[Pkg-cups-devel] Fwd: Re: cups security update for Debian stable
Martin Pitt
mpitt at debian.org
Mon Jul 28 17:26:28 UTC 2008
Hi fellow cups maintainers,
sorry, forgot to CC: the list here.
Martin
----- Forwarded message from Martin Pitt <mpitt at debian.org> -----
Date: Mon, 28 Jul 2008 19:25:02 +0200
From: Martin Pitt <mpitt at debian.org>
To: Steffen Joeris <steffen.joeris at skolelinux.de>, security at debian.org
Subject: Re: cups security update for Debian stable
Hi Steffen, hi Debian security team,
Steffen Joeris [2008-07-27 0:17 +1000]:
> I am currently checking cups for debian stable and would like to prepare a
> security update.
>
> Debian stable (etch) uses cups version 1.2.7 and has a few CVEs that were
> reported against that version fixed already. Currently, I am trying to fix
> the following CVEs:
>
> CVE-2008-0053: Two buffer overflows in HP/GL2 filter.
> CVE-2008-1373: GIF filter buffer overflow
> CVE-2008-1722: Integer overflows in PNG image loading code
These apply to Etch. Thanks to Steffen for digging them out and
letting me know! I had some backporting to do, but nothing serious.
I prepared and tested an updated package:
http://people.debian.org/~mpitt/etch-security/cupsys/
has the new source package and a debdiff against the current
etch-security version. The changelog and references should provide
sufficient documentation for the DSA texts (standard vulns really):
cupsys (1.2.7-4etch4) stable-security; urgency=low
.
* Add 74_CVE-2008-0053.dpatch: Fix buffer overflows in filter/hpgl-input.c
by crated HP-GL files; possibly exploitable to run arbitrary code.
(CVE-2008-0053, upstream SVN trunk r7219)
* Add 75_CVE-2008-1373.dpatch: Fix buffer overflow in GIF filter by crafted
images with large code_size value; potentially exploitable to run
arbitrary code. (CVE-2008-1373, STR#2765, upstream svn trunk r7420)
* Add 76_CVE-2008-1722.dpatch: Fix integer overflows in PNG filter by
crafted images with large dimensions; potentially exploitable to run
arbitrary code. (CVE-2008-1722, STR #2790, svn trunk r7437)
Sid/Lenny: Fixed in 1.3.7-2.
> CVE-2008-0596: Memory leak in IPP browse requests
> CVE-2008-0597: DoS through IPP browse requests (derefencees of freed memory)
I verified that these two only apply to 1.1.x, thus they are not
relevant for Etch, Lenny, and Sid.
Please let me know if you need anything else.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20080728/c8aa1972/attachment.pgp
More information about the Pkg-cups-devel
mailing list