FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-31 16:42:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
736e55bc-39bb-11de-a493-001b77d09812	cups -- remote code execution and DNS rebinding Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163). Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164). Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler. A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks. Discovery 2009-05-05 Entry 2009-05-07 Modified 2009-05-13 cups-base < 1.3.10 34571 34665 34568 CVE-2009-0163 CVE-2009-0164 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 http://www.cups.org/articles.php?L582
a40ec970-0efa-11e5-90e4-d050996490d0	cups -- multiple vulnerabilities CUPS development team reports: The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include: Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609) Security: The scheduler could hang with malformed gzip data (STR #4602) Discovery 2015-06-09 Entry 2015-06-09 cups-base < 2.0.3 CVE-2015-1158 CVE-2015-1159 https://cups.org/blog.php?L1082 https://www.kb.cert.org/vuls/id/810572

VuXML ID

Description

736e55bc-39bb-11de-a493-001b77d09812

cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).

Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).

Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.

Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base

< 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582

a40ec970-0efa-11e5-90e4-d050996490d0

cups -- multiple vulnerabilities

CUPS development team reports:

The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include:

Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609)

Security: The scheduler could hang with malformed gzip data (STR #4602)

Discovery 2015-06-09
Entry 2015-06-09
cups-base

< 2.0.3

CVE-2015-1158
CVE-2015-1159
https://cups.org/blog.php?L1082
https://www.kb.cert.org/vuls/id/810572