News

=========================================================== Ubuntu Security Notice USN-606-1 May 05, 2008 cupsys vulnerability CVE-2008-1722 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.9 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.4 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.7 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722)