In association with heise online

02 April 2008, 11:49

Security vulnerability in CUPS Unix print service fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 1.3.7 of the CUPS open source print service for Unix has now been released. It fixes multiple security vulnerabilities which could be exploited to inject and execute code. If the service is used to provide network printers, remote attacks were possible.

Inadequate checking when processing crafted GIF images with invalid values in the code_size field could result in a buffer overflow. In addition, the CGI scripts included with the software share the cgiCompileSearch() function, which may fail to reserve adequate memory for converted search queries. This can result in a heap-based buffer overflow.

The current version also fixes a number of less critical bugs. The filter for graphics in PBM format inverted the images and the scheduler could crash. The CUPS developers recommend that all users install the update as soon as possible. The Linux distributors are already distributing updated packages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit