Debian Bug report logs -
#472105
cupsys: CVE-2008-0047 buffer overflow in cgi applications using crafted search queries
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 22 Mar 2008 02:24:01 UTC
Severity: grave
Tags: patch, security
Fixed in versions cupsys/1.3.6-3, cupsys/1.2.7-4etch4
Done: Martin Pitt <mpitt@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#472105; Package cupsys.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: cupsys
Severity: important
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cupsys.
CVE-2008-0047[0]:
| Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2, when
| printer sharing is enabled, allows remote attackers to execute
| arbitrary code via crafted search expressions.
Patch:
https://bugzilla.redhat.com/attachment.cgi?id=296901
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Severity set to `grave' from `important'
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Sat, 22 Mar 2008 02:30:04 GMT) (full text, mbox, link).
Tags added: pending
Request was from Martin Pitt <mpitt@debian.org>
to control@bugs.debian.org.
(Sat, 22 Mar 2008 11:42:04 GMT) (full text, mbox, link).
Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #14 received at 472105-close@bugs.debian.org (full text, mbox, reply):
Source: cupsys
Source-Version: 1.3.6-3
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.3.6-3_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.3.6-3_i386.deb
cupsys-client_1.3.6-3_i386.deb
to pool/main/c/cupsys/cupsys-client_1.3.6-3_i386.deb
cupsys-common_1.3.6-3_all.deb
to pool/main/c/cupsys/cupsys-common_1.3.6-3_all.deb
cupsys-dbg_1.3.6-3_i386.deb
to pool/main/c/cupsys/cupsys-dbg_1.3.6-3_i386.deb
cupsys_1.3.6-3.diff.gz
to pool/main/c/cupsys/cupsys_1.3.6-3.diff.gz
cupsys_1.3.6-3.dsc
to pool/main/c/cupsys/cupsys_1.3.6-3.dsc
cupsys_1.3.6-3_i386.deb
to pool/main/c/cupsys/cupsys_1.3.6-3_i386.deb
libcupsimage2-dev_1.3.6-3_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.3.6-3_i386.deb
libcupsimage2_1.3.6-3_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.3.6-3_i386.deb
libcupsys2-dev_1.3.6-3_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.3.6-3_i386.deb
libcupsys2_1.3.6-3_i386.deb
to pool/main/c/cupsys/libcupsys2_1.3.6-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 472105@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Mar 2008 12:37:57 +0100
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common cupsys-dbg
Architecture: source all i386
Version: 1.3.6-3
Distribution: unstable
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 472105
Changes:
cupsys (1.3.6-3) unstable; urgency=high
.
[ Till Kamppeter ]
* pdftops-cups-1.4.dpatch: Updated to Mike Sweet's patch version from CUPS
STR #2716.
* debian/patches/ppd-poll-with-client-conf.dpatch: If there is a client.conf
pointing to a remote server, clients were not able to poll the PPD options
from printers on that server (CUPS STRs #2731, #2763)
.
[ Martin Pitt ]
* Urgency high due to security fix.
* debian/local/apparmor-profile: Allow cups-pdf to read files in ~/PDF/, so
that it can overwrite files. (LP: #161222)
* Add cgiCompileSearch_buffer_overflow.dpatch: Fix buffer overflow in
cgiCompileSearch() using crafted search expressions. Exploitable if
printer sharing is enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
Files:
6c2ad0d80d43ab806ada2ad73ce7b113 1302 net optional cupsys_1.3.6-3.dsc
effd72fe2b3d85a1fc8e23e558b42c18 111744 net optional cupsys_1.3.6-3.diff.gz
8b294adcb036bba42554a7a7938e26b5 1127576 net optional cupsys-common_1.3.6-3_all.deb
b5a72469bfd636aa286e95a35827f52f 156044 libs optional libcupsys2_1.3.6-3_i386.deb
eb2e8100226de2e6213376bbbadf86a9 91598 libs optional libcupsimage2_1.3.6-3_i386.deb
81b2740f5aa3be43742392645ff63c4d 1919336 net optional cupsys_1.3.6-3_i386.deb
3308048fe0440f83dc0a7e22415c5051 78888 net optional cupsys-client_1.3.6-3_i386.deb
a4d08ada2b825633ea1a16f74d3e04a0 383072 libdevel optional libcupsys2-dev_1.3.6-3_i386.deb
3a80b83b12568076f8f7cff8d50852ca 59694 libdevel optional libcupsimage2-dev_1.3.6-3_i386.deb
104764317a5ac0add4668ce20b6df6d4 34304 net extra cupsys-bsd_1.3.6-3_i386.deb
ee5b51307c1083afb92df5d6756bb949 1060292 libdevel extra cupsys-dbg_1.3.6-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH5PJBDecnbV4Fd/IRAldVAJ4+5km4jCUwyTqhtQ2aqZISa+L0dACg2LWe
l4PPKU06W0DZzXLakVyZLO4=
=n/Ex
-----END PGP SIGNATURE-----
Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 472105-close@bugs.debian.org (full text, mbox, reply):
Source: cupsys
Source-Version: 1.2.7-4etch4
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb
cupsys-client_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb
cupsys-common_1.2.7-4etch4_all.deb
to pool/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb
cupsys-dbg_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb
cupsys_1.2.7-4etch4.diff.gz
to pool/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz
cupsys_1.2.7-4etch4.dsc
to pool/main/c/cupsys/cupsys_1.2.7-4etch4.dsc
cupsys_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb
libcupsimage2-dev_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb
libcupsimage2_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb
libcupsys2-dev_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb
libcupsys2-gnutls10_1.2.7-4etch4_all.deb
to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb
libcupsys2_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 472105@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Mar 2008 13:12:42 +0100
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch4
Distribution: stable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 467653 472105
Changes:
cupsys (1.2.7-4etch4) stable-security; urgency=high
.
* Add 72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch()
using crafted search expressions. Exploitable if printer sharing is
enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
* Add 73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(),
which could be exploited to a remote DoS by sending crafted data to the
cups UDP port. Thanks to Nico Golde for the report and dpatchifying!
(CVE-2008-0882, STR #2656, Closes: #467653)
* 47_pid.dpatch: Specify PidFile in temporary directory in the self test's
cupsd.conf. This affects the test suite (in the sense that it actually
works now) and does not affect the built binaries at all. (Backported from
trunk).
Files:
0276f8e59e00181d39d204a28494d18c 1084 net optional cupsys_1.2.7-4etch4.dsc
b684811e24921a7574798108ac6988d7 104776 net optional cupsys_1.2.7-4etch4.diff.gz
0b4ce3e9c2af460c5b694b906f450b12 45654 libs optional libcupsys2-gnutls10_1.2.7-4etch4_all.deb
65b1ff3cb7b8bbbe3b334ee43875aac4 927322 net optional cupsys-common_1.2.7-4etch4_all.deb
c029e686ec624c2fdf156f885d1daf5c 160080 libs optional libcupsys2_1.2.7-4etch4_i386.deb
aebef9f4a309afdff01a7cce17b6f57b 86674 libs optional libcupsimage2_1.2.7-4etch4_i386.deb
7c19a56cb4a782487e104a01f31e0b47 1565044 net optional cupsys_1.2.7-4etch4_i386.deb
7460f7b76d597bcb02bdc0fe5897a32a 79892 net optional cupsys-client_1.2.7-4etch4_i386.deb
b726701fdb3e8948e5111e2e831bf853 137686 libdevel optional libcupsys2-dev_1.2.7-4etch4_i386.deb
b45cf2a324d52524244351d213c8be41 53418 libdevel optional libcupsimage2-dev_1.2.7-4etch4_i386.deb
fa90419b34b6733ef32f13797e4606f3 37600 net extra cupsys-bsd_1.2.7-4etch4_i386.deb
e754dc8df237302fac7019754e42352b 997608 libdevel extra cupsys-dbg_1.2.7-4etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH5d/TYrVLjBFATsMRAoZ3AJ0Rx/qG88XHgPkp7MqFsvFqRopvRQCfY1wC
0N01eA9Dxu1e0ujH6cHfA2E=
=fUAX
-----END PGP SIGNATURE-----
Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #24 received at 472105-close@bugs.debian.org (full text, mbox, reply):
Source: cupsys
Source-Version: 1.2.7-4etch4
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb
cupsys-client_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb
cupsys-common_1.2.7-4etch4_all.deb
to pool/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb
cupsys-dbg_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb
cupsys_1.2.7-4etch4.diff.gz
to pool/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz
cupsys_1.2.7-4etch4.dsc
to pool/main/c/cupsys/cupsys_1.2.7-4etch4.dsc
cupsys_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb
libcupsimage2-dev_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb
libcupsimage2_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb
libcupsys2-dev_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb
libcupsys2-gnutls10_1.2.7-4etch4_all.deb
to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb
libcupsys2_1.2.7-4etch4_i386.deb
to pool/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 472105@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Mar 2008 13:12:42 +0100
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch4
Distribution: stable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 467653 472105
Changes:
cupsys (1.2.7-4etch4) stable-security; urgency=high
.
* Add 72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch()
using crafted search expressions. Exploitable if printer sharing is
enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
* Add 73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(),
which could be exploited to a remote DoS by sending crafted data to the
cups UDP port. Thanks to Nico Golde for the report and dpatchifying!
(CVE-2008-0882, STR #2656, Closes: #467653)
* 47_pid.dpatch: Specify PidFile in temporary directory in the self test's
cupsd.conf. This affects the test suite (in the sense that it actually
works now) and does not affect the built binaries at all. (Backported from
trunk).
Files:
0276f8e59e00181d39d204a28494d18c 1084 net optional cupsys_1.2.7-4etch4.dsc
b684811e24921a7574798108ac6988d7 104776 net optional cupsys_1.2.7-4etch4.diff.gz
0b4ce3e9c2af460c5b694b906f450b12 45654 libs optional libcupsys2-gnutls10_1.2.7-4etch4_all.deb
65b1ff3cb7b8bbbe3b334ee43875aac4 927322 net optional cupsys-common_1.2.7-4etch4_all.deb
c029e686ec624c2fdf156f885d1daf5c 160080 libs optional libcupsys2_1.2.7-4etch4_i386.deb
aebef9f4a309afdff01a7cce17b6f57b 86674 libs optional libcupsimage2_1.2.7-4etch4_i386.deb
7c19a56cb4a782487e104a01f31e0b47 1565044 net optional cupsys_1.2.7-4etch4_i386.deb
7460f7b76d597bcb02bdc0fe5897a32a 79892 net optional cupsys-client_1.2.7-4etch4_i386.deb
b726701fdb3e8948e5111e2e831bf853 137686 libdevel optional libcupsys2-dev_1.2.7-4etch4_i386.deb
b45cf2a324d52524244351d213c8be41 53418 libdevel optional libcupsimage2-dev_1.2.7-4etch4_i386.deb
fa90419b34b6733ef32f13797e4606f3 37600 net extra cupsys-bsd_1.2.7-4etch4_i386.deb
e754dc8df237302fac7019754e42352b 997608 libdevel extra cupsys-dbg_1.2.7-4etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH5d/TYrVLjBFATsMRAoZ3AJ0Rx/qG88XHgPkp7MqFsvFqRopvRQCfY1wC
0N01eA9Dxu1e0ujH6cHfA2E=
=fUAX
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Aug 2008 07:26:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:19:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon