Alin Rad Pop discovered that CUPS did not correctly validate buffer
lengths when processing IPP tags. Remote attackers successfully
exploiting this vulnerability would gain access to the non-root CUPS user
in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be
isolated by the AppArmor CUPS profile.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.4
Ubuntu 6.10:
cupsys 1.2.4-2ubuntu3.1
Ubuntu 7.04:
cupsys 1.2.8-0ubuntu8.1
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.1
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Tuesday, November 6, 2007
Ubuntu Security Alert Nov 7 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment