[gentoo-announce] [ GLSA 200804-01 ] CUPS: Multiple vulnerabilities - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200804-01 ] CUPS: Multiple vulnerabilities
Date:	Tue, 01 Apr 2008 19:25:32
Message-Id:	`200804012117.06507.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200804-01

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: CUPS: Multiple vulnerabilities

9

      Date: April 01, 2008

10

      Bugs: #211449, #212364, #214068

11

        ID: 200804-01

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in CUPS, allowing for the

19

remote execution of arbitrary code and a Denial of Service.

20

21

Background

22

==========

23

24

CUPS provides a portable printing layer for UNIX-based operating

25

systems.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package         /   Vulnerable   /                     Unaffected

32

    -------------------------------------------------------------------

33

  1  net-print/cups      < 1.2.12-r7                      >= 1.2.12-r7

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been reported in CUPS:

39

40

* regenrecht (VeriSign iDefense) discovered that the

41

  cgiCompileSearch() function used in several CGI scripts in CUPS'

42

  administration interface does not correctly calculate boundaries when

43

  processing a user-provided regular expression, leading to a

44

  heap-based buffer overflow (CVE-2008-0047).

45

46

* Helge Blischke reported a double free() vulnerability in the

47

  process_browse_data() function when adding or removing remote shared

48

  printers (CVE-2008-0882).

49

50

* Tomas Hoger (Red Hat) reported that the gif_read_lzw() function

51

  uses the code_size value from GIF images without properly checking

52

  it, leading to a buffer overflow (CVE-2008-1373).

53

54

* An unspecified input validation error was discovered in the HP-GL/2

55

  filter (CVE-2008-0053).

56

57

Impact

58

======

59

60

A local attacker could send specially crafted network packets or print

61

jobs and possibly execute arbitrary code with the privileges of the

62

user running CUPS (usually lp), or cause a Denial of Service. The

63

vulnerabilities are exploitable via the network when CUPS is sharing

64

printers remotely.

65

66

Workaround

67

==========

68

69

There is no known workaround at this time.

70

71

Resolution

72

==========

73

74

All CUPS users should upgrade to the latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"

78

79

References

80

==========

81

82

  [ 1 ] CVE-2008-0047

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047

84

  [ 2 ] CVE-2008-0053

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053

86

  [ 3 ] CVE-2008-0882

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882

88

  [ 4 ] CVE-2008-1373

89

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

  http://security.gentoo.org/glsa/glsa-200804-01.xml

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

http://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2008 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200804-01
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: CUPS: Multiple vulnerabilities
9	Date: April 01, 2008
10	Bugs: #211449, #212364, #214068
11	ID: 200804-01
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in CUPS, allowing for the
19	remote execution of arbitrary code and a Denial of Service.
20
21	Background
22	==========
23
24	CUPS provides a portable printing layer for UNIX-based operating
25	systems.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 net-print/cups < 1.2.12-r7 >= 1.2.12-r7
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been reported in CUPS:
39
40	* regenrecht (VeriSign iDefense) discovered that the
41	cgiCompileSearch() function used in several CGI scripts in CUPS'
42	administration interface does not correctly calculate boundaries when
43	processing a user-provided regular expression, leading to a
44	heap-based buffer overflow (CVE-2008-0047).
45
46	* Helge Blischke reported a double free() vulnerability in the
47	process_browse_data() function when adding or removing remote shared
48	printers (CVE-2008-0882).
49
50	* Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
51	uses the code_size value from GIF images without properly checking
52	it, leading to a buffer overflow (CVE-2008-1373).
53
54	* An unspecified input validation error was discovered in the HP-GL/2
55	filter (CVE-2008-0053).
56
57	Impact
58	======
59
60	A local attacker could send specially crafted network packets or print
61	jobs and possibly execute arbitrary code with the privileges of the
62	user running CUPS (usually lp), or cause a Denial of Service. The
63	vulnerabilities are exploitable via the network when CUPS is sharing
64	printers remotely.
65
66	Workaround
67	==========
68
69	There is no known workaround at this time.
70
71	Resolution
72	==========
73
74	All CUPS users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"
78
79	References
80	==========
81
82	[ 1 ] CVE-2008-0047
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
84	[ 2 ] CVE-2008-0053
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053
86	[ 3 ] CVE-2008-0882
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
88	[ 4 ] CVE-2008-1373
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	http://security.gentoo.org/glsa/glsa-200804-01.xml
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	http://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2008 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.5