Summary: | net-print/cups <1.3.8-r2 Multiple buffer overflows (CVE-2008-{3639,3640,3641}) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | major | CC: | printing | ||||||||||
Priority: | High | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | A2 [glsa] | ||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-09-28 20:56:51 UTC
Created attachment 166712 [details, diff]
cups-1.3.8-CVE-2008-3639.patch
Created attachment 166713 [details, diff]
cups-1.3.8-CVE-2008-3640.patch
Created attachment 166715 [details, diff]
cups-1.3.8-CVE-2008-3641.patch
The last two patches don't apply to 1.2.12 -- if we want to push a new stable, we need to do some backporting of the patches. Created attachment 167039 [details]
cups-1.3.8-r2-overlay.tar.gz
overlay containing cups-1.3.8-r2 and the patches
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. =net-print/cups-1.3.8-r2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76 Comment on attachment 167039 [details]
cups-1.3.8-r2-overlay.tar.gz
Um, sorry. I am suddenly not quite sure anymore that I was doing the right thing there. Opera messes with compression sometimes.
HPPA is OK. Comment on attachment 167039 [details]
cups-1.3.8-r2-overlay.tar.gz
You're right, it is tar only. I forgot the z parameter.
amd64 OK Sparc stable. My test is network only, using {.pdf, .ps} files and two printers: HP --- HP_4_SI_MX Xerox: DocuPrint_N2125 (with duplexer unit) Adding Tobias for alpha looks good on amd64/x86 looks good on ppc, too looks good on ppc64. public now, please commit. Thanks everyone, I've commited cups-1.3.8-r2 with stable keywords: amd64 hppa ppc ppc64 sparc x86 I've also sneaked in a little upstream patch to fix the broken desktop file (bug #236706) with -r2. On a last note, I've also followed rbu's advice on how to handle our insecure 1.2.12 revisions and removed the keywords of non-slacker archs with this commit. Arches, please test and mark stable: =net-print/cups-1.3.8-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Already stabled : "amd64 hppa ppc ppc64 sparc x86" Missing keywords: "alpha arm ia64 m68k s390 sh" CVE-2008-3639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3639): Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. CVE-2008-3640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3640): Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. Stable on alpha. Please be sure to delete and redownload the cups tarball if you've already downloaded it before, since upstream seems to have changed it some time ago, see bug #241216. ia64 stable, everything else is done GLSA request has been filed (rbu). GLSA 200812-11 |