Solution
Please Install the Updated Packages.
Insight
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.
Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "
lp"
user if the file is printed. (CVE-2008-0053)
A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "
imagetops"
and "
imagetoraster"
. An attacker
could create a malicious GIF file that could possibly execute arbitrary code as the "
lp"
user if the file was printed. (CVE-2008-1373)
It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the "
pdftops"
filter on 64-bit platforms. An attacker
could create a malicious PDF file that could possibly execute arbitrary code as the "
lp"
user if the file was printed. (CVE-2008-1374)
All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
Affected
cups on CentOS 3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-0888, CVE-2005-0206, CVE-2008-0053, CVE-2008-1373, CVE-2008-1374 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities