2.2	cups-lpd-1.2.4-11.18.el5_2.2.ppc.rpm
RedHat	4	ia64	cups-devel	< 1.1.22-0.rc1.9.27.el4_7.1	cups-devel-1.1.22-0.rc1.9.27.el4_7.1.ia64.rpm
RedHat	4	i386	cups-libs	< 1.1.22-0.rc1.9.27.el4_7.1	cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
RedHat	5	s390x	cups-libs	< 1.2.4-11.18.el5_2.2	cups-libs-1.2.4-11.18.el5_2.2.s390x.rpm
RedHat	4	ppc64	cups-libs	< 1.1.22-0.rc1.9.27.el4_7.1	cups-libs-1.1.22-0.rc1.9.27.el4_7.1.ppc64.rpm
RedHat	5	s390x	cups-devel	< 1.2.4-11.18.el5_2.2	cups-devel-1.2.4-11.18.el5_2.2.s390x.rpm
RedHat	5	ia64	cups-libs	< 1.2.4-11.18.el5_2.2	cups-libs-1.2.4-11.18.el5_2.2.ia64.rpm
RedHat	5	ia64	cups-devel	< 1.2.4-11.18.el5_2.2	cups-devel-1.2.4-11.18.el5_2.2.ia64.rpm
RedHat	5	ppc	cups	< 1.2.4-11.18.el5_2.2	cups-1.2.4-11.18.el5_2.2.ppc.rpm
RedHat	5	x86_64	cups-libs	< 1.2.4-11.18.el5_2.2	cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm