FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321198
Date:      2013-06-18
Time:      15:50:05Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
87106b67-be13-11dd-a578-0030843d3802cups -- potential buffer overflow in PNG reading code

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)


Discovery 2008-10-17
Entry 2008-11-29
Modified 2008-12-25
cups-base
lt 1.3.9_2

CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2
87106b67-be13-11dd-a578-0030843d3802cups -- potential buffer overflow in PNG reading code

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)


Discovery 2008-10-17
Entry 2008-11-29
Modified 2008-12-25
cups-base
lt 1.3.9_2

CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2