Bugzilla – Bug 883543
VUL-0: CVE-2014-4336: cups-filters: Incomplete fix for CVE-2014-2707 plus CVE-2014-4337 DoS via OOB read
Last modified: 2014-07-30 14:01:01 UTC
rh#1091565 According to Sebastian Krahmer, the initial fix for CVE-2014-2707 (bnc#871327) is incomplete: " This issue was reported as fixed in 1.0.51: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7189 but it was found that the fix was incomplete with the full fix in 1.0.53: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 " Note that this commit also addresses another issue that can be used to remotely crash cups-browsed - see CVE-2014-4337 / bug 1111510. The CVE-2014-2707 flaw is regarding the cups-browsed daemon being manipulated to execute arbitrary commands via malicious broadcast packets. References: https://bugzilla.redhat.com/show_bug.cgi?id=1091565
bugbot adjusting priority
Please do not just blindly forward issues from other Linux distributors - without reading our own bugs: https://bugzilla.novell.com/show_bug.cgi?id=871327#c40 -------------------------------------------------------------------------- This is an autogenerated message for OBS integration: This bug (871327) was mentioned in https://build.opensuse.org/request/show/232000 Factory / cups-filters -------------------------------------------------------------------------- - without checking our own submitrequests https://build.opensuse.org/request/show/232000 -------------------------------------------------------------------------- Request 232000 (accepted) Version upgrade to 1.0.53 that fixes a segfault in foomatic-rip and has two security fixes for cups-browsed one is a now secure fallback for invalid BrowseAllow values (bnc#871327 therein comment#23 and subsequent comments) and the other one is an improvement of the fix for CVE-2014-2707 (bnc#871327 therein comment#30 and subsequent comments). (forwarded request 231999 from jsmeix) -------------------------------------------------------------------------- - without checking our own packages -------------------------------------------------------------------------- $ osc cat openSUSE:Factory cups-filters cups-filters.changes ... Mon Apr 28 10:49:21 CEST 2014 - jsmeix@suse.de - Version upgrade to 1.0.53 Changes in 1.0.53: * foomatic-rip: Fixed segfault when creating log file, see https://bugs.linuxfoundation.org/show_bug.cgi?id=1206 * cups-browsed: SECURITY FIX: Fix on usage of the "BrowseAllow" directive in cups-browsed.conf. Before, if the argument of a "BrowseAllow" directive is not understood it is treated as the directive not having been there, allowing any host if this was the only "BrowseAllow" directive. Now we treat this as a directive which no host can fulfill, not allowing any host if it was the only one. No "BrowseAllow" directive means access for all, as before, see https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 (bnc#871327 therein comment#23 and subsequent comments). * cups-browsed: SECURITY FIX: Further improvement on the fix in 1.0.51 as it was insufficient. In addition, some fixes against OOB access are done (bnc#871327 therein comment#30 and subsequent comments). ... Thu Apr 3 11:26:28 CEST 2014 - jsmeix@suse.de - Version upgrade to 1.0.51 * cups-browsed: SECURITY FIX to prevent arbitrary code injection into the System V interface scripts generated for queues for discovered native IPP printers by a malicious IPP print service with forged make/model and/or PDL string (CVE-2014-2707 bnc#871327). -------------------------------------------------------------------------- FYI: Meanwhile we have in OBS devel project "Printing" and in openSUSE:Factory cups-filters-1.0.54
*** This bug has been marked as a duplicate of bug 871327 ***
This is an autogenerated message for OBS integration: This bug (883543) was mentioned in https://build.opensuse.org/request/show/243029 Factory / cups-filters