From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 1677-1 [email protected] http://www.debian.org/security/ Martin Schulze December 2nd, 2008 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : cupsys
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2008-5286
Debian Bug : 507183

An integer overflow has been discovered in the image validation code
of cupsys, the Common UNIX Printing System. An attacker could trigger
this bug by supplying a malicious graphic that could lead to the
execution of arbitrary code.

For the stable distribution (etch) this problem has been fixed in
version 1.2.7-4etch6.

For testing distribution (lenny) this issue will be fixed soon.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.8-1lenny4.

We recommend that you upgrade your cupsys packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498

Architecture independent components:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af

ARM architecture:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)