Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code executio

From Thijs Kinkhorst@1:229/2 to All on Fri Aug 1 10:00:16 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1625-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
August 01, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : cupsys
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0053 CVE-2008-1373 CVE-2008-1722
Debian Bug : 476305

Several remote vulnerabilities have been discovered in the Common Unix
Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0053

Buffer overflows in the HP-GL input filter allowed to possibly run
arbitrary code through crafted HP-GL files.

CVE-2008-1373

Buffer overflow in the GIF filter allowed to possibly run arbitrary
code through crafted GIF files.

CVE-2008-1722

Integer overflows in the PNG filter allowed to possibly run arbitrary
code through crafted PNG files.

For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch4 of package cupsys.

For the testing (lenny) and unstable distribution (sid), these problems
have been fixed in version 1.3.7-2 of package cups.

We recommend that you upgrade your cupsys package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz
Size/MD5 checksum: 107641 b1ae0953050580975ef0c6ff495e912d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.dsc
Size/MD5 checksum: 1376 4f8938f4dac4a9732efd621f4aabb63a

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb
Size/MD5 checksum: 45758 fbb5c3eaf74a1207d887e12bb75f6182
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb
Size/MD5 checksum: 924012 43e775475535e31f2f6963947c03525d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 1087542 cb6a29323e4cd1069b669c89963a1fac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 53024 090d638da135798424a129257b51b157
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 142544 0d446b8acb588ec2b1c8c22067aa2364
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 1574904 cdd7afb0953a56cf8d213778cbe1773e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 80706 687de2f8bf779ca898863fb94a07a12b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 85968 8d69f2ac63f2d4fbd923c2caa33c604d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 36352 02c24a715c2f06dd8bc62a851591948e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_amd64.deb
Size/MD5 checksum: 162230 0e2325c67bf23841038be68557ba8758

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 48718 28a8ac4acad82bd582358e38c0c23013
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 78910 6566d320a557b02cf94f379b84f0dba9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 35936 6ae06d35d6c40084adfd8bfd65866174
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 1025732 5c3e851e94f3a41216d7a7149839c8d4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 132040 3eb0b900c59ea118d768b1459898ea90
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 154878 02d749b77969111a813a4cba408bd74d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 1568968 5c60803b01b551503017f750bea5526e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_arm.deb
Size/MD5 checksum: 85168 5b2a0162f00efdcc8cd1d93e0bc7486b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 172120 3b9de8875c9be02866143463b0c919f0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 91152 ab272c582600f995706b46709c510f32
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 1022644 b587ee12458f80bd76a1d7b84869b741
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 57192 4e117dab53e958404f958b99b08da4c1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 154086 2a27882b763ce10df0fd172cfa8d22bb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 86898 aebbadb4ddb70dde9a524fd56b7bfb46
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_hppa.deb
Size/MD5 checksum: 1624440 67216c81ae5f4d2f1d8b571f7099492e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_hppa.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	145:08:52
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,496

[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code executio

Who's Online

Recent Visitors

System Info