Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 217232 - net-print/cups <1.2.12-r8 Image filter integer overflow (CVE-2008-1722)
Summary: net-print/cups <1.2.12-r8 Image filter integer overflow (CVE-2008-1722)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.cups.org/strfiles/2790/str...
Whiteboard: A2/B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-10 23:06 UTC by Robert Buchholz (RETIRED)
Modified: 2020-04-08 21:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-04-10 23:06:33 UTC 
CVE-2008-1722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1722):
  Multiple integer overflows in (1) filter/image-png.c and (2)
  filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service
  (crash) and trigger memory corruption, as demonstrated via a crafted PNG
  image.
Comment 1 Timo Gurr (RETIRED) gentoo-dev 2008-04-14 20:50:20 UTC 
Fixed in:
 * cups-1.2.12-r8.ebuild
 * cups-1.3.7-r1.ebuild
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-14 20:55:51 UTC 
Arches, please test and mark stable:
=net-print/cups-1.2.12-r8
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Comment 3 Markus Rothe (RETIRED) gentoo-dev 2008-04-15 05:40:53 UTC 
ppc64 stable
Comment 4 Ferris McCormick (RETIRED) gentoo-dev 2008-04-15 13:29:50 UTC 
Sparc stable (tested remote only, {.ps, .pdf}).
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-15 16:20:07 UTC 
Stable for HPPA.
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-16 17:51:38 UTC 
ppc stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2008-04-16 19:01:31 UTC 
Stable on alpha.
Comment 8 Markus Meier gentoo-dev 2008-04-17 00:59:22 UTC 
amd64/x86 stable
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-17 10:27:19 UTC 
GLSA request filed
Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-17 11:04:20 UTC 
This is the upstream bug for the issue: http://www.cups.org/str.php?L2790
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2008-04-17 11:13:55 UTC 
ia64 stable
Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-19 00:18:44 UTC 
GLSA 200804-23

thanks everyone
Comment 13 Peter Volkov (RETIRED) gentoo-dev 2008-04-21 08:06:02 UTC 
Fixed in release snapshot.