Bug 152795 - CAN-2004-0923,0888,1125,1267-1270,CAN-2005-0064 multiple cups vulns
CAN-2004-0923,0888,1125,1267-1270,CAN-2005-0064 multiple cups vulns
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: cups (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
https://bugzilla.redhat.com/bugzilla/...
1, LEGACY, rh73, rh90
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-05 07:36 EDT by rob
Modified: 2007-04-18 13:22 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-16 07:59:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:27:44 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
updated packages for FC1:
 
i took the patch straight out of redhat bugzilla, but in order for it to work
i had to incorporate the cups_strcpy function from cups 1.1.20.  i took this
approach because i thought it would be easier to QA.  is this sound reasoning
or would it have been better to create a single patch that changed everything
needed to fix the vulnerability?
 
changelog:
* Tue Oct  5 2004 Rob Myers <rob.myers@gtri.gatech.edu>  1:1.1.19-13.3.legacy
- - Apply patch to fix CAN-2004-0558 (rh bug #130646).
- - Apply patch to add cups_strcpy from cups 1.1.20 (for other patch to work)
                                                                               
                                                                             
* Sun Oct  3 2004 Marc Deslauriers <marcdeslauriers@videotron.ca>
1:1.1.19-13.2.legacy
- - Rebuilt
 
28a9f79f370bc0d9b1c7fb774f5b288da3a69ece 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.3.legacy.src.rpm
0c099ef8659ae07f0c81711fefbe6fe749416820 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.3.legacy.i386.rpm
795539ac4cb5afd3f1fc269e05a12be8e26e527c 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.3.legacy.i386.rpm
331f44dc4159b309fe8478683e9f37954f0c310d 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.3.legacy.i386.rpm
a2f1f99c7facecce2d7367d488f8b175bf3c25d8 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.19-13.3.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBYtqLtU2XAt1OWnsRAgm4AJ98+KnJFVijuA3Xb1WEYZVXhY2FeQCfSUR5
f4uepKBVd7Z8Rmm7HdGCywk=
=8UgI
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-06 15:15:49 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the fc1 package:

28a9f79f370bc0d9b1c7fb774f5b288da3a69ece cups-1.1.19-13.3.legacy.src.rpm

- - Source files match previous version
- - Patch files are good (the approach used is fine)
- - Spec file is good
- - Builds, installs and runs good

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBZJjnLMAs/0C4zNoRAsj2AKCTZloWnsHOsHUaumtCitmHeNVmawCgutKJ
ejMMUI8yY4LAvDkZZyJcq7c=
=ISq4
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-06 15:18:09 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated cups packages to QA for rh9:

Changelog:
* Wed Oct 06 2004 Marc Deslauriers <marcdeslauriers@videotron.ca>
1.1.17-13.3.0.7.legacy
- - Apply backported patch to fix CAN-2004-0558
- - Apply patch to add cups_strcpy from cups 1.1.20

9fcfb34def130691df94aaec2ad07e025e51f7b5  cups-1.1.17-13.3.0.7.legacy.i386.rpm
cb943d811bd5c6d802e4e2a3f3ff5db8728f8736  cups-1.1.17-13.3.0.7.legacy.src.rpm
a08a0caa829e06a6c9ef60445e664fa9f6c7bfcb  cups-devel-1.1.17-13.3.0.7.legacy.i386.rpm
0f32aaac7dd920947094004f2855ef8d18969117  cups-libs-1.1.17-13.3.0.7.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/cups-1.1.17-13.3.0.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/cups-1.1.17-13.3.0.7.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/cups-devel-1.1.17-13.3.0.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/cups-libs-1.1.17-13.3.0.7.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBZJlvLMAs/0C4zNoRAselAJ9VRY6Eu/KFoif3FF8oo8ehII9dfgCcDoaV
WhwNp1mKV2Po+5x2NhvFyYM=
=9tFp
-----END PGP SIGNATURE-----




------- Additional Comments From josh.kayse@gtri.gatech.edu 2004-10-08 03:45:21 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the FC1 package:
28a9f79f370bc0d9b1c7fb774f5b288da3a69ece  cups-1.1.19-13.3.legacy.src.rpm

- - Source files identical to previous
- - Spec file is good
- - builds ok
- - installs ok
- - runs ok

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBZpnHwnUFCSDmt7ERAhUzAJ9SGKo/sZm0oQmCDBi/7zyEWDJVkwCePXRM
XHub9kj7RubSq9nDU54rzrE=
=aeYe
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-23 01:21:22 ----

Another issue has turned up that must be taken care of:

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used
for parsing PDF files and is therefore affected by these bugs. An attacker
who has the ability to send a malicious PDF file to a printer could cause
CUPS to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0888 to this issue.

Ref:
https://rhn.redhat.com/errata/RHSA-2004-543.html

New cups packages are needed.



------- Additional Comments From rob.myers@gtri.gatech.edu 2004-10-27 05:59:38 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here are updated cups packages to QA for rh73, rh9 and fc1:
 
these CAN's should all be fixed:
CAN-2004-0558 UDP DoS
CAN-2004-0888,0889 xpdf integer overflows
CAN-2004-0923 information disclosure in logfile
 
please verify that the patches applied actually fix each of these issues.
 
for some reason mach isn't stripping binaries.  how to fix?
 
changelogs:
rh73:
* Tue Oct 26 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.14-15.4.1.legacy
- - Apply patch for UDP packet DoS CAN-2004-0558 UDP DoS (FL #2072)
- - Apply patch for information disclosure in logfile CAN-2004-0923 (FL #2127)
- - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH #135378)
- - add BuildPrereq: pam-devel openssl-devel autoconf zlib-devel libjpeg-devel
  libtiff-devel libpng-devel
- - to build in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
  (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi
  
* Tue May 13 2003 Tim Waugh <twaugh@redhat.com> 1.1.14-15.4
- - Updated HTTP blocking fix; now based on cups-1.1.18-str75.patchv2.
 
 
rh9:
* Tue Oct 26 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.17-13.3.0.9.legacy
- - in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
  (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi
- - group, organize, rename Fedora Legacy security update patches
- - fix wrong CAN number in changelog (Oct 6 2004)
- - rebuild
  
* Mon Oct 25 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.17-13.3.0.8.legacy
- - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH#135378)
  
* Wed Oct 06 2004 Marc Deslauriers <marcdeslauriers@videotron.ca>
1.1.17-13.3.0.7.legacy
- - Apply backported patch to fix CAN-2004-0923
- - Apply patch to add cups_strcpy from cups 1.1.20
 
fc1:
* Tue Oct 26 2004 Rob Myers <rob.myers@gtri.gatech.edu>  1:1.1.19-13.4.legacy
- - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH #135378)
- - group, organize, rename Fedora Legacy security update patches
- - fix wrong CAN number in changelog (Oct 5 2004)
- - to build in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
  (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi
  
* Tue Oct 05 2004 Rob Myers <rob.myers@gtri.gatech.edu>  1:1.1.19-13.3.legacy
- - Apply patch to fix CAN-2004-0923 (rh bug #130646).
- - Apply patch to add cups_strcpy from cups 1.1.20
  
* Sun Oct 03 2004 Marc Deslauriers <marcdeslauriers@videotron.ca> 
1:1.1.19-13.2.legacy
- - Rebuilt
 
sha1sums:
 
rh73:
01fbac62164c3c8e08522d2bd07489d2d9fc6771  cups-1.1.14-15.4.1.legacy.i386.rpm
2619168f54f7ea13ec4f12b7029b2dfaa3a6c1da  cups-1.1.14-15.4.1.legacy.src.rpm
7431c98feab8cd545b6be3f2ee2a096ea0976cf4  cups-devel-1.1.14-15.4.1.legacy.i386.rpm
f67821d3df9a976f3e94aaf88b59e9cffaad3d35  cups-libs-1.1.14-15.4.1.legacy.i386.rpm
 
