Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecture will be provided later. We recommend that you upgrade your cupsys packages.
Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.
The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution.
For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch4. Updated packages for the arm architecture will be provided later.
We recommend that you upgrade your cupsys packages.
MD5 checksums of the listed files are available in the original advisory.