Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Tomas Hoger writes:
Value of code_size is read from GIF image, but not properly validated
before use to initialize table array in gif_read_lzw().  clear_code
used as upper bound in for loop is short, hence overflow is limited to
~16k - 4k short int values.  Moreover, attacker has limited control
over the values written past the end of the buffer.

Timo, this issue is under embargo until 2008-03-26. Do not commit anything to
CVS until this date. Please prepare an updated ebuild and attach it to this
bug, we will do prestable testing here. Thanks.

Created an attachment (id=146667) [details]
cups-1.2.12-CVE-2008-1373.patch

Created an attachment (id=146668) [details]
cups-1.3.6-CVE-2008-1373.patch

Created an attachment (id=146714) [details]
cups-1.2.12-r7.ebuild

Added the patch for CVE-2008-1373 and also removed the unneeded (as also
discussed per mail and with upstream) patch for CVE-2007-4045.

Created an attachment (id=146721) [details]
cups-1.3.6-r3.ebuild

Arch Security Liaisons, please test the attached ebuild and report it stable on
this bug.
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh
sparc x86"

CC'ing current Liaisons:
   alpha : ferdy
   amd64 : welp
    hppa : jer
     ppc : dertobi123
   ppc64 : corsair
 release : pva
   sparc : fmccor
     x86 : opfer

(In reply to comment #6)
> Arch Security Liaisons, please test the attached ebuild and report it stable on
> this bug.

That is:
=net-print/cups-1.2.12-r7

Good to go on x86

Looks good on sparc.  Tested -1.2.12-r7, remote only, with {.ps, .pdf} files.

HPPA is OK.

looks good on ppc64

looks good on ppc

Adding Tobias for alpha

=net-print/cups-1.2.12-r7 works dandy on alpha.

Created an attachment (id=147078) [details]
cups-1.2.12-CVE-2008-0053.patch

Created an attachment (id=147080) [details]
cups-1.2.12-r7.ebuild

Ok, cups is killing me these days. Could you please retest with the new -r7
ebuild? Thanks.

CVE-2008-0053 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0053):
  Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has
  unknown impact and attack vectors related to "input validation."

Apple Advisory:
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Impact:  Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description:  Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6. These issues do not affect systems prior to Mac OS X
v10.5.

Tomas Hoger writes:
According to upstream, this CVE id was allocated for following issue fixed in
CUPS 1.3.6 (see CHANGES.txt):

- Fixed two overflow bugs in the HP-GL/2 filter (Coverity)

Local printing ....ok
Remote printing from
  Windows ...ok
  Linux ...ok

x86 good to go...again.

sparc still looks good, too, as described in Comment 9.

looks good on ppc64, too.

HPPA is OK again.

And on alpha, it works, too.

still looks good for ppc

Please note that the embargo has been delayed until Monday, 03/31.

looks good on ppc64

(In reply to comment #24)
> Please note that the embargo has been delayed until Monday, 03/31.

.... and again, Tuesday it is.

This is public now. Printing, please commit with the keywords you gathered.

Arches, please test and mark stable:
=net-print/cups-1.2.12-r7
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh
sparc x86"
Already stabled : "alpha amd64 hppa ppc ppc64 sparc x86"
Missing keywords: "arm ia64 m68k release s390 sh"

1.3.6 is unaffected for CVE-2008-0053.

This is GLSA-200804-01 - no joke!

Stable on ia64 by armin76.
Fixed in release snapshot.

*** Bug 215863 has been marked as a duplicate of this bug. ***