rh9:
94d38f1679fb44d2c2327f41161a5a89c1d6704f  cups-1.1.17-13.3.0.9.legacy.i386.rpm
e1f24d35ac1c6a8d025ad08363da6bc61643d525  cups-1.1.17-13.3.0.9.legacy.src.rpm
3f019c6cd5bf8e8d849f8bc81ff8b0558194b31e  cups-devel-1.1.17-13.3.0.9.legacy.i386.rpm
d97007137d25303d111a782486527a7addd8963a  cups-libs-1.1.17-13.3.0.9.legacy.i386.rpm
 
fc1:
a1cfd5949aea28b38c7024c0405036f8344d8b1f  cups-1.1.19-13.4.legacy.i386.rpm
eb0132f19c10fc06671bc8afbd703c5c07ceb10b  cups-1.1.19-13.4.legacy.src.rpm
d8f5709013eb372906c7932149344f89342234bb  cups-devel-1.1.19-13.4.legacy.i386.rpm
a7bffe32dfb91c4533ea41d9ebadf7b202c0607b  cups-libs-1.1.19-13.4.legacy.i386.rpm
 
files:
 
rh73:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.1.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.14-15.4.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.14-15.4.1.legacy.i386.rpm
 
rh9:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.9.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.9.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.17-13.3.0.9.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.17-13.3.0.9.legacy.i386.rpm
 
fc1:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.4.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.4.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.4.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.4.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBf8VatU2XAt1OWnsRAllXAKDWP5puz99VhsLAtbhgg04kob76TgCeJsFa
zi1t5TXbPoNDlTFiL5DhsUo=
=lGhy
-----END PGP SIGNATURE-----




------- Additional Comments From rob.myers@gtri.gatech.edu 2004-10-28 08:08:55 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
 
Here are updated cups packages to QA for rh9 and fc1:
 
these are the same as earlier packages, but they use redhat's xpdf-2.0x patch
instead of the cups patch.  the newer xpdf patch seems more robust.
 
changelogs:
 
rh9:
* Thu Oct 28 2004 Rob Myers <rob.myers@gtri.gatech.edu>  1.1.17-13.3.0.10.legacy
- - include updated patch with "anti-optimizer" changes
 
fc1:
* Thu Oct 28 2004 Rob Myers <rob.myers@gtri.gatech.edu>  1:1.1.19-13.5.legacy
- - include updated patch with "anti-optimizer" changes
 
sha1sums:
 
rh9:
790ee6186f30a478e688bc778bc4b40ffda3f783  cups-1.1.17-13.3.0.10.legacy.i386.rpm
2cc26d1264b08a3002cce1a58af3957fa52dc86c  cups-1.1.17-13.3.0.10.legacy.src.rpm
46b6b9218d1e6f6dc1fbb37a6d72b9ba317fd323 
cups-debuginfo-1.1.17-13.3.0.10.legacy.i386.rpm
686fa0e4cf2b29f7323d1d5fcdb33d78440cd493 
cups-devel-1.1.17-13.3.0.10.legacy.i386.rpm
6127e16d7d1e67637962c096dc82f6ce210f3e78  cups-libs-1.1.17-13.3.0.10.legacy.i386.rpm
 
fc1:
49a18c1a3006e19120189a97a68a4305788dae20  cups-1.1.19-13.5.legacy.i386.rpm
965d7fcb746b2a9357bc71f168cb5a684f113682  cups-1.1.19-13.5.legacy.src.rpm
696d55a58ed2a8462a345b60d2fd5e92aa9e6165  cups-debuginfo-1.1.19-13.5.legacy.i386.rpm
13309da37972749672c82624f9839be810653ad6  cups-devel-1.1.19-13.5.legacy.i386.rpm
4c0166a00092ff9e17c1f66065a8cb1c013b2172  cups-libs-1.1.19-13.5.legacy.i386.rpm
 
files:
 
rh9:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.10.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.10.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.17-13.3.0.10.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.17-13.3.0.10.legacy.i386.rpm
 
fc1:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.5.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.5.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.5.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.5.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBgTVGtU2XAt1OWnsRAuUJAJ9ZjKxzbsyB3IwBqay3nDjKLm/e2wCglWG1
etJLLRXnkERgt9Y850lCZ3k=
=X1ma
-----END PGP SIGNATURE-----




------- Additional Comments From bugzilla.fedora.us@beej.org 2004-11-17 07:51:40 ----

comment #5 mentions CAN-2004-0889, but the changelog doesn't.  has it been
fixed?  are the packages near to being published?



