Debian DSA-1407-1 : cupsys - buffer overflow
Critical Nessus Plugin ID 28253
SynopsisThe remote Debian host is missing a security-related update.
DescriptionAlin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.
The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution.
SolutionUpgrade the cupsys packages.
For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecture will be provided later.