A heap-overflow in the cgiCompileSearch() function of cups could be exploited by remote attackers to execute arbitrary code. The vulnerable function is used by the web-interface which is only available remotely if the print server shares printers over the network.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 10.2 | x86_64 | cups | <Β 1.2.7-12.13 | cups-1.2.7-12.13.x86_64.rpm |
openSUSE | 10.3 | i586 | cups-client | <Β 1.2.12-22.11 | cups-client-1.2.12-22.11.i586.rpm |
openSUSE | 10.2 | ppc | cups-client | <Β 1.2.7-12.13 | cups-client-1.2.7-12.13.ppc.rpm |
openSUSE | 10.3 | ppc | cups-devel | <Β 1.2.12-22.11 | cups-devel-1.2.12-22.11.ppc.rpm |
openSUSE | 10.2 | i586 | cups-libs | <Β 1.2.7-12.13 | cups-libs-1.2.7-12.13.i586.rpm |
openSUSE | 10.3 | i586 | cups-devel | <Β 1.2.12-22.11 | cups-devel-1.2.12-22.11.i586.rpm |
openSUSE | 10.3 | x86_64 | cups-libs | <Β 1.2.12-22.11 | cups-libs-1.2.12-22.11.x86_64.rpm |
openSUSE | 10.2 | x86_64 | cups-libs-32bit | <Β 1.2.7-12.13 | cups-libs-32bit-1.2.7-12.13.x86_64.rpm |
openSUSE | 10.2 | ppc | cups | <Β 1.2.7-12.13 | cups-1.2.7-12.13.ppc.rpm |
openSUSE | 10.3 | x86_64 | cups-devel | <Β 1.2.12-22.11 | cups-devel-1.2.12-22.11.x86_64.rpm |