Debian Security Advisory

DSA-1407-1 cupsys -- buffer overflow

Date Reported:
18 Nov 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-4351.
More information:

Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.

The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution.

For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecture will be provided later.

We recommend that you upgrade your cupsys packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.