Bug 438117 - (CVE-2008-0053) CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20080319,public=2...
: Security
Depends On: 438347 438348 438349 438350 438351 440042
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-19 03:55 EDT by Tomas Hoger
Modified: 2008-04-09 02:22 EDT (History)
2 users (show)

See Also:
Fixed In Version: 1.2.12-10.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-09 01:13:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch (1.62 KB, patch)
2008-03-20 04:14 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-03-19 03:55:31 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0053 to the following vulnerability:

Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation."

References:
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Comment 1 Tomas Hoger 2008-03-19 03:57:29 EDT
Listed in APPLE-SA-2008-03-18 along with CVE-2008-0882:

CUPS
CVE-ID:  CVE-2008-0053, CVE-2008-0882
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description:  Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6. These issues do not affect systems prior to Mac OS X
v10.5.
Comment 3 Tomas Hoger 2008-03-20 04:14:45 EDT
Created attachment 298651 [details]
Upstream patch

According to upstream, this CVE id was allocated for following issue fixed in
CUPS 1.3.6 (see CHANGES.txt):

- Fixed two overflow bugs in the HP-GL/2 filter (Coverity)
Comment 10 Fedora Update System 2008-04-01 12:20:16 EDT
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
Comment 12 Fedora Update System 2008-04-09 01:13:06 EDT
cups-1.2.12-10.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Red Hat Product Security 2008-04-09 02:22:38 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0192.html
  http://rhn.redhat.com/errata/RHSA-2008-0206.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2897

Note You need to log in before you can comment on or make changes to this bug.