USN-50-1: CUPS vulnerabilities
Posted on: 12/23/2004 07:58 AM

A CUPS security update has been released for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-50-1 December 23, 2004
cupsys vulnerabilities
CAN-2004-1125, CAN-2004-2467, CAN-2004-1268, CAN-2004-1269,
CAN-2004-1270
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys
cupsys-client
libcupsimage2

The problem can be corrected by upgrading the affected package to version 1.1.20final+cvs20040330-4ubuntu16.3. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

CAN-2004-1125:

The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well.

In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to execute arbitrary commands with the privileges of the CUPS server.

Please note that the Ubuntu version of CUPS runs as a minimally privileged user 'cupsys' by default, so there is no possibility of root privilege escalation. The privileges of the 'cupsys' user are confined to modifying printer configurations, altering print jobs, and controlling printers.

CAN-2004-1267:

Ariel Berkman discovered a buffer overflow in the ParseCommand() function of the HPGL input driver. If an attacker printed a malicious HPGL file, they could exploit this to execute arbitrary commands with the privileges of the CUPS server.

CAN-2004-1268, CAN-2004-1269, CAN-2004-1270:

Bartlomiej Sieka discovered three flaws in lppasswd. These allowed users to corrupt the new password file by filling up the disk, sending certain signals, or closing the standard output and/or error streams.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3.diff.gz
Size/MD5: 1352536 0b3dff4b36a5f404c750dcc10d10a9ae
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3.dsc
Size/MD5: 867 307e3cfac3d2e0d2b840edda6766d363
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
Size/MD5: 5645146 5eb5983a71b26e4af841c26703fc2f79

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 58738 ce86aa8106bb723c24cf06742cac43d3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 106996 32f1883093b7d51c9db3d034d6683324
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 3614338 ffcd9fbfb622e1a0f88801314d76a55d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 62374 61ed662f10903693d9daa11ce1003e4d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 53022 b005e4d8a35b5b9106f9ed6319a4a3a9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 101516 bae3a9b731cb9674e39f324339a6bfb7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_amd64.deb
Size/MD5: 74574 41b6f5c20b92936cd561f1b498b2bffa

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 58086 fc2585df5a6c9a6f91e2c96422a6a5eb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 104794 ed83510fe5438b49906aa53869d1f941
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 3602978 c527a4935a8191916bd15d95a5594994
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 61954 438afe729fe9c0860a3230d7e7c9f6b3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 52614 1c9edae57f661ab6619658147f56f209
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 98164 c433f521beaca797904ffa75e885e779
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_i386.deb
Size/MD5: 71840 d79c1d3435f8a011cc48365d4ba09a67

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 62658 1a76c764e7f49a3f1905e857a0711af6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 114586 aa0c5d46151616c81da44f58ae0da2f3
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 3633420 5445b181420280d11ff495d7f7852358
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 61582 7220dcf33aca9c57aeb56b99383ac956
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 55258 f0b7d3760ef14240d7c641bf2905e0e6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 100890 0510f214580a48d951df058cb7a96e58
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.3_powerpc.deb
Size/MD5: 74666 4001918d5233a43ce5014328e3001449


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_50_1_cups_vulnerabilities.html)