DSA 2007-1: New cups packages fix arbitrary code execution
Posted on: 03/04/2010 12:20 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2007-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 3rd, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : cups
Vulnerability : format string vulnerability
Problem type : local
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0393

Ronald Volgers discovered that the lppasswd component of the cups suite,
the Common UNIX Printing System, is vulnerable to format string attacks
due to insecure use of the LOCALEDIR environment variable. An attacker
can abuse this behaviour to execute arbitrary code via crafted localization
files and triggering calls to _cupsLangprintf(). This works as the lppasswd
binary happens to be installed with setuid 0 permissions.


For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny8.

For the testing distribution (squeeze) this problem will be fixed soon.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.2-9.1.


We recommend that you upgrade your cups packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.dsc
Size/MD5 checksum: 1837 a511bb4de5c768a4862a55d227a4ff70
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.diff.gz
Size/MD5 checksum: 189649 82c747daa3ed7bb71e10094a50a0cabd
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 1181030 11167383d8fa0f8518cb550e4946c109
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 15e639e1ac4d44042e5e5245d0670cb9
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 796f92741e989eac9ba214ede18630d8
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52406 2bce3838eaf23010ab40842e6cd15b64
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 57ee5c01a3a6b88e9dd73a5fae4052e6
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 a57e7e5775ef54f3b173aa78cb56925c
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52402 e558bca7e419849e9985fab5b253d541
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52382 6fb5db2ff939a66c82805069e2673122

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 445498 e4c86a6a0e2956a543432ea47d2b4e4d
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 119902 54fbde6934338f62546a3a9d63366e24
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 108236 b5585a98bb2ba4395aa8b995663eb449
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 39296 ba38fb23064f0265b08e634c5553680c
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 81528 586baf5c22624b387b17522f9336a62f
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 178786 855af4932cc8c4d8fa79615cfb9268d7
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 1149260 0655f89a290365b71040ad2ab6d5708e
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 2103240 eb83ee8de10a7bd58918742bd92afb26

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 2072340 d50623c5ddf4a13d88ad72c77b423b7f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 99958 c80b2253f2bd929eea5fa3e4d630007b
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 1195800 c8fe761855122b595442161dc215685f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 61016 bd0dbe1b2ea8cd4f4608684c8d175aeb
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 169070 a8cc5fcba2086f06cb475b363dae39d1
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 401586 d0c2f361b90a7d43a29c1267e41ac013
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 116782 535933bcbdf17abc8d11d66d6059f398
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 37256 c48a07f0d0dd59aec4bc88238fe51ea6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 1125054 47b869c7af5c841936301dc713aa3bb3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 2061240 f8f6aec89d4122cd7c0c5f1c80185490
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 113164 862335112c4cec83b6f774a39e3fc2b9
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 155534 3aa347eb9e30df946b834ac016f8d283
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 55352 0b8cd0cfc9373f4ab4be9a068868818d
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 36474 9925987df33366768ee7ccfa4566e1d4
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 97414 d43e5b18042c48ebc6d2a1d4e6c12f2c
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 387712 33ece2737438d084d26ac6fc5cd760b9

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 157028 3e4149d7b7e7e845bc4d3730404190f3
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 119310 100d72c77beb954a87986af1ecd647c7
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 54732 1190d22789b9309f1e78860510301ab3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 2077838 4a8ff6e73ea9bf9e94ff5825c1174779
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 387602 45a8362c0dc84b4a4c8fdd2e33f80bbc
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 98558 c8b588b3ab696cb2e88baf2f5d94741f
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 38772 8aacdda63b2ee8cb8a63421931942814
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 1129310 149f6fec84d67a60b62477c37e39d042

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 406772 d1d53dd5d0f75b59024ad7956564f29f
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 39988 5a975486c7cb9f472ee0d45ffd9b3683
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 172874 4186b6262c3e279a9cc8b77d029e4c1e
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 63140 9039a2811fb6d3945034e4cbf7ffe599
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 1142920 bc221c80a35f48369d4ecf5db639ab96
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 2120838 18e3dc2e1e7b4f0446422395c19ffa58
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 121720 fa37b7429bf9485808067fd67b05da59
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 103158 59ff4ef65704e82c04629a8744c0f8bc

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 1097596 fd5c74be5bc03649abba8ebbf77d6451
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 38010 5d2bd65adba678c033e7ca5a29a9d955
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 165576 71ce31f39a6e1e720af95d4e82a88d8b
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 60424 0e4cea9daca41e520dbce560b4832d48
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 99486 87819be26173976d930461a6577070a5
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 394172 e63cbc2f88f30d3f1b66d1b55c1d169c
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 2052542 9454ca978cc4a28481c11a5cdbd33438
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 115942 1f751d318fb9fef7c91b0a9c0c409f9e

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 139102 78b2ab586f3187909d930abd87c3ec84
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 86012 99a615920328daa054cfe62052a93cb7
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 209294 b01ae496c3cb881f4decc3a4ece08122
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 2283850 175a894311f8cff9fe650c3baa0b6d46
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 447802 38383f1f2be111677a79ebfcd247d61d
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 123628 11e9d5f4b78ff50d121d14fdbe6a782b
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 1151580 af7b35bcac465ca8cbabb63651cc2cb2
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 41284 57e9177cef831639476cc289d8067834

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 65220 f432b20c68866e83e696aaafeca0ea32
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 1158992 129547967aab4dc3a95e89b497828069
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 99032 f563929513a294d97793f5aba3f0cf15
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 110006 7df897c72bb496c1660022be4eb53b4c
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 403444 5835503a1026ba846954976d3e52cebc
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 36158 ebdbbdc958b51e851600d688738c8089
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 2030710 6aed4a117ee98cfd751204c957ba7c1d
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 158496 987c55cca3677a14b836597dbb1f0327

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 105640 ae6a5f63f589ad5bae2d7ecd4be269e1
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 61094 9d02e8bef845830b2b1e0e920eb0ada0
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 135688 6ec7ee1ad2eb2f543d2eff4dea847a41
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 43906 8e2a1126f6e4cca776ca13cf7e49625b
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 174512 52a39e14eda691e3563c3278fcfa25ff
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 395666 9eca6ef2e6429b4ac2226847c8122758
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 2137268 b6cacb0e0051f563ac0a027d3dac8ce0
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 1196662 875cce4fd93adff28ef3f696696ac363

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 118590 3cf70157d2a0f74c419c945a9ec65785
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 60714 d1a71e6365fb95c20bb9d720b3a5ab32
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 101722 71e9684bab935487bc3ff48c69de5ba7
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 37818 bf29d032e9a00e33b62fafda191ceceb
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 2093186 3588fb878456ae05781d5467d5a245b3
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 399922 d481af6ea365c4ad436493ce8adb92d7
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 1190826 185c58c1bc4b622fca84715f749eb9bd
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 171864 7731f029fa9c052a7ccbefd457a36ede

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 395004 782356afcc6dc3f4f9c96cd498a2baf3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 2071128 d75e27ad18dc7e655aab7be4e6d4be19
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 1057940 2b5f7135c895f38353916b4e7bcaec83
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 116708 2f59a6913340ba69f12bc7d36b354584
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 161096 ee6815c329c6c619fcbb9fbb45048895
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 38870 016788da55547b0ea7cb51870249fb35
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 97330 1f6d5116c20a0cb54a41c3bb34a3cc92
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 57662 1080e4dbc4db2d41e67e15061246bb42


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuO3scACgkQHYflSXNkfP9xngCgr1BLG5dUngbgdET9DXmvo/zA
cX0AoLLmmJ9/MliGiKRCRv2UKj4WiM3k
=awyu
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_2007_1_new_cups_packages_fix_arbitrary_code_execution.html)