Debian Bug report logs -
#456960
cupsys: CVE-2007-6358 insecure file handling in pdftops filter script
Reported by: Nico Golde <nion@debian.org>
Date: Tue, 18 Dec 2007 18:21:04 UTC
Severity: important
Tags: security
Fixed in version cupsys/1.3.5-1
Done: Kenshi Muto <kmuto@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#456960; Package cupsys.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: cupsys
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cupsys.
CVE-2007-6358[0]:
| files/pdftops.pl before 1.20 in pdftops allows local users to
| overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp
| temporary file, which is created when pdftops reads a PDF file from
| stdin, such as when pdftops is invoked by CUPS.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Severity set to `normal' from `important'
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Tue, 18 Dec 2007 18:45:03 GMT) (full text, mbox, link).
Severity set to `important' from `normal'
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Tue, 18 Dec 2007 18:51:08 GMT) (full text, mbox, link).
Tags added: pending
Request was from Kenshi Muto <kmuto@debian.org>
to control@bugs.debian.org.
(Sun, 23 Dec 2007 02:39:02 GMT) (full text, mbox, link).
Reply sent to Kenshi Muto <kmuto@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #16 received at 456960-close@bugs.debian.org (full text, mbox, reply):
Source: cupsys
Source-Version: 1.3.5-1
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.3.5-1_amd64.deb
to pool/main/c/cupsys/cupsys-bsd_1.3.5-1_amd64.deb
cupsys-client_1.3.5-1_amd64.deb
to pool/main/c/cupsys/cupsys-client_1.3.5-1_amd64.deb
cupsys-common_1.3.5-1_all.deb
to pool/main/c/cupsys/cupsys-common_1.3.5-1_all.deb
cupsys-dbg_1.3.5-1_amd64.deb
to pool/main/c/cupsys/cupsys-dbg_1.3.5-1_amd64.deb
cupsys_1.3.5-1.diff.gz
to pool/main/c/cupsys/cupsys_1.3.5-1.diff.gz
cupsys_1.3.5-1.dsc
to pool/main/c/cupsys/cupsys_1.3.5-1.dsc
cupsys_1.3.5-1_amd64.deb
to pool/main/c/cupsys/cupsys_1.3.5-1_amd64.deb
cupsys_1.3.5.orig.tar.gz
to pool/main/c/cupsys/cupsys_1.3.5.orig.tar.gz
libcupsimage2-dev_1.3.5-1_amd64.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.3.5-1_amd64.deb
libcupsimage2_1.3.5-1_amd64.deb
to pool/main/c/cupsys/libcupsimage2_1.3.5-1_amd64.deb
libcupsys2-dev_1.3.5-1_amd64.deb
to pool/main/c/cupsys/libcupsys2-dev_1.3.5-1_amd64.deb
libcupsys2_1.3.5-1_amd64.deb
to pool/main/c/cupsys/libcupsys2_1.3.5-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 456960@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kenshi Muto <kmuto@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 19 Dec 2007 17:07:05 +0900
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsimage2-dev
Architecture: source amd64 all
Version: 1.3.5-1
Distribution: unstable
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Kenshi Muto <kmuto@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 456960 457453
Changes:
cupsys (1.3.5-1) unstable; urgency=high
.
[ Kenshi Muto]
* New upstream release
- cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress patch is
merged.
- Fix that SNMP backend did not check for negative string lengths.
(CVE-2007-5849, closes: #457453).
* Update pdftops.pl to 1.20. It fixes overwriting arbitary files
via symlink attack. (CVE-2007-6358, closes: #456960)
.
[ Till Kamppeter ]
* debian/patches/fix_regression_reactivate_net_ifaces_changes_detection.dpatch :
Fix a regression in upstream code that has removed the network interface
update poll (CUPS STR #2631, LP: #177075). Thanks to Hugues Fournier
(hugues dot fournier at gmail dot com) for the patch.
Files:
34ab1da2ab94b95ebdb75c6724575a89 1178 net optional cupsys_1.3.5-1.dsc
7ceefb2be5e7c88fb243f587928251c1 4866646 net optional cupsys_1.3.5.orig.tar.gz
4be5c1a0e97ecd01ded0df65a8759588 108040 net optional cupsys_1.3.5-1.diff.gz
0726baffe8ed70d54bf06628f05241bb 1122672 net optional cupsys-common_1.3.5-1_all.deb
039e94a80c0d3088dac65440c053c307 167480 libs optional libcupsys2_1.3.5-1_amd64.deb
49f0732c95b805ebe5565fba82e0267d 88714 libs optional libcupsimage2_1.3.5-1_amd64.deb
98489f3cd0a5f888c406d78f7cba830c 2095728 net optional cupsys_1.3.5-1_amd64.deb
d4a4f0d523d8c422e6632241fa5be97b 88306 net optional cupsys-client_1.3.5-1_amd64.deb
3429f845eeedc4233031f82a18f964d7 148854 libdevel optional libcupsys2-dev_1.3.5-1_amd64.deb
7e8ecd59e0fa01e34a0032341e97ae35 59126 libdevel optional libcupsimage2-dev_1.3.5-1_amd64.deb
a604f726aa3aae6bcd82b2c604d86f5d 37158 net extra cupsys-bsd_1.3.5-1_amd64.deb
83c2f6120aa460c234191ecd1515e514 1123550 libdevel extra cupsys-dbg_1.3.5-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkdty0AACgkQQKW+7XLQPLF7dACfVnnMGg4ZPIa4f+Z1O6gtDcCe
YM0AoIK1SLqt+Juu9kPTq3fsrlqi+S8/
=zyHV
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 29 Feb 2008 07:30:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:59:33 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon