Debian Bug report logs -
#651204
CVE-2011-4405
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Tue, 6 Dec 2011 17:51:04 UTC
Severity: grave
Tags: fixed-upstream, patch, security
Found in version system-config-printer/1.2.3-3
Fixed in version system-config-printer/1.3.7-1
Done: Laurent Bigonville <bigon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Otavio Salvador <otavio@debian.org>
:
Bug#651204
; Package system-config-printer
.
(Tue, 06 Dec 2011 17:51:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Otavio Salvador <otavio@debian.org>
.
(Tue, 06 Dec 2011 17:51:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: system-config-printer
Severity: grave
Tags: security
There has been an Ubuntu Security Update for system-config-printer:
http://www.ubuntu.com/usn/USN-1265-1/
I'm not sure if that's actually Ubuntu-specific, could you double-check?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Otavio Salvador <otavio@debian.org>
:
Bug#651204
; Package system-config-printer
.
(Tue, 06 Dec 2011 18:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to 651204@bugs.debian.org
:
Extra info received and forwarded to list. Copy sent to Otavio Salvador <otavio@debian.org>
.
(Tue, 06 Dec 2011 18:06:03 GMT) (full text, mbox, link).
Message #10 received at 651204@bugs.debian.org (full text, mbox, reply):
Le mardi 06 décembre 2011 à 18:47 +0100, Moritz Muehlenhoff a écrit :
> Package: system-config-printer
> Severity: grave
> Tags: security
>
> There has been an Ubuntu Security Update for system-config-printer:
> http://www.ubuntu.com/usn/USN-1265-1/
>
> I'm not sure if that's actually Ubuntu-specific, could you double-check?
At first sight it looks like the version in squeeze is vulnerable too,
but Ubuntu marked the same version as “not affected”. Maybe this code
path is never called, but it doesn’t look so.
--
.''`. Josselin Mouette
: :' :
`. `'
`-
Message sent on
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug#651204.
(Wed, 14 Dec 2011 08:21:17 GMT) (full text, mbox, link).
Message #13 received at 651204-submitter@bugs.debian.org (full text, mbox, reply):
Hi,
I've uploaded a patched version to experimental.
Cheers,
-- Guido
Information forwarded
to debian-bugs-dist@lists.debian.org, Otavio Salvador <otavio@debian.org>
:
Bug#651204
; Package system-config-printer
.
(Wed, 30 May 2012 09:51:34 GMT) (full text, mbox, link).
Acknowledgement sent
to "Thijs Kinkhorst" <thijs@debian.org>
:
Extra info received and forwarded to list. Copy sent to Otavio Salvador <otavio@debian.org>
.
(Wed, 30 May 2012 09:51:39 GMT) (full text, mbox, link).
Message #18 received at 651204@bugs.debian.org (full text, mbox, reply):
bts found 651204 1.2.3-3
bts fixed 651204 1.3.7-1
thanks
Hi,
Wheezy and sid contain a patch for this issue. Squeeze seems still
affected. Are you able to provide an updated package for squeeze?
cheers,
Thijs
Marked as found in versions system-config-printer/1.2.3-3.
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org
.
(Wed, 30 May 2012 10:09:03 GMT) (full text, mbox, link).
Marked as fixed in versions system-config-printer/1.3.7-1.
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org
.
(Wed, 30 May 2012 10:09:08 GMT) (full text, mbox, link).
Added tag(s) patch.
Request was from "Didier 'OdyX' Raboud" <odyx@debian.org>
to control@bugs.debian.org
.
(Tue, 24 Jul 2012 08:12:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Otavio Salvador <otavio@debian.org>
:
Bug#651204
; Package system-config-printer
.
(Tue, 24 Jul 2012 08:24:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "Didier 'OdyX' Raboud" <odyx@debian.org>
:
Extra info received and forwarded to list. Copy sent to Otavio Salvador <otavio@debian.org>
.
(Tue, 24 Jul 2012 08:24:03 GMT) (full text, mbox, link).
Message #29 received at 651204@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 651204 +patch
thanks
Le mercredi, 30 mai 2012 11.47:05, Thijs Kinkhorst a écrit :
> Hi,
>
> Wheezy and sid contain a patch for this issue. Squeeze seems still
> affected. Are you able to provide an updated package for squeeze?
Would the attached patch do the job for Squeeze?
