| Description: | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.
A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the "lp" user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047)
Red Hat would like to thank "regenrecht" for reporting this issue.
This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4.
Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)
A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373)
All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
|