[ GLSA 200804-01 ] CUPS: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: CUPS: Multiple vulnerabilities (GLSA 200804-01)
Severity: high
Exploitable: remote
Date: April 01, 2008
Bug(s): #211449, #212364, #214068
ID: 200804-01

Synopsis


Multiple vulnerabilities have been discovered in CUPS, allowing for the
remote execution of arbitrary code and a Denial of Service.


Background


CUPS provides a portable printing layer for UNIX-based operating
systems.


Affected Packages

Package: net-print/cups
Vulnerable: < 1.2.12-r7
Unaffected: >= 1.2.12-r7
Architectures: All supported architectures


Description


Multiple vulnerabilities have been reported in CUPS:

• regenrecht (VeriSign iDefense) discovered that the
  cgiCompileSearch() function used in several CGI scripts in CUPS'
  administration interface does not correctly calculate boundaries when
  processing a user-provided regular expression, leading to a heap-based
  buffer overflow (CVE-2008-0047).
• Helge Blischke reported a
  double free() vulnerability in the process_browse_data() function when
  adding or removing remote shared printers (CVE-2008-0882).
• Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
  uses the code_size value from GIF images without properly checking it,
  leading to a buffer overflow (CVE-2008-1373).
• An unspecified
  input validation error was discovered in the HP-GL/2 filter
  (CVE-2008-0053).

Impact


A local attacker could send specially crafted network packets or print
jobs and possibly execute arbitrary code with the privileges of the
user running CUPS (usually lp), or cause a Denial of Service. The
vulnerabilities are exploitable via the network when CUPS is sharing
printers remotely.


Workaround


There is no known workaround at this time.


Resolution


All CUPS users should upgrade to the latest version: