CVE-2008-5377

Publication date 8 December 2008

Last updated 24 July 2024

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cups	8.10 intrepid	Not affected
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
cupsys	8.10 intrepid	Not in release
	8.04 LTS hardy	Fixed 1.3.7-1ubuntu3.3
	7.10 gutsy	Fixed 1.3.2-1ubuntu7.9
	6.06 LTS dapper	Fixed 1.2.2-0ubuntu0.6.06.12

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-707-1
CUPS vulnerabilities
12 January 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5377