SUSE-SA:2009:024 -- SUSE cups remote code executionID: oval:org.secpod.oval:def:400072 | Date: (C)2012-01-31 (M)2024-01-02 |
Class: PATCH | Family: unix |
The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. This file could lead to an integer overflow in the "imagetops" filter which caused an heap overflow later. This bug is probably exploitable remotely by users having remote access to the CUPS server and allows the execution of arbitrary code with the privileges of the cupsd process. CVE-2009-0163 The second issue affects the JBIG2 decoding of the "pdftops" filter. The JBIG2 decoding routines are vulnerable to various software failure types like integer and buffer overflows and it is believed to be exploit- able remotely to execute arbitrary code with the privileges of the cupsd process. CVE-2009-0799, CVE-2009-1182, CVE-2009-1183
Platform: |
openSUSE 10.3 |
openSUSE 11.1 |
openSUSE 11.0 |