Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 551846 (CVE-2015-1158) - <net-print/cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159})
Summary: <net-print/cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159})
Status: RESOLVED FIXED
Alias: CVE-2015-1158
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.cups.org/str.php?L4609
Whiteboard: A1 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-11 23:18 UTC by Sam James
Modified: 2015-10-31 15:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2015-06-11 23:18:41 UTC
From URL:
----
We received a report from Google that cupsd can be exploited to perform a privilege escalation using a combination of bugs and the dynamic linker's support for (pre)loading or redirecting which shared libraries are used by the cups-exec helper program.

An attacker from remote who is allowed to submit print jobs toa CUPS server can upload a new cupsd.conf file onto that server.
----

The 'one other' being http://www.cups.org/str.php?L4602 (not assigned a CVE):
----
The CUPS server can get stuck in an infinite loop when a user queues a malformed gzip file. When this happens the CUPS server will be unable to service any further requests. (I'm running CUPS using systemd's socket activation, which might perhaps be relevant.)
----

Affects versions: < 2.0.3

http://www.cups.org/str.php?L4609
http://www.cups.org/str.php?L4602

Reproducible: Always
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2015-06-13 06:46:16 UTC
CVE-2015-{1158,1159} - Additional CVE's requested.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-06-30 00:10:37 UTC
CVE-2015-1159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1159):
  Cross-site scripting (XSS) vulnerability in the cgi_puts function in
  cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote
  attackers to inject arbitrary web script or HTML via the QUERY parameter to
  help/.

CVE-2015-1158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1158):
  The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3
  performs incorrect free operations for multiple-value
  job-originating-host-name attributes, which allows remote attackers to
  trigger data corruption for reference-counted strings via a crafted (1)
  IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing
  the configuration file and consequently executing arbitrary code.
Comment 3 Matthias Maier gentoo-dev 2015-07-06 07:00:28 UTC
*cups-2.0.3 (06 Jul 2015)

  06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.3.ebuild,
  -cups-1.7.5-r2.ebuild, -cups-1.7.5.ebuild, -cups-1.7.9999.ebuild,
  -cups-2.0.0-r2.ebuild, -cups-2.0.1-r1.ebuild, -cups-2.0.2-r2.ebuild,
  -cups-2.0.2.ebuild:
  version bump; cleanup; CVE-2015-{1158,1159}, bug #551846
Comment 4 Matthias Maier gentoo-dev 2015-07-06 07:04:12 UTC
Arches, please stabilize

  =net-print/cups-2.0.3

Target keywords: alpha amd64 arm hppa ppc ppc64 sparc x86
Comment 5 Matthias Maier gentoo-dev 2015-07-06 07:18:21 UTC
I accidentally missed that 2.0.2 is not stable for ia64.

  06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.1-r1.ebuild:
  ressurect accidentally deleted latest stable version for ia64, bug #551846


Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 6 Jeroen Roovers gentoo-dev 2015-07-07 04:48:27 UTC
Stable for HPPA PPC64.
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-07 08:08:09 UTC
amd64 stable
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 18:15:23 UTC
arm stable
Comment 9 Tobias Klausmann gentoo-dev 2015-07-14 16:18:17 UTC
Stable on alpha.
Comment 10 Agostino Sarubbo gentoo-dev 2015-07-23 09:02:35 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2015-07-23 09:38:04 UTC
sparc stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-24 10:19:06 UTC
ia64 stable
Comment 13 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-09 18:12:53 UTC
x86 stable
Comment 14 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-10 23:01:24 UTC
Maintainer(s), Thank you for you for cleanup.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 15 Manuel Rüger (RETIRED) gentoo-dev 2015-08-27 18:14:17 UTC
Cleanup done.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:30:17 UTC
This issue was resolved and addressed in
 GLSA 201510-07 at https://security.gentoo.org/glsa/201510-07
by GLSA coordinator Kristian Fiskerstrand (K_F).