LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183
Created:April 17, 2009 Updated:August 18, 2010
Description: From the Red Hat advisory:

Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0146, CVE-2009-1182)

Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0147, CVE-2009-1179)

Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180)

Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)

Multiple input validation flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0800)

Alerts:
Mandriva MDVSA-2011:175 2011-11-15
Ubuntu USN-973-1 2010-08-17
CentOS CESA-2010:0400 2010-05-28
Mandriva MDVSA-2010:096 2010-05-17
CentOS CESA-2010:0399 2010-05-08
Red Hat RHSA-2010:0400-01 2010-05-06
Red Hat RHSA-2010:0399-01 2010-05-06
Mandriva MDVSA-2010:087 2010-04-29
Mandriva MDVSA-2010:055 2010-03-04
Mandriva MDVSA-2009:346 2009-12-29
Mandriva MDVSA-2009:331 2009-12-10
Mandriva MDVSA-2009:282-1 2009-12-07
Mandriva MDVSA-2009:283 2009-10-19
Mandriva MDVSA-2009:282 2009-10-19
Fedora FEDORA-2009-10694 2009-10-21
Mandriva MDVSA-2009:281 2009-10-19
Fedora FEDORA-2009-6972 2009-06-27
SuSE SUSE-SR:2009:012 2009-07-03
Fedora FEDORA-2009-6973 2009-06-27
Fedora FEDORA-2009-6982 2009-06-27
CentOS CESA-2009:0431 2009-05-19
CentOS CESA-2009:0480 2009-05-15
Red Hat RHSA-2009:0480-01 2009-05-13
SuSE SUSE-SR:2009:010 2009-05-12
Slackware SSA:2009-129-01 2009-05-11
Debian DSA-1793-1 2009-05-06
Debian DSA-1790-1 2009-05-05
CentOS CESA-2009:0458 2009-05-03
Red Hat RHSA-2009:0458-01 2009-04-30
Fedora FEDORA-2009-3753 2009-04-21
Fedora FEDORA-2009-3769 2009-04-21
rPath rPSA-2009-0059-1 2009-04-17
Red Hat RHSA-2009:0429-01 2009-04-16
Gentoo 200904-20 2009-04-23
SuSE SUSE-SA:2009:024 2009-04-22
Fedora FEDORA-2009-3820 2009-04-21
Fedora FEDORA-2009-3794 2009-04-21
CentOS CESA-2009:0429 2009-04-20
CentOS CESA-2009:0430 2009-04-20
Ubuntu USN-759-1 2009-04-16
rPath rPSA-2009-0061-1 2009-04-17
Red Hat RHSA-2009:0431-01 2009-04-16
Red Hat RHSA-2009:0430-01 2009-04-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds