Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 504474 - <net-print/cups-filters-1.0.48: arbitrary code execution with the privileges of the "lp" user (CVE-2013-{6473,6474,6475,6476})
Summary: <net-print/cups-filters-1.0.48: arbitrary code execution with the privileges ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-13 11:27 UTC by Andreas K. Hüttel
Modified: 2014-06-16 20:43 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel gentoo-dev 2014-03-13 11:27:12 UTC
From the upstream changelog:

--
CHANGES IN V1.0.47
        - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
          and CVE-2013-6476: Introductionof gmallocn and gmallocn3
          to protect against arbitrary code execution with the
          privileges of the "lp" user via malicious PDF files. Also
          restrict the directory from where OPVP drivers can get
          loaded.
        - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
          buffer overflow flaws in urftopdf. If a malicious URF file
          were processed it could lead to arbitrary code execution
          with the privileges of the "lp" user.
--

Please test and if OK stabilize =net-print/cups-filters-1.0.48
Comment 1 Andreas K. Hüttel gentoo-dev 2014-04-15 19:31:07 UTC
OK seems like this went under the radar... Nothing to stabilize here anymore, there is bug 506518 requesting a newer version by now.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-04-29 21:32:30 UTC
CVE-2013-6476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6476):
  The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the
  pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users
  to gain privileges via a Trojan horse driver in the same directory as the
  PDF file.

CVE-2013-6475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6475):
  Multiple integer overflows in (1) OPVPOutputDev.cxx and (2)
  oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before
  1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF
  file, which triggers a heap-based buffer overflow.

CVE-2013-6474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6474):
  Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters
  before 1.0.47 allows remote attackers to execute arbitrary code via a
  crafted PDF file.

CVE-2013-6473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6473):
  Multiple heap-based buffer overflows in the urftopdf filter in cups-filters
  1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a
  large (1) page or (2) line in a URF file.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-16 05:07:16 UTC
Stabilized as part of Bug 508844
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-06-16 18:15:10 UTC
This issue was resolved and addressed in
 GLSA 201406-16 at http://security.gentoo.org/glsa/glsa-201406-16.xml
by GLSA coordinator Mikle Kolyada (Zlogene).