| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Ubuntu alert USN-606-1 (cupsys)
| From: | Jamie Strandboge <jamie@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-606-1] CUPS vulnerability | |
| Date: | Mon, 5 May 2008 10:17:03 -0400 | |
| Message-ID: | <20080505141703.GB9973@severus.strandboge.com> | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-606-1 May 05, 2008 cupsys vulnerability CVE-2008-1722 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.9 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.4 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.7 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 98301 b8244292c56703685f0f4b87b62ad9f2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1049 5c5401393990154569d8ed80ba6be9a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 998 2f50f42c96d726c512d95d94dd63066b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 36222 92938e92d89e356b565b2cd9fa8f90e9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 81898 01d3dde4c8f2beed26189bcdf88aa9f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2286132 6b06e0a465d2e75b064f987fb9ae489b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 6092 1054eb120c58d7521512e13bdc81afb1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 76772 6a78082c54721a940a7ae3f54a9a72af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 25746 92704078a4998d034f145cc9311d993c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 129608 b15e72306de0dc8b0bd887e6edad78a3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 34764 a1868bb57866e0ea313bd4d5806c4ee2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 77980 ce06a0b0ea27969219f438f6eef01eea http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2253484 555dfbaf17db56f1d15b8c3112948018 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 6090 32d24370ecc83fe34b898378b68bbbc8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 75852 49b969a914bdddac005533d97a6761d0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 25742 8c06fc3c7b6619f6e4821a8d32180eaf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 121850 11fefc34a01b49bfee24d1ef1e260d7b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 40470 9fc1aa440d35749b60f0d47ee78c28be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 89532 0b91e3869dbf68145c14e0a58261110f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2300756 0e54aa08b772b259dad2e5424861745f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 6094 ec2a7144e5e8a7bd976cf5fd5b089571 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 78544 39cdc79699bd2dabdc8c540cae590c06 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 25746 3aea74a499975c81d964074586a4e619 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 127600 34fddb91661094a13862b79392d85e6a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 35386 336e69cda20c4ccf8fe0795776fd1a46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 78720 6cc90f90d8085ea2c014df57fb21b759 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2287174 30bd7f7a6a9fa1e342c6b5468cc9b2ce http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 6096 7972be11d7a836a3c4d3be36953f32a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 75798 a6a477d040bd2b4dcf106b3c40691418 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 25746 2b6e03e896a5e537fdbb2b358815df32 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 123334 065648e7c0b2ba05e8fbbfa9e67b271d Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 156905 c9720e8af308c00c626dfe31c75498e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1143 389e73b34b23ff0b5aba6bfe2381ae68 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 926512 561de17dac8df73f87473fb40141e58a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 37404 0e1c6665582dda25c9842e5e988bcd58 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 83232 3282d944a2ab5bae92410da03707eaf5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1638364 cf08b8d3eb4daf97f8400ad730bacbe1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 56586 4dc099e328939ea76d6b0588abf42c9c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 104544 af46170e71cfa99d47cb8fcaf49e516d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 144854 5ceca2d47568eb6eb180d26cb8e5207c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 182448 b125ba4329d6d95afe4720484003d2b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 36730 585a19120aaf1f47545b7f4ec43c7285 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 80758 7b7092e1211b7e4ffda248343268d5c3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1620956 58d65d2c8987c19833b9e127313f831f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 55686 7cf94e25a7f7011f8c3d1c5fed7d527b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 104280 869ca0c5a57a46f4b2c9fa0f9855fd1d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 139316 9a8c664e8e1fd7fb7df1fdb826770ae8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 178744 4c639974c8aca031d7f2636dd67bc4d3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 46766 bc7632e1aa2f6cc17585aad052df45fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 101110 ec65855688c87906d85492f4a4562691 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1695638 bde2bdc468099d72e5b4039df6c700bc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 56384 a0ab539efefcf07f3315394978c312aa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 110192 ab83976c421039c24f80114f8da8d983 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 141176 a969989284b11c6aeb9130fc31dd7782 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 188356 4a33598ba22be8d68e15440b09c2b907 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 37784 2cce471b0733bc1a27bc1c2ec901be58 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 83752 829ef79a25ea17ad1f6259fee182d02f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1658916 51a849227e3672e3ebb7947492a35457 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 54904 40b9ccd8c448a18ab71e2bca677f5ce6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 103834 c16646e1fa3fdeb3411e4e4650d28bf4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 141752 59737717209e8196d86ce7c11966c2fc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 178000 f52cd1d84c043633111970cfed2510e0 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 125892 363e12d4a66328e00b50b5b5ce4e8cb8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1218 fc9e290b61e4ae36ce6fd63e0444fb82 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 1080430 ba26e4de97c67d86d02ac1b33e9cd659 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 37208 431448363a2744f7009e2a81bf99fb29 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 89514 bed07509d9526b1f068b49e4dea2f490 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2034586 5bdf69e150c39974bc0212d80f6cd94a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 60022 945ce536053aaa25cf56ad10ecd06698 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 46888 8e5022c19fbf7edb5289ee90d846f8cd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 152016 5991988134cf892c41fa0fc7934655a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 186124 ac90b7ce2eda1749c8e8229624877fe1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 36474 910ca2fb837ea869b5936a46ea4cf50d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 86482 8be31b38cd928e5a475247fb8a24eafa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2018120 aeeb67192f22adc7713e6a63d8ebc408 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 58832 3339793ba8d58e2c2a979d0397477b89 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 46272 56e0ec4ba94b7e585a47f648e222eaf3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 145696 fc0d0e47e66dcfaa6648ff534364b456 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 182906 1af67dbd7f072b0053b24ac3511a00fe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3... Size/MD5: 36674 70f6213d7a5033d08f3ce96447b43acd http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_... Size/MD5: 88300 a77f210c2b3e9fb0572a9350072bced8 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1... Size/MD5: 2021064 f3de6177187c26f0fb0e6fc2a1ac405a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-... Size/MD5: 59596 fc18838c4ce1a78fe0c8a42e2bf8a3d7 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_... Size/MD5: 47670 ab55965b53fad5dbc8cd6b8e2bcbd5fd http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev... Size/MD5: 142424 b850aee9cc42b867896566fc520e7c7f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3... Size/MD5: 181120 9766647b71d266fb59c25d6683c491c8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 46506 61c03294a67ff041bb1c863c54c125de http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 107740 3fa0874a415748f3a533b8e287d630a4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2099302 18ae895fb05d68e405be6baa0d60917b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 59480 8d99cda0cd8dd54ffa31cb458521db3d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 51888 481826308e7f4adaf904c4dde4883290 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 146958 7acf0945a87e7b813a6f7f65a913e94d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 191864 03420e2e084cdb50697a3e204c0eca95 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 37576 6b716889bb0d0ebde20b0287aecd67c6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 89606 e3e51b409c8a3ce280a91dc2df58613b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cups... Size/MD5: 2060578 55527887b71ea556c4a22991e15ece62 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 58088 a3e49c2a9d7940553546ff8d28013a28 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 45572 010d4b9fc1cc2e29d5915aa6391a1932 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 148470 a6c315bb7b53743a8aa1cc7a63a9eb44 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libc... Size/MD5: 181950 a8b6bc86b5fd73a21010c96ce3890e45 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
(Log in to post comments)