[Pkg-cups-devel] Fwd: Re: cups security update for Debian stable

Martin Pitt mpitt at debian.org
Mon Jul 28 17:26:28 UTC 2008 

Hi fellow cups maintainers,

sorry, forgot to CC: the list here.

Martin

----- Forwarded message from Martin Pitt <mpitt at debian.org> -----

Date: Mon, 28 Jul 2008 19:25:02 +0200
From: Martin Pitt <mpitt at debian.org>
To: Steffen Joeris <steffen.joeris at skolelinux.de>, security at debian.org
Subject: Re: cups security update for Debian stable

Hi Steffen, hi Debian security team,

Steffen Joeris [2008-07-27  0:17 +1000]:
> I am currently checking cups for debian stable and would like to prepare a 
> security update.
> 
> Debian stable (etch) uses cups version 1.2.7 and has a few CVEs that were 
> reported against that version fixed already. Currently, I am trying to fix 
> the following CVEs:
>
> CVE-2008-0053: Two buffer overflows in HP/GL2 filter. 
> CVE-2008-1373: GIF filter buffer overflow
> CVE-2008-1722: Integer overflows in PNG image loading code

These apply to Etch.  Thanks to Steffen for digging them out and
letting me know! I had some backporting to do, but nothing serious.

I prepared and tested an updated package:

  http://people.debian.org/~mpitt/etch-security/cupsys/

has the new source package and a debdiff against the current
etch-security version. The changelog and references should provide
sufficient documentation for the DSA texts (standard vulns really):

 cupsys (1.2.7-4etch4) stable-security; urgency=low
 .
   * Add 74_CVE-2008-0053.dpatch: Fix buffer overflows in filter/hpgl-input.c
     by crated HP-GL files; possibly exploitable to run arbitrary code.
     (CVE-2008-0053, upstream SVN trunk r7219)
   * Add 75_CVE-2008-1373.dpatch: Fix buffer overflow in GIF filter by crafted
     images with large code_size value; potentially exploitable to run
     arbitrary code. (CVE-2008-1373, STR#2765, upstream svn trunk r7420)
   * Add 76_CVE-2008-1722.dpatch: Fix integer overflows in PNG filter by
     crafted images with large dimensions; potentially exploitable to run
     arbitrary code. (CVE-2008-1722, STR #2790, svn trunk r7437)

Sid/Lenny: Fixed in 1.3.7-2.

> CVE-2008-0596: Memory leak in IPP browse requests
> CVE-2008-0597: DoS through IPP browse requests (derefencees of freed memory)

I verified that these two only apply to 1.1.x, thus they are not
relevant for Etch, Lenny, and Sid.

Please let me know if you need anything else.

Thanks,

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)



----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20080728/c8aa1972/attachment.pgp

More information about the Pkg-cups-devel mailing list