remote code execution in cups

ID SUSE-SA:2007:058
Type suse
Reporter Suse
Modified 2007-10-31T16:30:43


A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to crash cupsd or to potentially even execute arbitrary code with root privileges (CVE-2007-4351). On SUSE Linux 10.1 and 10.0 as well as on all SLES based products only crashing cupsd is possible. A cummulative update that integrates other fixes for SLES will be released later.


There is no known workaround, please install the update packages.