Mandriva Linux Security Advisory : cups (MDVSA-2011:147)
Medium Nessus Plugin ID 61931
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in cups :
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.