USN-606-1: CUPS vulnerability
5 May 2008
CUPS vulnerability
Releases
Packages
- cupsys -
Details
Thomas Pollet discovered that CUPS did not properly validate the size of
PNG images. A local attacker, and a remote attacker if printer sharing
is enabled, could send a crafted file and cause a denial of service or
possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS
and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor
CUPS profile. (CVE-2008-1722)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.