Bug 13002 - cups-filters new security issues CVE-2013-647[3-6]
: cups-filters new security issues CVE-2013-647[3-6]
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/590371/
: advisory mga4-32-ok mga4-64-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-03-12 16:31 CET by David Walser
Modified: 2014-04-15 20:11 CEST (History)
6 users (show)

See Also:
Source RPM: cups-filters
CVE:
Status comment:


Attachments

Description David Walser 2014-03-12 16:31:50 CET
Ubuntu has issued advisories today (March 12):
http://www.ubuntu.com/usn/usn-2143-1/
http://www.ubuntu.com/usn/usn-2144-1/

Mageia 3 and Mageia 4 are also affected.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-03-12 18:29:16 CET
LWN reference for CVE-2013-647[4-6]:
http://lwn.net/Vulnerabilities/590371/

LWN reference for CVE-2013-6473:
http://lwn.net/Vulnerabilities/590377/
Comment 2 David Walser 2014-04-01 00:28:37 CEST
The issues are fixed upstream in cups-filters 1.0.47.  We have a newer version in Cauldron, so it's not affected.

cups-filters does not exist in Mageia 3, and the affected code is not in our cups package in Mageia 3.

Patched cups-filters package uploaded for Mageia 4.

Advisory:
========================

Updated cups-filters packages fix security vulnerabilities:

Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6473).

Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6474,
CVE-2013-6475).

Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user
(CVE-2013-6476).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476
http://www.ubuntu.com/usn/usn-2143-1/
========================

Updated packages in core/updates_testing:
========================
cups-filters-1.0.41-3.2.mga4
libcups-filters1-1.0.41-3.2.mga4
libcups-filters-devel-1.0.41-3.2.mga4

from cups-filters-1.0.41-3.2.mga4.src.rpm
Comment 3 claire robinson 2014-04-08 17:00:33 CEST
No regressions noticed mga4 64 with a Canon ip4950 printer
Comment 4 Chris Denice 2014-04-09 17:23:17 CEST
I can still print on mga4 x64_86 with a network printer (ricoh).
Comment 5 Guillaume 2014-04-13 09:23:37 CEST
After updating my system, i do not notice any regression on my HP Deskjet 1510 or anywhere else in my system.
On mga i586.
Comment 6 Lewis Smith 2014-04-13 20:14:18 CEST
Testing MGA4 64-bit real hardware, printer = KonicaMinolta Magicolour 1600w

After applying the update, the printer still works OK.
Comment 7 claire robinson 2014-04-14 17:44:33 CEST
Thanks everybody for the tests.

Validating. Advisory uploaded.

Could sysadmin please push to 4 updates

Thanks
Comment 8 Damien Lallement 2014-04-15 20:11:13 CEST
http://advisories.mageia.org/MGASA-2014-0170.html

Note You need to log in before you can comment on or make changes to this bug.