—–BEGIN PGP SIGNED MESSAGE—–
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgende Warnung des Debian-Teams. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2008-5286 – Integer Overflow in der CUPS Funktion
_cupsImageReadPNG()
In der CUPS Funktion _cupsImageReadPNG() laesst sich ein Integer
Overflow beim Einlesen eines PNG-Bilds ausloesen. Angreifer koennen
diese Schwachstelle ueber das Netz dazu ausnutzen, beliebigen Code mit
den Rechten des CUPS Daemons auszufuehren, wenn sie ein entsprechend
aufgebautes Bild ausdrucken lassen.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket cupsys in der stable Distribution (etch) vor Version 1.2.7-4etch6
Paket cupsys in der unstable Distribution (sid) vor Version 1.3.8-1lenny4
Ein Update des Pakets cupsys in der testing Distribution (lenny) ist
angekuendigt
Stable Distribution (etch)
Unstable Distribution (sid)
Testing Distribution (sid)
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://www.debian.org/security/2008/dsa-1677
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Andreas Bunten, DFN-CERT
– —
Andreas Bunten (Incident Response Team), +49 40 808077-555
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
– – ————————————————————————–
Debian Security Advisory DSA 1677-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 2nd, 2008 http://www.debian.org/security/faq
– – ————————————————————————–
Package : cupsys
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2008-5286
Debian Bug : 507183
An integer overflow has been discovered in the image validation code
of cupsys, the Common UNIX Printing System. An attacker could trigger
this bug by supplying a malicious graphic that could lead to the
execution of arbitrary code.
For the stable distribution (etch) this problem has been fixed in
version 1.2.7-4etch6.
For testing distribution (lenny) this issue will be fixed soon.
For the unstable distribution (sid) this problem has been fixed in
version 1.3.8-1lenny4.
We recommend that you upgrade your cupsys packages.
Upgrade Instructions
– – ——————–
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
– – ——————————-
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
Architecture independent components:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af
ARM architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde
These files will probably be moved into the stable distribution on
its next update.
– – ——————————————————————————— —–BEGIN PGP SIGNED MESSAGE—– Liebe Kolleginnen und Kollegen, soeben erreichte uns nachfolgende Warnung des Debian-Teams. Wir geben CVE-2008-5286 – Integer Overflow in der CUPS Funktion In der CUPS Funktion _cupsImageReadPNG() laesst sich ein Integer Betroffen sind die folgenden Software Pakete und Plattformen: Paket cupsys in der stable Distribution (etch) vor Version 1.2.7-4etch6 Stable Distribution (etch) Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt. Hersteller Advisory: (c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die Mit freundlichen Gruessen, DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Automatische Warnmeldungen https://www.cert.dfn.de/autowarn – —–BEGIN PGP SIGNED MESSAGE—– – – ————————————————————————– Package : cupsys An integer overflow has been discovered in the image validation code For the stable distribution (etch) this problem has been fixed in For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in We recommend that you upgrade your cupsys packages. Upgrade Instructions wget url If you are using the apt-get package manager, use the line for apt-get update You may use an automated update by adding the resources from the Debian GNU/Linux 4.0 alias etch Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc Architecture independent components: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb AMD64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb These files will probably be moved into the stable distribution on – – ———————————————————————————
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
diese Informationen unveraendert an Sie weiter.
_cupsImageReadPNG()
Overflow beim Einlesen eines PNG-Bilds ausloesen. Angreifer koennen
diese Schwachstelle ueber das Netz dazu ausnutzen, beliebigen Code mit
den Rechten des CUPS Daemons auszufuehren, wenn sie ein entsprechend
aufgebautes Bild ausdrucken lassen.
Paket cupsys in der unstable Distribution (sid) vor Version 1.3.8-1lenny4
Ein Update des Pakets cupsys in der testing Distribution (lenny) ist
angekuendigt
Unstable Distribution (sid)
Testing Distribution (sid)
http://www.debian.org/security/2008/dsa-1677
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Andreas Bunten, DFN-CERT
– —
Andreas Bunten (Incident Response Team), +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Hash: SHA1
Debian Security Advisory DSA 1677-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 2nd, 2008 http://www.debian.org/security/faq
– – ————————————————————————–
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2008-5286
Debian Bug : 507183
of cupsys, the Common UNIX Printing System. An attacker could trigger
this bug by supplying a malicious graphic that could lead to the
execution of arbitrary code.
version 1.2.7-4etch6.
version 1.3.8-1lenny4.
– – ——————–
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
sources.list as given at the end of this advisory:
will update the internal database
apt-get upgrade
will install corrected packages
footer to the proper configuration.
– – ——————————-
Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4
Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb
Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af
Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e
Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e
Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef
Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de
Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037
Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434
Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1
Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98
Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
