[USN-50-1] CUPS vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-50-1] CUPS vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Thu, 23 Dec 2004 12:45:00 +0100
Cc: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: Martin Pitt <martin@xxxxxxxxx>
User-agent: Mutt/1.5.6+20040907i

===========================================================
Ubuntu Security Notice USN-50-1           December 23, 2004
cupsys vulnerabilities
CAN-2004-1125, CAN-2004-2467, CAN-2004-1268, CAN-2004-1269,
CAN-2004-1270
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys
cupsys-client
libcupsimage2

The problem can be corrected by upgrading the affected package to
version 1.1.20final+cvs20040330-4ubuntu16.3. In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

CAN-2004-1125:

  The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS
  contains xpdf code to convert incoming PDF files to the PostScript
  format, this vulnerability applies to cups as well.

  In this case it could even lead to privilege escalation: if an
  attacker submitted a malicious PDF file for printing, he could be
  able to execute arbitrary commands with the privileges of the
  CUPS server.

  Please note that the Ubuntu version of CUPS runs as a minimally
  privileged user 'cupsys' by default, so there is no possibility of
  root privilege escalation. The privileges of the 'cupsys' user are
  confined to modifying printer configurations, altering print jobs,
  and controlling printers.

CAN-2004-1267:

  Ariel Berkman discovered a buffer overflow in the ParseCommand()
  function of the HPGL input driver. If an attacker printed a
  malicious HPGL file, they could exploit this to execute arbitrary
  commands with the privileges of the CUPS server.

CAN-2004-1268, CAN-2004-1269, CAN-2004-1270:

  Bartlomiej Sieka discovered three flaws in lppasswd. These allowed
  users to corrupt the new password file by filling up the disk,
  sending certain signals, or closing the standard output and/or error
  streams.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3.diff.gz
      Size/MD5:  1352536 0b3dff4b36a5f404c750dcc10d10a9ae
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3.dsc
      Size/MD5:      867 307e3cfac3d2e0d2b840edda6766d363
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:    58738 ce86aa8106bb723c24cf06742cac43d3
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:   106996 32f1883093b7d51c9db3d034d6683324
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:  3614338 ffcd9fbfb622e1a0f88801314d76a55d
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:    62374 61ed662f10903693d9daa11ce1003e4d
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:    53022 b005e4d8a35b5b9106f9ed6319a4a3a9
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:   101516 bae3a9b731cb9674e39f324339a6bfb7
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
      Size/MD5:    74574 41b6f5c20b92936cd561f1b498b2bffa

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:    58086 fc2585df5a6c9a6f91e2c96422a6a5eb
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:   104794 ed83510fe5438b49906aa53869d1f941
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:  3602978 c527a4935a8191916bd15d95a5594994
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:    61954 438afe729fe9c0860a3230d7e7c9f6b3
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:    52614 1c9edae57f661ab6619658147f56f209
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:    98164 c433f521beaca797904ffa75e885e779
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
      Size/MD5:    71840 d79c1d3435f8a011cc48365d4ba09a67

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:    62658 1a76c764e7f49a3f1905e857a0711af6
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:   114586 aa0c5d46151616c81da44f58ae0da2f3
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:  3633420 5445b181420280d11ff495d7f7852358
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:    61582 7220dcf33aca9c57aeb56b99383ac956
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:    55258 f0b7d3760ef14240d7c641bf2905e0e6
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:   100890 0510f214580a48d951df058cb7a96e58
    
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
      Size/MD5:    74666 4001918d5233a43ce5014328e3001449

Attachment: signature.asc
Description: Digital signature

Prev by Date: Re: phpBB Worm
Next by Date: Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS
Previous by thread: [Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized access
Next by thread: [Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS)
Index(es):
- Date
- Thread