OdyX
[0008-Fix-MITM-via-unencrypted-metadata-download.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Otavio Salvador <otavio@debian.org>
:
Bug#651204
; Package system-config-printer
.
(Tue, 24 Jul 2012 10:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>
:
Extra info received and forwarded to list. Copy sent to Otavio Salvador <otavio@debian.org>
.
(Tue, 24 Jul 2012 10:57:03 GMT) (full text, mbox, link).
Message #34 received at 651204@bugs.debian.org (full text, mbox, reply):
On Tue, Jul 24, 2012 at 10:09:27AM +0200, Didier 'OdyX' Raboud wrote:
> tags 651204 +patch
> thanks
>
> Le mercredi, 30 mai 2012 11.47:05, Thijs Kinkhorst a écrit :
> > Hi,
> >
> > Wheezy and sid contain a patch for this issue. Squeeze seems still
> > affected. Are you able to provide an updated package for squeeze?
>
> Would the attached patch do the job for Squeeze?
It looks good to me. I didn't get around to implement something similar
since ages since I didn't have a test system to run this on. Could you
test this on a Squeeze box? If so I'd be happy about an NMU.
Cheers,
-- Guido
>
> OdyX
> From: Till Kamppeter <till.kamppeter@gmail.com>
> Date: Tue, 13 Dec 2011 20:54:26 +0100
> Subject: Fix MITM via unencrypted metadata download
>
> Adapted to Squeeze by Didier Raboud <odyx@debian.org> on Tue Jul 24 10:09:16 CEST 2012.
>
> Closes: #651204
> ---
> cupshelpers/openprinting.py | 35 +++++++++++++++++++++++------------
> 1 files changed, 23 insertions(+), 12 deletions(-)
>
> --- a/cupshelpers/openprinting.py
> +++ b/cupshelpers/openprinting.py
> @@ -19,7 +19,7 @@
> ## along with this program; if not, write to the Free Software
> ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
>
> -import urllib, httplib, platform, threading, tempfile, traceback
> +import pycurl,urllib, httplib, platform, threading, tempfile, traceback
> import os, sys
> from xml.etree.ElementTree import XML
> from . import Device
> @@ -42,10 +42,18 @@
> self.parameters = parameters
> self.callback = callback
> self.user_data = user_data
> + self.result = ""
>
> self.setDaemon (True)
>
> def run (self):
> +
> + # Callback function for pycURL collecting the data coming from
> + # the web server
> + def collect_data(result):
> + self.result += result;
> + return len(result)
> +
> # CGI script to be executed
> query_command = "/query.cgi"
> # Headers for the post request
> @@ -55,26 +63,26 @@
> (urllib.urlencode (self.parameters),
> self.parent.language[0],
> self.parent.language[0]))
> - self.url = "http://%s%s?%s" % (self.parent.base_url, query_command, params)
> + self.url = "https://%s%s?%s" % (self.parent.base_url, query_command, params)
> # Send request
> - result = None
> + self.result = ""
> status = 1
> try:
> - conn = httplib.HTTPConnection(self.parent.base_url)
> - conn.request("POST", query_command, params, headers)
> - resp = conn.getresponse()
> - status = resp.status
> - if status == 200:
> - result = resp.read()
> - conn.close()
> + curl = pycurl.Curl()
> + curl.setopt(pycurl.SSL_VERIFYPEER, 1)
> + curl.setopt(pycurl.SSL_VERIFYHOST, 2)
> + curl.setopt(pycurl.WRITEFUNCTION, collect_data)
> + curl.setopt(pycurl.URL, self.url)
> + status = curl.perform()
> + if status == None: status = 0
> + if (status != 0):
> + self.result = sys.exc_info ()
> except:
> - result = sys.exc_info ()
> -
> - if status == 200:
> - status = 0
> + self.result = sys.exc_info ()
> + if status == None: status = 0
>
> if self.callback != None:
> - self.callback (status, self.user_data, result)
> + self.callback (status, self.user_data, self.result)
>
> class OpenPrinting:
> def __init__(self, language=None):
Added tag(s) fixed-upstream.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org
.
(Wed, 23 Jan 2013 23:03:07 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org
.
(Tue, 26 Feb 2013 15:51:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug acknowledged by developer.
(Tue, 26 Feb 2013 15:51:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 02 Jun 2013 07:29:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:19:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.