Ubuntu Security Notice USN-606-1
5th May, 2008
cupsys vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.06 LTS
Software description
- cupsys
Details
Thomas Pollet discovered that CUPS did not properly validate the size of
PNG images. A local attacker, and a remote attacker if printer sharing
is enabled, could send a crafted file and cause a denial of service or
possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS
and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor
CUPS profile. (CVE-2008-1722)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.10:
- cupsys 1.3.2-1ubuntu7.7
- Ubuntu 7.04:
- cupsys 1.2.8-0ubuntu8.4
- Ubuntu 6.06 LTS:
- cupsys 1.2.2-0ubuntu0.6.06.9
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.