Bug 1909980
Summary: | cupsd crashes on parsing malformed Brother PPD | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | BZ <bgz> | ||||
Component: | cups | Assignee: | Zdenek Dohnal <zdohnal> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 33 | CC: | daniell1, mark.einon, twaugh, zdohnal | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | cups-2.3.3op2-1.fc33 cups-2.3.3op2-1.fc32 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-02-07 01:33:12 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
BZ
2020-12-22 08:44:45 UTC
Just to add, I did not specifically upgrade CUPS. This was just part of a normal daily 'dnf upgrade' on two systems here that are configured for printing. The result was identical (daemon crashes) on both systems. Adding an additional note that this problem is confirmed in Fedora 33 with cups-2.3.3op1-1.fc33, so I'm updating the Fedora version. Created attachment 1742515 [details]
Brother MFCJ6710CDW PPD
Given the traceback, it's obvious that the segmentation violation occurs in the context of parsing a PPD file. The only user-installed PPD file is a vendor-supplied PPD for the Brother MFCJ6710CDW printer, which has been working fine since 2012, and for which no updates are available from the vendor. Removing that PPD file from /etc/cups does indeed allow cupsd to start, however printing is suboptimal because the default PPD does not support various features of the printer. In addition, a segmentation violation while parsing a file in root context suggests the possibility of a locally-exploitable security vulnerability, possibly leading to privilege escalation or arbitrary code execution if CUPS can be coerced into parsing a specially crafted PPD file. With that in mind, you might now want to leave this report publicly available until a patch/update is available. I tried to change the "group" to 'Security' but the option is greyed out for me, and I'm now sure what to do about that. Hi BZ, thank you for reporting the issue! It is a known issue upstream https://github.com/OpenPrinting/cups/issues/64 , I will look into it in the future. It is caused by Brother PPD file, because the PPD is malformed (no *OpenUI tag, it is commented out). You can comment/comment out this part of PPD for now: *%=== Reverse Printing ================================ *%OpenUI *BRReverse/Reverse Printing: PickOne *%OrderDependency: 30 AnySetup *BRReverse *%DefaultBRReverse: OFF *%BRReverse OFF/Off: " " *%BRReverse ON/On: " " *CloseUI: *BRReverse and reinstall your print queue with it. But cupsd mustn't crash on malformed PPD like this. FEDORA-2021-db2b870848 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-db2b870848 FEDORA-2021-ccae3986cc has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ccae3986cc FEDORA-2021-ccae3986cc has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ccae3986cc` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ccae3986cc See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-db2b870848 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-db2b870848` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-db2b870848 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-db5caaeb91 has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-db5caaeb91` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-db5caaeb91 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-ef84cd3f69 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ef84cd3f69` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ef84cd3f69 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-ef84cd3f69 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-db5caaeb91 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. |