Bug 438117 (CVE-2008-0053)

Summary: CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kreilly, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0053
Whiteboard:
Fixed In Version: 1.2.12-10.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-09 05:13:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 438347, 438348, 438349, 438350, 438351, 440042    
Bug Blocks:    
Attachments:
Description Flags
Upstream patch none

Description Tomas Hoger 2008-03-19 07:55:31 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0053 to the following vulnerability:

Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation."

References:
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Comment 1 Tomas Hoger 2008-03-19 07:57:29 UTC 
Listed in APPLE-SA-2008-03-18 along with CVE-2008-0882:

CUPS
CVE-ID:  CVE-2008-0053, CVE-2008-0882
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description:  Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6. These issues do not affect systems prior to Mac OS X
v10.5.
Comment 3 Tomas Hoger 2008-03-20 08:14:45 UTC 
Created attachment 298651 [details]
Upstream patch

According to upstream, this CVE id was allocated for following issue fixed in
CUPS 1.3.6 (see CHANGES.txt):

- Fixed two overflow bugs in the HP-GL/2 filter (Coverity)
Comment 10 Fedora Update System 2008-04-01 16:20:16 UTC 
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
Comment 12 Fedora Update System 2008-04-09 05:13:06 UTC 
cups-1.2.12-10.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Red Hat Product Security 2008-04-09 06:22:38 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0192.html
  http://rhn.redhat.com/errata/RHSA-2008-0206.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2897