Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087Mandriva Linux Security Advisory - Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another denial of service regression within SSL handling.
ecabb41b8b78285be0640a5a66957a87738180a417d3ecba60aedebac3f4919eUbuntu Security Notice 563-1 - Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. Elias Pipping discovered that temporary files were not handled safely in certain situations when converting PDF to PS. A local attacker could cause a denial of service.
489700930be8d4a13257c7209ad13c6df10d30f853eac24c1ae666ddb054ed79Debian Security Advisory 1437-1 - Several local vulnerabilities have been discovered in the Common UNIX Printing System. Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code. Elias Pipping discovered that insecure handling of a temporary file in the pdftops.pl script may lead to local denial of service. This vulnerability is not exploitable in the default configuration.
ba7432db46bd77f7740c04c35326787bd23f71995851c7c106d7596a6c1ebc49Gentoo Linux Security Advisory GLSA 200712-14 - Wei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). Versions less than 1.3.5 are affected.
e011fd7e491b8a5fc40987640696d58b66059540e40b69f7a72cd19ab51fbdf6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed