From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1656-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 20, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cupsys
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-3639 CVE-2008-3640 CVE-2008-3641
Several local vulnerabilities have been discovered in the Common UNIX
Printing System. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-3639
It was discovered that insufficient bounds checking in the SGI
image filter may lead to the execution of arbitrary code.
CVE-2008-3640
It was discovered that an integer overflow in the Postscript
conversion tool "texttops" may lead to the execution of arbitrary
code.
CVE-2008-3641
It was discovered that insufficient bounds checking in the HPGL
filter may lead to the execution of arbitrary code.
For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch5.
For the unstable distribution (sid) and the upcoming stable distribution (lenny), these problems have been fixed in version 1.3.8-1lenny2 of
the source package cups.
We recommend that you upgrade your cupsys package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz
Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc
Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb
Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb
Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb
Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb
Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb
Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)