| Summary: | cups-filters new security issues CVE-2013-647[3-6] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | eatdirt, filorin, lewyssmith, mageia, sysadmin-bugs, thierry.vignaud |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/590371/ | ||
| Whiteboard: | advisory mga4-32-ok mga4-64-ok | ||
| Source RPM: | cups-filters | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-03-12 16:31:50 CET
David Walser
2014-03-12 16:31:59 CET
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO LWN reference for CVE-2013-647[4-6]: http://lwn.net/Vulnerabilities/590371/ LWN reference for CVE-2013-6473: http://lwn.net/Vulnerabilities/590377/ URL:
(none) =>
http://lwn.net/Vulnerabilities/590371/ The issues are fixed upstream in cups-filters 1.0.47. We have a newer version in Cauldron, so it's not affected. cups-filters does not exist in Mageia 3, and the affected code is not in our cups package in Mageia 3. Patched cups-filters package uploaded for Mageia 4. Advisory: ======================== Updated cups-filters packages fix security vulnerabilities: Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476 http://www.ubuntu.com/usn/usn-2143-1/ ======================== Updated packages in core/updates_testing: ======================== cups-filters-1.0.41-3.2.mga4 libcups-filters1-1.0.41-3.2.mga4 libcups-filters-devel-1.0.41-3.2.mga4 from cups-filters-1.0.41-3.2.mga4.src.rpm CC:
(none) =>
thierry.vignaud No regressions noticed mga4 64 with a Canon ip4950 printer I can still print on mga4 x64_86 with a network printer (ricoh). CC:
(none) =>
dirteat After updating my system, i do not notice any regression on my HP Deskjet 1510 or anywhere else in my system. On mga i586. CC:
(none) =>
filorin.mageia Testing MGA4 64-bit real hardware, printer = KonicaMinolta Magicolour 1600w After applying the update, the printer still works OK. CC:
(none) =>
lewyssmith Thanks everybody for the tests. Validating. Advisory uploaded. Could sysadmin please push to 4 updates Thanks Keywords:
(none) =>
validated_update http://advisories.mageia.org/MGASA-2014-0170.html Status:
NEW =>
RESOLVED |