Debian Security Advisory DSA 1677-1 (cupsys) Network Vulnerability

Summary

The remote host is missing an update to cupsys announced via advisory DSA 1677-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201677-1

Insight

An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. For the stable distribution (etch) this problem has been fixed in version 1.2.7-4etch6. For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in version 1.3.8-1lenny4. We recommend that you upgrade your cupsys packages.

Severity

Classification

CVE CVE-2008-5286

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 070-1 (netkit-telnet)
Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)
Debian Security Advisory DSA 1052-1 (cgiirc)
Debian Security Advisory DSA 053-1 (nedit)
Debian Security Advisory DSA 1029-1 (libphp-adodb)

Take action and discover your vulnerabilities