ports/134247: [vuxml] print/cups-base: document vulnerabilities fixed in 1.3.10

[Eygene Ryabinkin]

>Number:         134247
>Category:       ports
>Synopsis:       [vuxml] print/cups-base: document vulnerabilities fixed in 1.3.10
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 05 22:00:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 8.0-CURRENT amd64
>Organization:
Code Labs
>Environment:

System: FreeBSD 8.0-CURRENT amd64

>Description:

Some vulnerabilities were fixed in CUPS 1.3.10: [1]

>How-To-Repeat:

[1] http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml

>Fix:

The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
  <vuln vid="736e55bc-39bb-11de-a493-001b77d09812">
    <topic>cups -- remote code execution and DNS rebinding</topic>
    <affects>
      <package>
        <name>cups-base</name>
        <range><lt>1.3.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>Gentoo security team summarizes:</p>
        <blockquote
          cite="http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml">
          <p>The following issues were reported in CUPS:</p>
          <ul>
            <li>iDefense reported an integer overflow in the
            _cupsImageReadTIFF() function in the "imagetops" filter,
            leading to a heap-based buffer overflow (CVE-2009-0163).</li>
            <li>Aaron Siegel of Apple Product Security reported that the
            CUPS web interface does not verify the content of the "Host"
            HTTP header properly (CVE-2009-0164).</li>
            <li>Braden Thomas and Drew Yao of Apple Product Security
            reported that CUPS is vulnerable to CVE-2009-0146,
            CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
            poppler.</li>
          </ul>
          <p>A remote attacker might send or entice a user to send a
          specially crafted print job to CUPS, possibly resulting in the
          execution of arbitrary code with the privileges of the
          configured CUPS user -- by default this is "lp", or a Denial
          of Service. Furthermore, the web interface could be used to
          conduct DNS rebinding attacks.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2009-0163</cvename>
      <cvename>CVE-2009-0164</cvename>
      <cvename>CVE-2009-0146</cvename>
      <cvename>CVE-2009-0147</cvename>
      <cvename>CVE-2009-0166</cvename>
      <bid>34571</bid>
      <bid>34665</bid>
      <bid>34568</bid>
      <url>http://www.cups.org/articles.php?L582</url>
    </references>
    <dates>
      <discovery>2009-05-05</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted: