Ubuntu Security Notice USN-539-1
5th November, 2007
cupsys vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- cupsys
Details
Alin Rad Pop discovered that CUPS did not correctly validate buffer
lengths when processing IPP tags. Remote attackers successfully
exploiting this vulnerability would gain access to the non-root CUPS user
in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be
isolated by the AppArmor CUPS profile.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.10:
- cupsys 1.3.2-1ubuntu7.1
- Ubuntu 7.04:
- cupsys 1.2.8-0ubuntu8.1
- Ubuntu 6.10:
- cupsys 1.2.4-2ubuntu3.1
- Ubuntu 6.06 LTS:
- cupsys 1.2.2-0ubuntu0.6.06.4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.