Ubuntu
cupsys package

Bug #11421
Comment #0

Comment 0 for bug 11421

Revision history for this message

In Debian Bug tracker #286988, Martin Pitt (pitti) wrote on 2004-12-23:

Package: cupsys
Version: 1.1.20final+rc1-10
Severity: critical
Tags: security patch
Justification: root security hole

Hi!

Recently CAN-2004-1125 has been discovered in xpdf. Since CUPS
contains verbatim xpdf code (sigh), this package is affected as well.

http://www.idefense.com/application/poi/display?id=172

In addition, there are four additional CANs which were recently
discovered by some students of D. J. Bernstein, which concern the HPGL
input driver and lppasswd.

http://tigger.uic.edu/~jlongs2/holes/cups.txt
http://tigger.uic.edu/~jlongs2/holes/cups2.txt

Please also see the Ubuntu security notice for details:

http://www.ubuntulinux.org/support/documentation/usn/usn-50-1

You can get the Ubuntu security patch from

http://patches.ubuntu.com/patches/cupsys.multiple-CAN.diff

Thanks,

Martin

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org

Ubuntucupsys package

Comment 0 for bug 11421

Ubuntu
cupsys package