lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: martin.pitt at (Martin Pitt)
Subject: [USN-50-1] CUPS vulnerabilities

Ubuntu Security Notice USN-50-1		  December 23, 2004
cupsys vulnerabilities
CAN-2004-1125, CAN-2004-2467, CAN-2004-1268, CAN-2004-1269,

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1.1.20final+cvs20040330-4ubuntu16.3. In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:


  The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS
  contains xpdf code to convert incoming PDF files to the PostScript
  format, this vulnerability applies to cups as well.

  In this case it could even lead to privilege escalation: if an
  attacker submitted a malicious PDF file for printing, he could be
  able to execute arbitrary commands with the privileges of the
  CUPS server.

  Please note that the Ubuntu version of CUPS runs as a minimally
  privileged user 'cupsys' by default, so there is no possibility of
  root privilege escalation. The privileges of the 'cupsys' user are
  confined to modifying printer configurations, altering print jobs,
  and controlling printers.


  Ariel Berkman discovered a buffer overflow in the ParseCommand()
  function of the HPGL input driver. If an attacker printed a
  malicious HPGL file, they could exploit this to execute arbitrary
  commands with the privileges of the CUPS server.

CAN-2004-1268, CAN-2004-1269, CAN-2004-1270:

  Bartlomiej Sieka discovered three flaws in lppasswd. These allowed
  users to corrupt the new password file by filling up the disk,
  sending certain signals, or closing the standard output and/or error

  Source archives:
      Size/MD5:  1352536 0b3dff4b36a5f404c750dcc10d10a9ae
      Size/MD5:      867 307e3cfac3d2e0d2b840edda6766d363
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    58738 ce86aa8106bb723c24cf06742cac43d3
      Size/MD5:   106996 32f1883093b7d51c9db3d034d6683324
      Size/MD5:  3614338 ffcd9fbfb622e1a0f88801314d76a55d
      Size/MD5:    62374 61ed662f10903693d9daa11ce1003e4d
      Size/MD5:    53022 b005e4d8a35b5b9106f9ed6319a4a3a9
      Size/MD5:   101516 bae3a9b731cb9674e39f324339a6bfb7
      Size/MD5:    74574 41b6f5c20b92936cd561f1b498b2bffa

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    58086 fc2585df5a6c9a6f91e2c96422a6a5eb
      Size/MD5:   104794 ed83510fe5438b49906aa53869d1f941
      Size/MD5:  3602978 c527a4935a8191916bd15d95a5594994
      Size/MD5:    61954 438afe729fe9c0860a3230d7e7c9f6b3
      Size/MD5:    52614 1c9edae57f661ab6619658147f56f209
      Size/MD5:    98164 c433f521beaca797904ffa75e885e779
      Size/MD5:    71840 d79c1d3435f8a011cc48365d4ba09a67

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    62658 1a76c764e7f49a3f1905e857a0711af6
      Size/MD5:   114586 aa0c5d46151616c81da44f58ae0da2f3
      Size/MD5:  3633420 5445b181420280d11ff495d7f7852358
      Size/MD5:    61582 7220dcf33aca9c57aeb56b99383ac956
      Size/MD5:    55258 f0b7d3760ef14240d7c641bf2905e0e6
      Size/MD5:   100890 0510f214580a48d951df058cb7a96e58
      Size/MD5:    74666 4001918d5233a43ce5014328e3001449
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :

Powered by blists - more mailing lists