[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1437-1 security@xxxxxxxxxx
http://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : cupsys
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-5849 CVE-2007-6358

Several local vulnerabilities have been discovered in the Common UNIX
Printing System. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-5849

Wei Wang discovered that an buffer overflow in the SNMP backend
may lead to the execution of arbitrary code.

CVE-2007-6358

Elias Pipping discovered that insecure handling of a temporary
file in the pdftops.pl script may lead to local denial of service.
This vulnerability is not exploitable in the default configuration.

For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch2.

The old stable distribution (sarge) is not affected by CVE-2007-5849.
The other issue doesn't warrant an update on it's own and has been
postponed.

For the unstable distribution (sid), these problems have been fixed in
version 1.3.5-1.

We recommend that you upgrade your cupsys packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc
Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz
Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb
Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb
Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHclSzXm3vHE4uyloRAqN4AJ446Cy9X2qGSIJqCKirOI2pWmEseACgygi1
mLr61xygMrJtafqG+L6vzQw=
=Kaoc
-----END PGP SIGNATURE-----