USN-606-1: CUPS vulnerability

05 May 2008

CUPS vulnerability




Thomas Pollet discovered that CUPS did not properly validate the size of
PNG images. A local attacker, and a remote attacker if printer sharing
is enabled, could send a crafted file and cause a denial of service or
possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS
and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor
CUPS profile. (CVE-2008-1722)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.


Related notices