Jump to content

Advisories MDVSA-2010:234: cups


paul
 Share

Recommended Posts

Multiple vulnerabilities were discovered and corrected in cups:

 

Cross-site request forgery (CSRF) vulnerability in the web interface

in CUPS, allows remote attackers to hijack the authentication of

administrators for requests that change settings (CVE-2010-0540).

 

The _WriteProlog function in texttops.c in texttops in the Text Filter

subsystem in CUPS before 1.4.4 does not check the return values

of certain calloc calls, which allows remote attackers to cause a

denial of service (NULL pointer dereference or heap memory corruption)

or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

 

The web interface in CUPS, reads uninitialized memory during handling

of form variables, which allows context-dependent attackers to obtain

sensitive information from cupsd process memory via unspecified vectors

(CVE-2010-1748).

 

The cupsFileOpen function in CUPS before 1.4.4 allows local users,

with lp group membership, to overwrite arbitrary files via a

symlink attack on the (1) /var/cache/cups/remote.cache or (2)

/var/cache/cups/job.cache file (CVE-2010-2431).

 

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

memory for attribute values with invalid string data types, which

allows remote attackers to cause a denial of service (use-after-free

and application crash) or possibly execute arbitrary code via a

crafted IPP request (CVE-2010-2941).

 

The updated packages have been upgraded to cups 1.3.10 and patched

to correct these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...