Debian Security Advisory
DSA-110-1 cups -- buffer overflow
- Date Reported:
- 13 Feb 2002
- Affected Packages:
- cupsys
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2002-0063.
- More information:
-
The authors of CUPS, the Common UNIX Printing System, have found a potential buffer overflow bug in the code of the CUPS daemon where it reads the names of attributes. This affects all versions of CUPS.
This problem has been fixed in version 1.0.4-10 for the stable Debian distribution and version 1.1.13-2 for the current testing/unstable distribution.
We recommend that you upgrade your CUPS packages immediately if you have them installed.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-10.dsc
- http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-10.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-10.diff.gz
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys-bsd_1.0.4-10_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-10_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1-dev_1.0.4-10_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1_1.0.4-10_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-10_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys-bsd_1.0.4-10_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys_1.0.4-10_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1-dev_1.0.4-10_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1_1.0.4-10_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys_1.0.4-10_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys-bsd_1.0.4-10_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-10_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1-dev_1.0.4-10_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1_1.0.4-10_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-10_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys-bsd_1.0.4-10_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-10_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1-dev_1.0.4-10_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1_1.0.4-10_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-10_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys-bsd_1.0.4-10_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-10_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1-dev_1.0.4-10_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1_1.0.4-10_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-10_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys-bsd_1.0.4-10_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-10_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1-dev_1.0.4-10_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1_1.0.4-10_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-10_sparc.deb
MD5 checksums of the listed files are available in the original advisory.