CUPS: Multiple Vulnerabilities

Users of cups please be advised of Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:234: [MDVSA-2010:234] cups Multiple Vulnerabilities
Problem Description:

Multiple vulnerabilities were discovered and corrected in cups:

Cross-site request forgery (CSRF) vulnerability in the web interface
in CUPS, allows remote attackers to hijack the authentication of

administrators for requests that change settings (CVE-2010-0540).

The _WriteProlog function in texttops.c in texttops in the Text Filter
subsystem in CUPS before 1.4.4 does not check the return values
of certain calloc calls, which allows remote attackers to cause a
denial of service (NULL pointer dereference or heap memory corruption)

or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

The web interface in CUPS, reads uninitialized memory during handling
of form variables, which allows context-dependent attackers to obtain
sensitive information from cupsd process memory via unspecified vectors

(CVE-2010-1748).

Read more at http://www.criticalwatch.com

 

Advertisements