CUPS: Buffer overflow — GLSA 201607-06

A buffer overflow in CUPS might allow remote attackers to execute arbitrary code.

Affected packages

net-print/cups on all architectures
Affected versions < 2.0.2-r1
Unaffected versions >= 2.0.2-r1

Background

CUPS, the Common Unix Printing System, is a full-featured print server.

Description

A vulnerability has been discovered in CUPS concerning the handling of compressed raster files.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All CUPS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-print/cups-2.0.2-r1"
 

References

Release date
July 16, 2016

Latest revision
July 16, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries