CUPS: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200804-01 / cups
||April 01, 2008
||April 01, 2008: 01
All supported architectures
#211449, #212364, #214068
Multiple vulnerabilities have been discovered in CUPS, allowing for the
remote execution of arbitrary code and a Denial of Service.
CUPS provides a portable printing layer for UNIX-based operating
Multiple vulnerabilities have been reported in CUPS:
- regenrecht (VeriSign iDefense) discovered that the
cgiCompileSearch() function used in several CGI scripts in CUPS'
administration interface does not correctly calculate boundaries when
processing a user-provided regular expression, leading to a heap-based
buffer overflow (CVE-2008-0047).
- Helge Blischke reported a
double free() vulnerability in the process_browse_data() function when
adding or removing remote shared printers (CVE-2008-0882).
- Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
uses the code_size value from GIF images without properly checking it,
leading to a buffer overflow (CVE-2008-1373).
- An unspecified
input validation error was discovered in the HP-GL/2 filter
A local attacker could send specially crafted network packets or print
jobs and possibly execute arbitrary code with the privileges of the
user running CUPS (usually lp), or cause a Denial of Service. The
vulnerabilities are exploitable via the network when CUPS is sharing
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"