Security Information / 2011 / Security Information -- DSA-2354-1 cups

Debian Security Advisory

DSA-2354-1 cups -- several vulnerabilities

Date Reported:

28 Nov 2011

Affected Packages:

cups

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-2896, CVE-2011-3170.

More information:

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.

For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1.

For the testing (wheezy) and unstable distributions (sid), this problem has been fixed in version 1.5.0-8.

We recommend that you upgrade your cups packages.