MDVSA-2011:147

Package name

cups

Date

2011-10-11

Advisory ID

MDVSA-2011:147

Affected versions

2011 i586 , 2011 x86_64

Problem description

A vulnerability has been discovered and corrected in cups:

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896 (CVE-2011-3170).

The updated packages have been patched to correct this issue.

Updated packages

2011 i586

 dfe1930514d61aed854a4e8008c7c96b  2011/i586/cups-1.4.8-2.1-mdv2011.0.i586.rpm
 507a139bb70c7a9b5ecb42bb53651ea0  2011/i586/cups-common-1.4.8-2.1-mdv2011.0.i586.rpm
 9c6a22dae7caae2a6d6809875b4b8b40  2011/i586/cups-serial-1.4.8-2.1-mdv2011.0.i586.rpm
 2d2c112a5af50f542aeee9b1834a1fa9  2011/i586/libcups2-1.4.8-2.1-mdv2011.0.i586.rpm
 ad6720b4d527f55d68fe09f97044efde  2011/i586/libcups2-devel-1.4.8-2.1-mdv2011.0.i586.rpm
 066d648e963f65fd933dcfaa270b3611  2011/i586/php-cups-1.4.8-2.1-mdv2011.0.i586.rpm 
 2db28d333fbe983d011892d3e00ca1b4  2011/SRPMS/cups-1.4.8-2.1.src.rpm

2011 x86_64

 f1bbdb67e1ede1101c2f9910d4c83e81  2011/x86_64/cups-1.4.8-2.1-mdv2011.0.x86_64.rpm
 33ac2f328ee85dd762ce75e268a2b120  2011/x86_64/cups-common-1.4.8-2.1-mdv2011.0.x86_64.rpm
 1cf119819652ce5b3146f4726e0fb84e  2011/x86_64/cups-serial-1.4.8-2.1-mdv2011.0.x86_64.rpm
 d3e364709febbc4c40ad40f623eb8e7a  2011/x86_64/lib64cups2-1.4.8-2.1-mdv2011.0.x86_64.rpm
 3275cf6d769e5393aed0b7c1edf947c7  2011/x86_64/lib64cups2-devel-1.4.8-2.1-mdv2011.0.x86_64.rpm
 34851a451a10fcce01e70f83fe1c7e67  2011/x86_64/php-cups-1.4.8-2.1-mdv2011.0.x86_64.rpm 
 2db28d333fbe983d011892d3e00ca1b4  2011/SRPMS/cups-1.4.8-2.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170