DSA-2176-1

Details

Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941

Several vulnerabilities have been discovered in the Common UNIX Printing System:

CVE-2008-5183

A null pointer dereference in RSS job completion notifications could lead to denial of service.

CVE-2009-3553

It was discovered that incorrect file descriptor handling could lead to denial of service.

CVE-2010-0540

A cross-site request forgery vulnerability was discovered in the web interface.

CVE-2010-0542

Incorrect memory management in the filter subsystem could lead to denial of service.

CVE-2010-1748

Information disclosure in the web interface.

CVE-2010-2431

Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files.

CVE-2010-2432

Denial of service in the authentication code.

CVE-2010-2941

Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.

Affected Packages

cups

Debian 5

Fixed in:

1.3.8-1+lenny9

References

ADVISORYhttps://security-tracker.debian.org/tracker/DSA-2176-1

DSA-2176-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline