Lucene search

K
ubuntuUbuntuUSN-656-1
HistoryOct 15, 2008 - 12:00 a.m.

CUPS vulnerabilities

2008-10-1500:00:00
ubuntu.com
39

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.919

Percentile

98.9%

Releases

  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.06

Packages

  • cupsys -

Details

It was discovered that the SGI image filter in CUPS did not perform
proper bounds checking. If a user or automated system were tricked
into opening a crafted SGI image, an attacker could cause a denial
of service. (CVE-2008-3639)

It was discovered that the texttops filter in CUPS did not properly
validate page metrics. If a user or automated system were tricked into
opening a crafted text file, an attacker could cause a denial of
service. (CVE-2008-3640)

It was discovered that the HP-GL filter in CUPS did not properly check
for invalid pen parameters. If a user or automated system were tricked
into opening a crafted HP-GL or HP-GL/2 file, a remote attacker could
cause a denial of service or execute arbitrary code with user
privileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by
the AppArmor CUPS profile. (CVE-2008-3641)

NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the
the fix for CVE-2008-1722 applied. This update includes fixes for the
problem. We apologize for the inconvenience.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchcupsys< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchcupsys-bsd< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchcupsys-client< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibcupsimage2< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibcupsimage2-dev< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibcupsys2< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibcupsys2-dev< 1.3.7-1ubuntu3.1UNKNOWN
Ubuntu7.10noarchcupsys< 1.3.2-1ubuntu7.8UNKNOWN
Ubuntu7.10noarchcupsys-bsd< 1.3.2-1ubuntu7.8UNKNOWN
Ubuntu7.10noarchcupsys-client< 1.3.2-1ubuntu7.8UNKNOWN
Rows per page:
1-10 of 281

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.919

Percentile

98.9%