News

=========================================================== Ubuntu Security Notice USN-64-1 January 19, 2005 xpdf, cupsys vulnerabilities CAN-2005-0064 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: cupsys libcupsimage2 libcupsys2-gnutls10 xpdf-reader xpdf-utils The problem can be corrected by upgrading the affected package to version 1.1.20final+cvs20040330-4ubuntu16.4 (cupsys, libcupsimage2, and libcupsys2-gnutls10) and 3.00-8ubuntu1.4 (xpdf-reader and xpdf-utils). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user's privileges. The Common UNIX Printing System (CUPS) uses the same code to print PDF files. In this case, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys).