FreshPorts - VuXML

CUPS development team reports:

The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include:

Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609)

Security: The scheduler could hang with malformed gzip data (STR #4602)

< 2.0.3

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)

< 1.3.9_2

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

• An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
• An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
• A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.

< 1.3.3_2

gt 0

< 3.5.8_1

< 1.6.3_3,2

< 0.6

< 3.02_5

Secunia reports:

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted "textWithLanguage" or "nameWithLanguage" tags.

Successful exploitation allows execution of arbitrary code.

< 1.3.3_1

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.

< 3.02_2

< 3.5.7_1

< 1.2.11_3

gt 0

< 0.39_3

< 0.5.9_4

The release note of cups 1.3.9 reports:

It contains the following fixes:

• SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911)
• SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918)
• SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919)

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service.

< 1.3.9

Gentoo security team summarizes:

The following issues were reported in CUPS:

• iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
• Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
• Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.

< 1.3.10

Secunia reports:

CUPS is not using multiple workers to handle connections. This can be exploited to stop CUPS from accepting new connections by starting but never completing an SSL negotiation.

< 1.2.11