Bug 1191588 (CVE-2014-9679)

Summary: CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: carnil, jpopelka, jrusnack, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-18 03:59:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1191591, 1229982, 1229983, 1229984, 1229985    
Bug Blocks: 1221644    

Description Vasyl Kaigorodov 2015-02-11 14:45:24 UTC 
It was reported [1] that a malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels.
Upstream git commit that fixes this: https://www.cups.org/strfiles.php/3438/str4551.patch
Commited to the upstream cups.git as: 62bd8d91877f4f6f528195192e3d351c60d42e14

[1]: https://www.cups.org/str.php?L4551
Comment 1 Vasyl Kaigorodov 2015-02-11 14:48:44 UTC 
Created cups tracking bugs for this issue:

Affects: fedora-all [bug 1191591]
Comment 2 Fedora Update System 2015-02-20 08:33:15 UTC 
cups-1.7.5-12.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2015-02-21 04:23:24 UTC 
cups-1.7.5-15.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 errata-xmlrpc 2015-06-17 21:06:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2015:1123 https://rhn.redhat.com/errata/RHSA-2015-1123.html
Comment 7 Huzaifa S. Sidhpurwala 2015-06-18 03:59:10 UTC 
Statement:

This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.