Please update cupsys to the generic version for hardy to fix several security vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Dell Mini Project |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Cupsys in hardy for the dell mini is in version 1.3.7-1ubuntu3 which is affected by several security vulnerabilities. The version in generic hardy ( 1.3.7-1ubuntu3) includes already the patches. So those should be ported to hardy for the mini.
Changelog:
cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service by adding a large number of RSS
subscriptions (LP: #298241)
- debian/
being reached in scheduler/
- CVE-2008-5183
* SECURITY UPDATE: unauthorized access to RSS subscription functions in
web interface (LP: #298241)
- debian/
in /cgi-bin/admin.c.
- CVE-2008-5184
* SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
image with a large height value
- This issue was introduced in the patch for CVE-2008-1722.
- debian/
instead of img->ysize so we don't overflow in filter/image-png.c.
- CVE-2008-5286
* SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
- debian/
- CVE-2008-5377
-- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:29:38 -0500
cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low
* debian/rules: Install the serial backend with 0700 permissions to make it
run as root, since /dev/ttyS* are root:dialout and thus not accessible as
user "lp". (LP: #154277)
-- Martin Pitt <email address hidden> Wed, 26 Nov 2008 14:30:00 +0000
cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low
* SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
the SGI filter
- debian/
filter/
patch by Martin Pitt.
- STR #2918
- CVE-2008-3639
* SECURITY UPDATE: integer overflow in texttops filter which could lead
to heap-based overflow
- debian/
textcommon.c and texttops.c to check for too large or negative page
metrics. Taken from Debian patch by Martin Pitt.
- STR #2919
- CVE-2008-3640
* SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
arbitrary code execution
- debian/
hpgl-attr.c to properly check for an invalid number of pens. Also
includes fix for regression in orginal upstream patch which changed
the color mapping and an off-by-one loop error. Taken from Debian patch
by Martin Pitt.
- STR #2911
- STR #2966
- CVE-2008-3641
-- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 13:17:07 -0500
Changed in dell-mini: | |
status: | Fix Committed → Fix Released |
Changed in dell-mini: | |
assignee: | Registry Administrators (registry) → nobody |
Updated status and assigned to oem-security