Debian Security Advisory

DSA-2354-1 cups -- several vulnerabilities

Date Reported:
28 Nov 2011
Affected Packages:
cups
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-2896, CVE-2011-3170.
More information:

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.

For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1.

For the testing (wheezy) and unstable distributions (sid), this problem has been fixed in version 1.5.0-8.

We recommend that you upgrade your cups packages.