ports/134247: [vuxml] print/cups-base: document vulnerabilities fixed in 1.3.10
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Tue May 5 22:00:08 UTC 2009
>Number: 134247
>Category: ports
>Synopsis: [vuxml] print/cups-base: document vulnerabilities fixed in 1.3.10
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 05 22:00:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 8.0-CURRENT amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 8.0-CURRENT amd64
>Description:
Some vulnerabilities were fixed in CUPS 1.3.10: [1]
>How-To-Repeat:
[1] http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml
>Fix:
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="736e55bc-39bb-11de-a493-001b77d09812">
<topic>cups -- remote code execution and DNS rebinding</topic>
<affects>
<package>
<name>cups-base</name>
<range><lt>1.3.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gentoo security team summarizes:</p>
<blockquote
cite="http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml">
<p>The following issues were reported in CUPS:</p>
<ul>
<li>iDefense reported an integer overflow in the
_cupsImageReadTIFF() function in the "imagetops" filter,
leading to a heap-based buffer overflow (CVE-2009-0163).</li>
<li>Aaron Siegel of Apple Product Security reported that the
CUPS web interface does not verify the content of the "Host"
HTTP header properly (CVE-2009-0164).</li>
<li>Braden Thomas and Drew Yao of Apple Product Security
reported that CUPS is vulnerable to CVE-2009-0146,
CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
poppler.</li>
</ul>
<p>A remote attacker might send or entice a user to send a
specially crafted print job to CUPS, possibly resulting in the
execution of arbitrary code with the privileges of the
configured CUPS user -- by default this is "lp", or a Denial
of Service. Furthermore, the web interface could be used to
conduct DNS rebinding attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0163</cvename>
<cvename>CVE-2009-0164</cvename>
<cvename>CVE-2009-0146</cvename>
<cvename>CVE-2009-0147</cvename>
<cvename>CVE-2009-0166</cvename>
<bid>34571</bid>
<bid>34665</bid>
<bid>34568</bid>
<url>http://www.cups.org/articles.php?L582</url>
</references>
<dates>
<discovery>2009-05-05</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list