------- Additional Comments From rob.myers@gtri.gatech.edu 2004-11-17 12:12:48 ----

afaict: CAN-2004-0889 is specific to xpdf >= 3.0.  the xpdf used by these cups
packages is all < 3.0.  so CAN-2004-0889 does not apply to these cups packages,
and any reference to it is in error.

in fact, for fc1 at least, i incorrectly included CAN-2004-0889 in the filename
to the patch: cups-xpdf-CAN-2004-0888-CAN-2004-0889.patch.  it should be
cups-xpdf-CAN-2004-0888.patch.  if noone QAs the existing package(s) i'll respin
"soonish" for correctness.

sorry for the confusion.



------- Additional Comments From rob.myers@gtri.gatech.edu 2004-11-17 13:48:19 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here are updated cups packages to QA for rh73, rh9, and fc1:
 
the only difference between these and the previous version is
that the patchfile was renamed to cups-xpdf-CAN-2004-0888.patch
from cups-xpdf-CAN-2004-0888-CAN-2004-0889.patch.
 
while not critical these were respun to avoid any confusion that
CAN-2004-0889 applied to these packages.
 
 
changelogs:
 
rh73:
* Wed Nov 17 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.14-15.4.2.legacy
- - remove CAN-2004-0889 from patch filename, since the xpdf used here
  is < 3.0 and CAN-2004-0889 does not apply
  
rh9:
* Wed Nov 17 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.17-13.3.0.11.legacy
- - remove CAN-2004-0889 from patch filename, since the xpdf used here
  is < 3.0 and CAN-2004-0889 does not apply
  
fc1:
* Wed Nov 17 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1:1.1.19-13.6.legacy
- - remove CAN-2004-0889 from patch filename, since the xpdf used here
  is < 3.0 and CAN-2004-0889 does not apply
  
sha1sums:
 
rh73:
246ec6f4a6c3aa47ca5d44e9a00226d05b9b6468  cups-1.1.14-15.4.2.legacy.i386.rpm
a8bae72266ae57cc49b8369c82f04263759d2c43  cups-1.1.14-15.4.2.legacy.src.rpm
9153b7a87373ab1f51e239d2e252175be68fd2ff  cups-devel-1.1.14-15.4.2.legacy.i386.rpm
83c5d6407af5c6b7964bd1a68d97ec4a62df29e9  cups-libs-1.1.14-15.4.2.legacy.i386.rpm
 
rh9:
c9e21bd5992a21602b2519ba2c344b531130ff9c  cups-1.1.17-13.3.0.11.legacy.i386.rpm
32d4e723517e30d5c1daa679fc91126e98ad79b1  cups-1.1.17-13.3.0.11.legacy.src.rpm
54649e913e2b6280844037df580fb37b1f4b75e1 
cups-debuginfo-1.1.17-13.3.0.11.legacy.i386.rpm
a511cb81454c499107eb5aceba04a31b13b84ddb 
cups-devel-1.1.17-13.3.0.11.legacy.i386.rpm
0ee3150d0db3935a9fd568d18b8ce0077ffae71c  cups-libs-1.1.17-13.3.0.11.legacy.i386.rpm
 
fc1:
71f81a803c5a4f2ed5fadf7a8961faac7ae8e68b  cups-1.1.19-13.6.legacy.i386.rpm
fce3487e0aeee852a20e252ee2556f318681c3d8  cups-1.1.19-13.6.legacy.src.rpm
f31a54ff4512a96171bc38a8d3dd9c11cd01986d  cups-debuginfo-1.1.19-13.6.legacy.i386.rpm
74ba968bed9376ada2f0ef30a6d7b2f593081261  cups-devel-1.1.19-13.6.legacy.i386.rpm
5047ec6d6501eabbbc7991aec2e2812eaf0e573b  cups-libs-1.1.19-13.6.legacy.i386.rpm
 
files:
 
rh73:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.2.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.2.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.14-15.4.2.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.14-15.4.2.legacy.i386.rpm
 
rh9:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.11.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.11.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.17-13.3.0.11.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.17-13.3.0.11.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.17-13.3.0.11.legacy.i386.rpm
 
fc1:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.6.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.6.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.19-13.6.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.6.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.6.legacy.i386.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBm+CKtU2XAt1OWnsRAhOJAKDxqveTIKmRnPYNBsY7v65yVi1o2wCaA+0e
pizo+DqnP3r0vuJyc72ZFUs=
=+uU0
-----END PGP SIGNATURE-----




------- Additional Comments From bugzilla.fedora.us@beej.org 2004-12-16 08:41:49 ----

there's a newly reported CUPS vuln discovered by Ariel Berkman.  from
http://tigger.uic.edu/~jlongs2/holes/cups.txt
===
A CUPS installation is at risk whenever it prints an HPGL file obtained
from email (or a web page or any other source that could be controlled
by an attacker). You are at risk if you print data through a CUPS
installation at risk. The source of the HPGL file has complete control
over the CUPS ``lp'' account; in particular, he can read and modify the
files you are printing.
...
Here's the bug: In hpgl-input.c, ParseCommand() reads any number of
bytes into a 262144-byte buf[] array.
===



------- Additional Comments From bugzilla.fedora.us@beej.org 2004-12-16 08:49:10 ----

more CUPS bugs from another DJB student, Bartlomiej Sieka...
from http://tigger.uic.edu/~jlongs2/holes/cups2.txt
===
First, lppasswd blithely ignores write errors in fputs(line,outfile) at
lines 311 and 315 of lppasswd.c, and in fprintf(...) at line 346. An
attacker who fills up the disk at the right moment can arrange for
/usr/local/etc/cups/passwd to be truncated.

Second, if lppasswd bumps into a file-size resource limit while writing
passwd.new, it leaves passwd.new in place, disabling all subsequent
invocations of lppasswd. Any local user can thus disable lppasswd by
running the attached program 63.c.

Third, line 306 of lppasswd.c prints an error message to stderr but
does not exit. This is not a problem on systems that ensure that file
descriptors 0, 1, and 2 are open for setuid programs, but it is a
problem on other systems; lppasswd does not check that passwd.new is
different from stderr, so it ends up writing a user-controlled error
message to passwd if the user closes file descriptor 2.
===



------- Additional Comments From marcdeslauriers@videotron.ca 2004-12-18 08:11:05 ----

see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143087




------- Additional Comments From rob.myers@gtri.gatech.edu 2004-12-22 16:35:16 ----

added CAN-2004-1125 to summary, fc1 is at least vulnerable.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

i've got fc1 rpms built, will look at rh73 and rh9 now.



------- Additional Comments From rob.myers@gtri.gatech.edu 2004-12-22 17:48:06 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here are updated cups packages to QA for rh73, rh9, and fc1:
 
- - include patch for xpdf overflow CAN-2004-1125
- - include patches for DJB's holes
- - all 3 patches are verifiable upstream and in FC-3 cvs
 
changelogs:
 
rh73:
* Wed Dec 22 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.14-15.4.3.legacy
- - xpdf security fix CAN-2004-1125
- - Fixed STR #1023 (FL bug #2127 comment 11)
- - Fixed STR #1024 (FL bug #2127 comment 10)
 
rh9:
* Wed Dec 22 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.17-13.3.0.12.legacy
- - xpdf security fix CAN-2004-1125
- - Fixed STR #1023 (FL bug #2127 comment 11)
- - Fixed STR #1024 (FL bug #2127 comment 10)
 
fc1:
* Wed Dec 22 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1:1.1.19-13.7.legacy
- - xpdf security fix CAN-2004-1125
- - Fixed STR #1023 (FL bug #2127 comment 11)
- - Fixed STR #1024 (FL bug #2127 comment 10)
 
this file is available at:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/2127.txt.asc
 
files:
 
rh73:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.3.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.3.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.14-15.4.3.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.14-15.4.3.legacy.i386.rpm
 
rh9:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.12.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.12.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.17-13.3.0.12.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.17-13.3.0.12.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.17-13.3.0.12.legacy.i386.rpm
 
fc1:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.7.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.7.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.19-13.7.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.7.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.7.legacy.i386.rpm
 
sha1sums:
 
rh73:
6c6911ef095998e4bf9c6b448242178ddd77ad2c  cups-1.1.14-15.4.3.legacy.i386.rpm
6368de7d9ff0873a75ab9398b2461a336baaf48a  cups-1.1.14-15.4.3.legacy.src.rpm
dffa268c42ec804e0707f03e8a1e5aea03308dcd  cups-devel-1.1.14-15.4.3.legacy.i386.rpm
2845820b9906a608f7eefb14b7584d85630bda2f  cups-libs-1.1.14-15.4.3.legacy.i386.rpm
 
rh9:
76c982cc31b237144f8ae9471dc8ce1d8acc5101  cups-1.1.17-13.3.0.12.legacy.i386.rpm
080cf3bb10b6bc74c247db8311a8af8575aca9aa  cups-1.1.17-13.3.0.12.legacy.src.rpm
7d464b8c06b7222e053e86985924de0bf79dc361 
cups-debuginfo-1.1.17-13.3.0.12.legacy.i386.rpm
93c6926875e0519a63d2c7539ff812ff4b4aab52 
cups-devel-1.1.17-13.3.0.12.legacy.i386.rpm
959afabb8b9bb4d9e16776e964f52f6deeb10a91  cups-libs-1.1.17-13.3.0.12.legacy.i386.rpm
 
fc1:
ef72a9d0377b63afa413594a7c20418facd61f01  cups-1.1.19-13.7.legacy.i386.rpm
7de5b207522e0ae5f1fb77c2d485838e7aa98dff  cups-1.1.19-13.7.legacy.src.rpm
352cec5de34073aab94d034926cfb470e031e586  cups-debuginfo-1.1.19-13.7.legacy.i386.rpm
92cc696110acd07023e9f88cde9390dfab958d71  cups-devel-1.1.19-13.7.legacy.i386.rpm
d9bb90e4e690260e1f8b5090eccefecf3f22e551  cups-libs-1.1.19-13.7.legacy.i386.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFByj+KtU2XAt1OWnsRAt0DAKC9+wUY44Go7pg973Hefx/1u8BqXACfUdfH
H1299UnqPxxyhW26YoOTdMs=
=DV21
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2004-12-23 09:48:11 ----

The 4 DJB issues have been given CAN-2004-1267 .. 1270.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for all the packages:
 - sources match fine
 - the patches for RHL9 and FC1 verified correspond to the various other
   patches (from xpdf, cups and CVS) -- a bit tricky due to different
naming.
 - RHL73 patches likewise, EXCEPT that I did not have to time to do lengthy
review on the xpdf-1.0 patches, but as they come from an already QA'd
package from bugzilla, that might be OK.
 - spec files reviewed to be OK.

+PUBLISH RHL9, FC1, (RHL73 with the xpdf caveat above)


6368de7d9ff0873a75ab9398b2461a336baaf48a  cups-1.1.14-15.4.3.legacy.src.rpm
080cf3bb10b6bc74c247db8311a8af8575aca9aa  cups-1.1.17-13.3.0.12.legacy.src.rpm
7de5b207522e0ae5f1fb77c2d485838e7aa98dff  cups-1.1.19-13.7.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByyDHGHbTkzxSL7QRAvjXAKC+I1B8CvHa7pDV2frJ3poSjgApvACaA1/C
CU2jdFZhHZ8vSbqxvw200T4=
=Aba0
-----END PGP SIGNATURE-----



------- Additional Comments From rob.myers@gtri.gatech.edu 2005-01-11 06:17:05 ----

this regression probably effects us as well:
http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00035.html

is it small enough to apply at mach build time?

