In association with heise online

19 December 2007, 10:42

Vulnerability in Unix print service CUPS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 1.3.5 of the CUPS open source Unix printing system, which fixes multiple security vulnerabilities, has been released. Attackers on the local network can exploit these vulnerabilities to inject malicious code. Apple acquired the rights to the source code to the Unix printing system in the middle of this year. CUPS will, however, continue to be published under GPL and LGPL.

The bugs fixed include vulnerabilities in XPDF discovered six weeks ago, which can be exploited when processing crafted PDF files. A previously unknown bug in the CUPS SNMP backend can allow execution of injected malicious code when processing prepared response packets in ASN.1 notation as a result of an algebraic sign error. This bug affects both 1.2.x and 1.3.x versions of CUPS, for which source code patches are available on the bug tracking system. The SNMP service is active by default in CUPS 1.2.x.

Version 1.3.5 also fixes a number of other non-security related bugs. Many Linux distributors are already distributing new CUPS packages. Administrators who compile their Unix print services themselves should download the latest source code and recompile and install the software.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit