Aviso de seguridad de Debian

DSA-1625-1 cupsys -- Desbordamiento de búfer

Fecha del informe:
1 de ago de 2008
Paquetes afectados:
cupsys
Vulnerable:
Referencias a bases de datos de seguridad:
En el sistema de seguimiento de errores de Debian: error 476305.
En el diccionario CVE de Mitre: CVE-2008-0053, CVE-2008-1373, CVE-2008-1722.
Información adicional:

Varias vulnerabilidades remotas han sido descubiertas en Common Unix Printing System (CUPS). El proyecto Common Vulnerabilities and Exposures ha identificado los siguientes problemas:

  • CVE-2008-0053

    Un desbordamiento de búfer en el filtro de entrada de HP-GL permitía ejecutar código arbitrario mediante ficheros HP-GL manipulados.

  • CVE-2008-1373

    Un desbordamiento de búfer en el filtro GIF permitía ejecutar código mediante ficheros GIF manipulados.

  • CVE-2008-1722

    Desbordamientos de entero en el filtro PNG permitían ejecutar código arbitrario mediante ficheros PNG manipulados.

Para la distribución estable (etch) este problema se ha resuelto en la versión 1.2.7-4etch4 del paquete cupsys.

Para las distribuciones testing (lenny) e inestable (sid) estos problemas se han resuelto en la versión 1.3.7-2 del paquete cupsys.

Recomendamos que actualice el paquete cupsys.

Arreglado en:

Debian GNU/Linux 4.0 (etch)

Fuentes:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.dsc
Componentes independientes de la arquitectura:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb
AMD64:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_amd64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_arm.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_hppa.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_ia64.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mips.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mipsel.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_powerpc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_s390.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_sparc.deb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.