Next Page >>
Common Unix Printing System
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
1. *Advisory Information*
Mandriva Linux Security Advisory MDVSA-2009:283
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 19, 2009
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:282-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:282
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 19, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
arbitrary code or DNS rebinding attacks.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
===========================================================
Ubuntu Security Notice USN-952-1 June 21, 2010
cups, cupsys vulnerabilities
CVE-2010-0540, CVE-2010-0542, CVE-2010-1748
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
following problems:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, and other products allow remote
attackers to cause a denial of service (crash) via a crafted PDF file,
related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: December 18, 2007
Bugs: #199195, #201042, #201570
ID: 200712-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 09, 2008
I. BACKGROUND
The Common UNIX Printing System, more commonly referred to as CUPS,
provides a standard printer interface for various Unix based operating
systems. "imagetops" is a part of CUPS responsible for creating
PostScript representations of different graphic file formats. For more
information, visit the vendor's website at the following URL.
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 18, 2008
I. BACKGROUND
The Common UNIX Printing System, more commonly referred to as CUPS,
provides a standard printer interface for various Unix based operating
systems. For more information, visit the vendor's website at the
following URL.
http://www.cups.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: April 01, 2008
Bugs: #211449, #212364, #214068
ID: 200804-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-707-1 January 12, 2009
cups, cupsys vulnerabilities
CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
===========================================================
Ubuntu Security Notice USN-598-1 April 02, 2008
cupsys vulnerabilities
CVE-2008-0047, CVE-2008-0053, CVE-2008-0882, CVE-2008-1373
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Mandriva Linux Security Advisory MDVSA-2008:050
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : February 26, 2008
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:281
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 19, 2009
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-856-1 November 10, 2009
cups, cupsys vulnerability
CVE-2009-2820
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-906-1 March 03, 2010
cups, cupsys vulnerabilities
CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
remote execution of arbitrary code.
Background
==========
CUPS is the Common Unix Printing System.
Affected packages
=================
-------------------------------------------------------------------
Mandriva Linux Security Advisory MDVSA-2010:073
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : April 14, 2010
Affected: 2008.0, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:073-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : April 14, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Integer overflow vulnerability
Date: April 18, 2008
Bugs: #217232
ID: 200804-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Memory corruption
Date: November 12, 2007
Bugs: #196736
ID: 200711-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-780-1 June 03, 2009
cups, cupsys vulnerability
CVE-2009-0949
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-656-1 October 15, 2008
cupsys vulnerabilities
CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Mandriva Linux Security Advisory MDVSA-2010:072
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : April 14, 2010
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0393
Ronald Volgers discovered that the lppasswd component of the cups suite,
the Common UNIX Printing System, is vulnerable to format string attacks
due to insecure use of the LOCALEDIR environment variable. An attacker
can abuse this behaviour to execute arbitrary code via crafted localization
files and triggering calls to _cupsLangprintf(). This works as the lppasswd
binary happens to be installed with setuid 0 permissions.
======================================================================
Secunia Research 17/04/2009
- CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Debian-specific: no
CVE Id(s) : CVE-2008-0047 CVE-2008-0882
Debian Bug : 472105 467653
Several local/remote vulnerabilities have been discovered in cupsys, the
Common Unix Printing System. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-0047
Heap-based buffer overflow in CUPS, when printer sharing is enabled,
allows remote attackers to execute arbitrary code via crafted search
Debian-specific: no
CVE Id : CVE-2009-0163
It was discovered that the imagetops filter in cups, the Common UNIX
Printing System, is prone to an integer overflow when reading malicious
TIFF images.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1lenny5.
Debian-specific: no
CVE Id(s) : CVE-2008-0047 CVE-2008-0882
Debian Bug : 472105 467653
Several local/remote vulnerabilities have been discovered in cupsys, the
Common Unix Printing System. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-0047
Heap-based buffer overflow in CUPS, when printer sharing is enabled,
allows remote attackers to execute arbitrary code via crafted search
Next Page>>
|
