| Summary: | cups-filters new security issue fixed upstream in 1.0.66 (CVE-2015-2265) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/636945/ | ||
| Whiteboard: | has_procedure advisory mga4-32-ok mga4-64-ok | ||
| Source RPM: | cups-filters | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-03-04 16:06:51 CET
Updated package uploaded for Cauldron. Patched package uploaded for Mageia 4. I haven't seen a CVE request for this. Advisory: ======================== Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars() function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the "lp" user, using forged print service announcements on DNS-SD servers (LinuxFoundation#1265). References: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 ======================== Updated packages in core/updates_testing: ======================== cups-filters-1.0.53-1.1.mga4 libcups-filters1-1.0.53-1.1.mga4 libcups-filters-devel-1.0.53-1.1.mga4 from cups-filters-1.0.53-1.1.mga4.src.rpm Version:
Cauldron =>
4 CVE request: http://openwall.com/lists/oss-security/2015/03/09/5 Fedora has issued an advisory for this on March 4: https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151662.html Ubuntu has issued an advisory for this today (March 16): http://www.ubuntu.com/usn/usn-2532-1/ I'm not sure where they got the CVE from. Advisory: ======================== Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars() function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the "lp" user, using forged print service announcements on DNS-SD servers (CVE-2015-2265). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2265 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 http://www.ubuntu.com/usn/usn-2532-1/ URL:
(none) =>
http://lwn.net/Vulnerabilities/636945/ To test this, just test cups-browsed. Share a printer via CUPS on a remote machine (on your LAN), then run the cups-browsed service locally. Things that use CUPS locally like KDE and LibreOffice should automatically see the remote printer within a minute. Whiteboard:
(none) =>
has_procedure Testing complete mga4 64 Tested printer sharing, ensured it is seen by remote cups server. Whiteboard:
has_procedure =>
has_procedure mga4-64-ok Advisory uploaded. Whiteboard:
has_procedure mga4-64-ok =>
has_procedure advisory mga4-64-ok Testing complete mga4 32 Checked the shared printer is still found with the updates installed Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0132.html Status:
NEW =>
RESOLVED |