Ubuntu Security Notice USN-563-1
8th January, 2008
cupsys vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- cupsys
Details
Wei Wang discovered that the SNMP discovery backend did not
correctly calculate the length of strings. If a user were tricked into
scanning for printers, a remote attacker could send a specially crafted
packet and possibly execute arbitrary code.
Elias Pipping discovered that temporary files were not handled safely
in certain situations when converting PDF to PS. A local attacker could
cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.10:
- cupsys 1.3.2-1ubuntu7.3
- Ubuntu 7.04:
- cupsys 1.2.8-0ubuntu8.2
- Ubuntu 6.10:
- cupsys 1.2.4-2ubuntu3.2
- Ubuntu 6.06 LTS:
- cupsys 1.2.2-0ubuntu0.6.06.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.