Bug 438117 (CVE-2008-0053) - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
Summary: CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2008-0053
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 438347 438348 438349 438350 438351 440042
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-19 07:55 UTC by Tomas Hoger
Modified: 2021-11-12 19:47 UTC (History)
2 users (show)

Fixed In Version: 1.2.12-10.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-04-09 05:13:15 UTC
Embargoed:


Attachments (Terms of Use)
Upstream patch (1.62 KB, patch)
2008-03-20 08:14 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0192 0 normal SHIPPED_LIVE Moderate: cups security update 2008-04-01 14:10:09 UTC
Red Hat Product Errata RHSA-2008:0206 0 normal SHIPPED_LIVE Moderate: cups security update 2008-04-01 14:23:56 UTC

Description Tomas Hoger 2008-03-19 07:55:31 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0053 to the following vulnerability:

Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation."

References:
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Comment 1 Tomas Hoger 2008-03-19 07:57:29 UTC
Listed in APPLE-SA-2008-03-18 along with CVE-2008-0882:

CUPS
CVE-ID:  CVE-2008-0053, CVE-2008-0882
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description:  Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6. These issues do not affect systems prior to Mac OS X
v10.5.

Comment 3 Tomas Hoger 2008-03-20 08:14:45 UTC
Created attachment 298651 [details]
Upstream patch

According to upstream, this CVE id was allocated for following issue fixed in
CUPS 1.3.6 (see CHANGES.txt):

- Fixed two overflow bugs in the HP-GL/2 filter (Coverity)

Comment 10 Fedora Update System 2008-04-01 16:20:16 UTC
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7

Comment 12 Fedora Update System 2008-04-09 05:13:06 UTC
cups-1.2.12-10.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Red Hat Product Security 2008-04-09 06:22:38 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0192.html
  http://rhn.redhat.com/errata/RHSA-2008-0206.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2897


Note You need to log in before you can comment on or make changes to this bug.