CUPS 2.0.2 has been announced on February 9: https://www.cups.org/blog.php?L738 It fixes one security issue: https://www.cups.org/str.php?L4551 The patch to fix it is attached there. It's not immediately clear from the report of Mageia 4 is affected (will have to check the patch). A CVE has been requested for this: http://openwall.com/lists/oss-security/2015/02/10/15 Reproducible: Steps to Reproduce:
This has been assigned CVE-2014-9679: http://openwall.com/lists/oss-security/2015/02/12/12
Summary: cups new security issue fixed upstream in 2.0.2 => cups new security issue fixed upstream in 2.0.2 (CVE-2014-9679)
Fixed in cups-2.0.2-1.mga5 by Thierry. Thanks Thierry! I confirmed the issue is present in 1.7.0 also. Patched package uploaded for Mageia 4. Advisory: ======================== Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 https://www.cups.org/str.php?L4551 http://openwall.com/lists/oss-security/2015/02/12/12 ======================== Updated packages in core/updates_testing: ======================== cups-1.7.0-7.4.mga4 cups-common-1.7.0-7.4.mga4 libcups2-devel-1.7.0-7.4.mga4 libcups2-1.7.0-7.4.mga4 cups-filesystem-1.7.0-7.4.mga4 from cups-1.7.0-7.4.mga4.src.rpm
CC: (none) => thierry.vignaudVersion: Cauldron => 4Assignee: thierry.vignaud => qa-bugs
Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time. Printing tested with hp and canon printers. Printers configured, shared etc. All Ok
Whiteboard: (none) => mga4-32-ok mga4-64-ok
Advisory uploaded.
Whiteboard: mga4-32-ok mga4-64-ok => advisory mga4-32-ok mga4-64-ok
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Validating. Please push to 4 updates
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0067.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/633546/