Bug 1170671 (CVE-2019-8842) - VUL-1: CVE-2019-8842: cups: ippReadIO function may under-read an extension field
Summary: VUL-1: CVE-2019-8842: cups: ippReadIO function may under-read an extension f...
Status: RESOLVED FIXED
Alias: CVE-2019-8842
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/258503/
Whiteboard: CVSSv3.1:SUSE:CVE-2019-8842:2.6:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-28 09:08 UTC by Alexandros Toptsoglou
Modified: 2024-07-08 13:46 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-04-28 09:08:11 UTC 
CVE-2019-8842

[he `ippReadIO` function may under-read an extension field]

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8842
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8842.html
Comment 1 Alexandros Toptsoglou 2020-04-28 09:11:12 UTC 
It seems that the issue introduced in version 1.6.3 [1]. Based on this SLE12 and SLE15 are tracked as affected. The fixed version is 2.3.3 which is the version that Factory needs to be upgraded. 
The fix can be found at [2].

[1] https://github.com/apple/cups/commit/a2326b5b72c5117a00d4342dde8e4d20ff41defe
[2] https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444#diff-70176ee2c05ebbdc7d3e680f3bb9373a
Comment 7 Swamp Workflow Management 2021-02-02 17:17:58 UTC 
SUSE-SU-2021:0285-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1170671,1180520
CVE References: CVE-2019-8842,CVE-2020-10001
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    cups-2.2.7-3.20.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    cups-2.2.7-3.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-02-02 17:19:01 UTC 
SUSE-SU-2021:0286-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1170671,1180520
CVE References: CVE-2019-8842,CVE-2020-10001
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    cups-1.7.5-20.33.1
SUSE Linux Enterprise Server 12-SP5 (src):    cups-1.7.5-20.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-02-05 22:08:14 UTC 
openSUSE-SU-2021:0253-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1170671,1180520
CVE References: CVE-2019-8842,CVE-2020-10001
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    cups-2.2.7-lp152.9.3.1
Comment 10 Andrea Mattiazzo 2024-07-08 13:46:17 UTC 
All done, closing.