Debian Security Advisory
DSA-2354-1 cups -- several vulnerabilities
- Date Reported:
- 28 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-2896, CVE-2011-3170.
- More information:
Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.
For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10.
For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1.
For the testing (wheezy) and unstable distributions (sid), this problem has been fixed in version 1.5.0-8.
We recommend that you upgrade your cups packages.