Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 551846 (CVE-2015-1158) - <net-print/cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159})
Summary: <net-print/cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159})
Alias: CVE-2015-1158
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A1 [glsa cve]
Depends on:
Reported: 2015-06-11 23:18 UTC by Sam James
Modified: 2021-01-21 11:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2015-06-11 23:18:41 UTC
From URL:
We received a report from Google that cupsd can be exploited to perform a privilege escalation using a combination of bugs and the dynamic linker's support for (pre)loading or redirecting which shared libraries are used by the cups-exec helper program.

An attacker from remote who is allowed to submit print jobs toa CUPS server can upload a new cupsd.conf file onto that server.

The 'one other' being (not assigned a CVE):
The CUPS server can get stuck in an infinite loop when a user queues a malformed gzip file. When this happens the CUPS server will be unable to service any further requests. (I'm running CUPS using systemd's socket activation, which might perhaps be relevant.)

Affects versions: < 2.0.3

Reproducible: Always
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2015-06-13 06:46:16 UTC
CVE-2015-{1158,1159} - Additional CVE's requested.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-06-30 00:10:37 UTC
CVE-2015-1159 (
  Cross-site scripting (XSS) vulnerability in the cgi_puts function in
  cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote
  attackers to inject arbitrary web script or HTML via the QUERY parameter to

CVE-2015-1158 (
  The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3
  performs incorrect free operations for multiple-value
  job-originating-host-name attributes, which allows remote attackers to
  trigger data corruption for reference-counted strings via a crafted (1)
  IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing
  the configuration file and consequently executing arbitrary code.
Comment 3 Matthias Maier gentoo-dev 2015-07-06 07:00:28 UTC
*cups-2.0.3 (06 Jul 2015)

  06 Jul 2015; Matthias Maier <> +cups-2.0.3.ebuild,
  -cups-1.7.5-r2.ebuild, -cups-1.7.5.ebuild, -cups-1.7.9999.ebuild,
  -cups-2.0.0-r2.ebuild, -cups-2.0.1-r1.ebuild, -cups-2.0.2-r2.ebuild,
  version bump; cleanup; CVE-2015-{1158,1159}, bug #551846
Comment 4 Matthias Maier gentoo-dev 2015-07-06 07:04:12 UTC
Arches, please stabilize


Target keywords: alpha amd64 arm hppa ppc ppc64 sparc x86
Comment 5 Matthias Maier gentoo-dev 2015-07-06 07:18:21 UTC
I accidentally missed that 2.0.2 is not stable for ia64.

  06 Jul 2015; Matthias Maier <> +cups-2.0.1-r1.ebuild:
  ressurect accidentally deleted latest stable version for ia64, bug #551846

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-07-07 04:48:27 UTC
Stable for HPPA PPC64.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-07 08:08:09 UTC
amd64 stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 18:15:23 UTC
arm stable
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2015-07-14 16:18:17 UTC
Stable on alpha.
Comment 10 Agostino Sarubbo gentoo-dev 2015-07-23 09:02:35 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2015-07-23 09:38:04 UTC
sparc stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-24 10:19:06 UTC
ia64 stable
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-08-09 18:12:53 UTC
x86 stable
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2015-08-10 23:01:24 UTC
Maintainer(s), Thank you for you for cleanup.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 15 Manuel Rüger (RETIRED) gentoo-dev 2015-08-27 18:14:17 UTC
Cleanup done.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:30:17 UTC
This issue was resolved and addressed in
 GLSA 201510-07 at
by GLSA coordinator Kristian Fiskerstrand (K_F).