GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Sat Jan 22, 2005 10:17 am Post subject: [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf cod |
|
|
Gentoo Linux Security Advisory
Title: CUPS: Stack overflow in included Xpdf code (GLSA 200501-30)
Severity: normal
Exploitable: remote
Date: January 22, 2005
Bug(s): #78249
ID: 200501-30
Synopsis
CUPS includes Xpdf code and therefore is vulnerable to the recent stack
overflow issue, potentially resulting in the remote execution of arbitrary
code.
Background
The Common UNIX Printing System (CUPS) is a cross-platform print
spooler. It makes use of Xpdf code to handle PDF files.
Affected Packages
Package: net-print/cups
Vulnerable: < 1.1.23-r1
Unaffected: >= 1.1.23-r1
Architectures: All supported architectures
Description
The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc
insufficiently checks boundaries when processing /Encrypt /Length tags
in PDF files (GLSA 200501-28).
Impact
This issue could be exploited by a remote attacker to execute
arbitrary code by sending a malicious print job to a CUPS spooler.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1" |
References
CAN-2005-0064
GLSA 200501-28
Last edited by GLSA on Mon Jun 10, 2013 4:19 am; edited 2 times in total |
|