USN-656-1 : cupsys vulnerabilities

NASLDB: USN-656-1 : cupsys vulnerabilities

General

ID: 37836
Name: USN-656-1 : cupsys vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

It was discovered that the SGI image filter in CUPS did not perform
proper bounds checking. If a user or automated system were tricked
into opening a crafted SGI image, an attacker could cause a denial of
service. (CVE-2008-3639)

It was discovered that the texttops filter in CUPS did not properly
validate page metrics. If a user or automated system were tricked
into opening a crafted text file, an attacker could cause a denial of
service. (CVE-2008-3640)

It was discovered that the HP-GL filter in CUPS did not properly
check for invalid pen parameters. If a user or automated system were
tricked into opening a crafted HP-GL or HP-GL/2 file, a remote
attacker could cause a denial of service or execute arbitrary code
with user privileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be
isolated by the AppArmor CUPS profile. (CVE-2008-3641)

NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have
the the fix for CVE-2008-1722 applied. This update includes fixes for
the problem. We apologize for the inconvenience.