FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a40ec970-0efa-11e5-90e4-d050996490d0cups -- multiple vulnerabilities

CUPS development team reports:

The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include:

Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609)

Security: The scheduler could hang with malformed gzip data (STR #4602)


Discovery 2015-06-09
Entry 2015-06-09
cups-base
< 2.0.3

CVE-2015-1158
CVE-2015-1159
https://cups.org/blog.php?L1082
https://www.kb.cert.org/vuls/id/810572
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
< 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
87106b67-be13-11dd-a578-0030843d3802cups -- potential buffer overflow in PNG reading code

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)


Discovery 2008-10-17
Entry 2008-11-29
Modified 2008-12-25
cups-base
< 1.3.9_2

CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2
ce29ce1d-971a-11dd-ab7e-001c2514716ccups -- multiple vulnerabilities

The release note of cups 1.3.9 reports:

It contains the following fixes:

  • SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911)
  • SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918)
  • SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919)

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service.


Discovery 2008-10-09
Entry 2008-10-10
cups-base
< 1.3.9

CVE-2008-3639
CVE-2008-3640
CVE-2008-3641