Index: cups-str1023.patch
===================================================================
RCS file: /cvs/dist/rpms/cups/FC-2/cups-str1023.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- cups-str1023.patch  17 Dec 2004 11:41:45 -0000      1.1
+++ cups-str1023.patch  6 Jan 2005 12:58:26 -0000       1.2
@@ -216,7 +216,7 @@
   
    unlink(passwdold);
 -  link(passwdmd5, passwdold);
-+  if (link(passwdmd5, passwdold))
++  if (link(passwdmd5, passwdold) && errno != ENOENT)
 +  {
 +    perror("lppasswd: failed to backup old password file");
 +    unlink(passwdnew);




------- Additional Comments From pekkas@netcore.fi 2005-01-11 07:38:11 ----

Verified the patch, looks OK.  No problem for me to do that at mach.



------- Additional Comments From pekkas@netcore.fi 2005-01-19 04:08:15 ----

And CAN-2005-0064 affects cups as well, I think...



------- Additional Comments From rob.myers@gtri.gatech.edu 2005-01-19 06:21:47 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here are updated cups packages to QA for rh73, rh9, and fc1:
 
- - include upstream patch for xpdf CAN-2005-0064
- - include str-1023 regression fix
 
changelogs:
 
rh73:
* Wed Jan 19 2005 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.14-15.4.4.legacy
- - xpdf patch CAN-2005-0064
- - fix small regression in STR #1023 (FL bug #2127 comment 16)
 
rh9:
* Wed Jan 19 2005 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.17-13.3.0.13.legacy
- - xpdf patch CAN-2005-0064
- - fix small regression in STR #1023 (FL bug #2127 comment 16)
 
fc1:
* Wed Jan 19 2005 Rob Myers <rob.myers@gtri.gatech.edu> 1:1.1.19-13.8.legacy
- - xpdf patch CAN-2005-0064
- - fix small regression in STR #1023 (FL bug #2127 comment 16)
 
this file is available at:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/2127.txt.asc
 
files:
 
rh73:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.4.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.14-15.4.4.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
 
rh9:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.13.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.17-13.3.0.13.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.17-13.3.0.13.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
 
fc1:
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.8.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-1.1.19-13.8.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-debuginfo-1.1.19-13.8.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-devel-1.1.19-13.8.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/cups-libs-1.1.19-13.8.legacy.i386.rpm
 
sha1sums:
 
rh73:
7ed2968c4c1e7b43a30402e15dcd8ce34d6b1ff1  cups-1.1.14-15.4.4.legacy.i386.rpm
25b1cd126bbb96f1f607047401cdadedfadd89ef  cups-1.1.14-15.4.4.legacy.src.rpm
653f9f100fd17887a12bc39ffb3921cb55ff6039  cups-devel-1.1.14-15.4.4.legacy.i386.rpm
b71b0287812f4658f041abe915297a432ecef247  cups-libs-1.1.14-15.4.4.legacy.i386.rpm
 
rh9:
dc5ca3c2cf4c69356393744764da22220703f217  cups-1.1.17-13.3.0.13.legacy.i386.rpm
01e7ff08efcab42f9e72c00675ef67bd5419daac  cups-1.1.17-13.3.0.13.legacy.src.rpm
f99a8abf929a961127ba95fd88c945d749342229 
cups-debuginfo-1.1.17-13.3.0.13.legacy.i386.rpm
dab94c35bcb99f221da080700fe446ac05ab70aa 
cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
efbb95018549bc35400d2159bbc3be65cac2f9ed  cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
 
