Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201207-10 ] CUPS: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Tue Jul 10, 2012 8:26 am    Post subject: [ GLSA 201207-10 ] CUPS: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: CUPS: Multiple vulnerabilities (GLSA 201207-10)
Severity: high
Exploitable: local, remote
Date: July 09, 2012
Bug(s): #295256, #308045, #325551, #380771
ID: 201207-10

Synopsis

Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.


Background

CUPS, the Common Unix Printing System, is a full-featured print server.

Affected Packages

Package: net-print/cups
Vulnerable: < 1.4.8-r1
Unaffected: >= 1.4.8-r1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in CUPS. Please review the
CVE identifiers referenced below for details.


Impact

A remote attacker may be able to execute arbitrary code using specially
crafted streams, IPP requests or files, or cause a Denial of Service
(daemon crash or hang). A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.


Workaround

There is no known workaround at this time.

Resolution

All CUPS users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
   
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.


References


CVE-2009-3553


CVE-2010-0302


CVE-2010-0393


CVE-2010-0540


CVE-2010-0542


CVE-2010-1748


CVE-2010-2431


CVE-2010-2432


CVE-2010-2941


CVE-2011-3170
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum