Vulnerability in Unix print service CUPS
Version 1.3.5 of the CUPS open source Unix printing system, which fixes multiple security vulnerabilities, has been released. Attackers on the local network can exploit these vulnerabilities to inject malicious code. Apple acquired the rights to the source code to the Unix printing system in the middle of this year. CUPS will, however, continue to be published under GPL and LGPL.
The bugs fixed include vulnerabilities in XPDF discovered six weeks ago, which can be exploited when processing crafted PDF files. A previously unknown bug in the CUPS SNMP backend can allow execution of injected malicious code when processing prepared response packets in ASN.1 notation as a result of an algebraic sign error. This bug affects both 1.2.x and 1.3.x versions of CUPS, for which source code patches are available on the bug tracking system. The SNMP service is active by default in CUPS 1.2.x.
Version 1.3.5 also fixes a number of other non-security related bugs. Many Linux distributors are already distributing new CUPS packages. Administrators who compile their Unix print services themselves should download the latest source code and recompile and install the software.
- Common UNIX Printing System 1.3.5, summary of the changes from the CUPS development team
- SNMP backend integer underflow/stack overflow in asn1_get_string(), entry in the CUPS bug tracking system
- Patch remedies vulnerabilities in Xpdf, report by heise Security