fc1:
9f6f61ab730839736c92847ee7933dbb36b5e000  cups-1.1.19-13.8.legacy.i386.rpm
ded577d3e4d1f5cc59d1252156d1f7b49840f295  cups-1.1.19-13.8.legacy.src.rpm
4f10aa72fed5a4907514512da9aeb813dfe61b94  cups-debuginfo-1.1.19-13.8.legacy.i386.rpm
9b6ececf481cfd2a841c99686739accf12292460  cups-devel-1.1.19-13.8.legacy.i386.rpm
9645205746c4810c60d760d4c15a372615f07ae1  cups-libs-1.1.19-13.8.legacy.i386.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFB7oiwtU2XAt1OWnsRAnHwAJwNcShJbYGnKelVU2lx7GGXkFo/2gCfaGg/
g4tDyebnKEtnH9jasqieBEc=
=tWXd
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2005-01-19 20:45:29 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for new cups RPMS w/ rpm-build-compare.sh:
 - source integrity OK
 - spec file changes minimal
 - patch verified to come from xpdf
 - regression modification verified
 
+PUBLISH (RHL73,RHL9,FC1)
 
25b1cd126bbb96f1f607047401cdadedfadd89ef  cups-1.1.14-15.4.4.legacy.src.rpm
01e7ff08efcab42f9e72c00675ef67bd5419daac  cups-1.1.17-13.3.0.13.legacy.src.rpm
ded577d3e4d1f5cc59d1252156d1f7b49840f295  cups-1.1.19-13.8.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFB71N4GHbTkzxSL7QRAnvWAJ4gu2VM8VyCoayJhpBQYDv0drzVqACfbJ2j
QKXSdGosqqJ56RhDaN9JZSA=
=8qle
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-04 12:39:05 ----

Packages built and pushed to updates-testing.



------- Additional Comments From sheltren@cs.ucsb.edu 2005-02-12 16:11:09 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Verifying packages for RH9/FC1:
c6fdf900397f732b510fbfa21a5fa977e984c2cb  cups-1.1.17-13.3.0.13.legacy.i386.rpm
a18781d8f285db684790d32b9a8eca4ca4504124 
cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
01741a487d1a9ffdede42fbe0e80f1bfa09250f7  cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm

9637c0555edd133c1fb8ef7c7818c3e794408e04  cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427  cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f  cups-libs-1.1.19-13.8.legacy.i386.rpm

Signatures are OK
Packages install OK
Able to add printers and print OK

RH9 VERIFY++
FC1 VERIFY++
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCDrasKe7MLJjUbNMRApw2AKC4Bnz9HXWBXDBgrNfm13UcB9a/bQCff6Fk
UN7HK19BS4gw1vrYBvoIys0=
=F6EY
-----END PGP SIGNATURE-----



------- Additional Comments From rob.myers@gtri.gatech.edu 2005-02-23 03:53:51 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

GPG signatures ok for these FC1 cups packages:
9637c0555edd133c1fb8ef7c7818c3e794408e04  cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427  cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f  cups-libs-1.1.19-13.8.legacy.i386.rpm

installs ok
prints ok

+VERIFY FC1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCHIq0tU2XAt1OWnsRAlc8AKDp6sHwhpytJyqifhG/EEfIDbHQSgCgnZNf
9ykxGE8z1h8PraJzS4upbfs=
=5Gzs
-----END PGP SIGNATURE-----



------- Additional Comments From pekkas@netcore.fi 2005-03-01 10:36:17 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for RHL73 version of cups:
 - PGP signature OK
 - installed nicely
 - I switched a local printer to use cups from LPRng, and printing works OK

+VERIFY RHL73

0db34c2e38a4041f73d2a78a9b2915f75a66c24a  cups-1.1.14-15.4.4.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCJNIUGHbTkzxSL7QRAgYFAKCpMWBK1nsYKP5aF6mm1Aahv3KEcgCeKZY3
KeJmLivu6REahyGEuzu9KkU=
=UzLK
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-02 14:25:36 ----

Packages were released to official updates.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:27 -------

This bug previously known as bug 2127 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2127
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-05-16 07:59:06 EDT
Nobody remembered to close this case :)

Note You need to log in before you can comment on or make changes to this bug.