Bug 557775 (CVE-2010-0302)
Summary: | CVE-2010-0302 cups Incomplete fix for CVE-2009-3553 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tim Waugh <twaugh> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | security-response-team, vdanen, ykopkova | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 557789 (view as bug list) | Environment: | |||||
Last Closed: | 2021-10-19 09:10:21 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 557789, 563326, 563327 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tim Waugh
2010-01-22 15:00:09 UTC
Created attachment 386167 [details]
cups-CVE-2009-3553-incomplete-fix.patch
Attached is a patch for RHEL-5.4.z.
Small correction: file descriptions in the cupsd_inactive_fds array are finally dereferenced just before cupsdDoSelect() returns. Hi Tim. Was this incorrect fix provided by upstream, or did we come up with the fix and neglect to deal with the kqueue and epoll implementations? In other words, is this a Red Hat-only issue, or do we need to alert other vendors and is upstream aware of the incomplete fix? We'll need to get a new CVE name for this, regardless. Thanks for the clarification. It was my original patch (sorry), but Michael Sweet also missed the problem and committed it upstream for the not-yet-released 1.4.3 version. We did alert other vendors about CVE-2009-3553 originally, and my patch was proposed. Michael Sweet replied on that thread saying that was the patch that would be used to fix it, so very likely other vendors are using it as-is. Upstream is not yet aware of the incomplete fix. I've assigned CVE-2010-0302 for this. Tim, Can anyone been told of this yet? I'm not sure how upstream likes to handle security flaws. Some guidance would be appreciated. Thanks. I'm not sure what the protocol is myself. I didn't want to tell anyone without the say-so of the SRT... If you're happy for me to report it upstream I can do that? (There is a mechanism for reporting private security bugs on cups.org.) Let's start with upstream, once we have a final patch we can tell the vendors. Thanks. Reported upstream. The embargo has lifted. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0129 https://rhn.redhat.com/errata/RHSA-2010-0129.html cups-1.4.2-26.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/cups-1.4.2-26.fc11 cups-1.4.2-28.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cups-1.4.2-28.fc12 cups-1.4.2-34.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cups-1.4.2-34.fc13 cups-1.4.2-34.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. cups-1.4.2-28.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. cups-1.4.2-26.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |