CUPS serves an interface on TCP port 631, which provides access to several CGI applications. These applications are used to administer CUPS, and to provide information about print jobs. These applications all use a common search function called cgiCompileSearch(). This function takes a user provide search expression, and compiles it into a regular expression. By passing a malformed search request, an attacker can trigger a heap based buffer overflow. In order to exploit this vulnerability remotely, the targeted host must be sharing a printer(s) on the network. If a printer is not being shared, CUPS only listens on the localhost interface, and the scope of this vulnerability would be limited to local privilege escalation. The CVE for this issue is CVE-2008-0047. It is also tracked by http://www.cups.org/str.php?L2729 Timing: This issue should remain embargoed until 3/18/2008. If there is any change to this schedule, we will notify vendor-sec. Versions affected: CUPS 1.2.0 through 1.3.6 Credit: regenrecht working with the VeriSign iDefense VCP
Timo, this issue is under embargo until 2008-03-18. Do not commit anything to CVS until this date. Please prepare an updated ebuild and attach it to this bug, we will do prestable testing here. Thanks.
Created attachment 145338 [details, diff] cups-1.2.12-CVE-2008-0047.patch Upstream patch
Timo, please prepare an ebuild.
Created attachment 145731 [details] cups-1.2.12-r6.ebuild With the same keywords like cups-1.2.12-r4.ebuild: Stable: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 Testing: ~mips ~sparc-fbsd ~x86-fbsd
Created attachment 145733 [details] cups-1.3.6-r2.ebuild Many thanks to Peter Volkov (pva) for helping me out with the ebuilds and bugfixes!
Arch Security Liaisons, please test the attached ebuild ( =net-print/cups-1.2.12-r4 ) and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer
sparc is good with cups-1.2.12-r6. (Tested remote only using {.ps, .pdf} files, two different printers.) I think in Comment 6 you mean -1.2.12-r6. I didn't do anything with -1.3.6-r2.
(In reply to comment #7) > I think in Comment 6 you mean -1.2.12-r6. Hgh.....my copy+paste foo is not improving as fast as I hoped.
OK for HPPA.
Works on x86 remote and local...only had time for 1.2.12-r6
-1.2.12-r6 looks good on ppc64.
Looks good to go on amd64
public via URL. tgurr, printing, please commit the ebuild to the tree with the stable keywords earned in this bug.
printing, I committed the ebuilds here since I could not get hold of tgurr since yesterday. I did not clean up older ebuilds. Now for the rest... Arches, please test and mark stable: =net-print/cups-1.2.12-r6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" Already stabled : "amd64 hppa ppc64 sparc x86" Missing keywords: "alpha arm ia64 m68k ppc release s390 sh"
ia64 stable
Stable on alpha.
ppc stable, ready for glsa
Fixed in release snapshot.
draft in 'maker.
GLSA 200804-01