CUPS 2.0.3 has been released today (June 8), fixing two security issues: http://www.cups.org/blog.php?L1082 The security issues are here: http://www.cups.org/str.php?L4609 http://www.cups.org/str.php?L4602 SuSE has issued an advisory for the first issue today: http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00002.html The upstream bugs linked above have links to patches. Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Debian-LTS issued an advisory for CUPS: http://lwn.net/Vulnerabilities/647613/ It lists CVE-2015-1158 and CVE-2015-1159. It's not clear where those CVEs came from, or what, if any, relationship they have to the issues fixed in 2.0.3.
(In reply to David Walser from comment #1) > Debian-LTS issued an advisory for CUPS: > http://lwn.net/Vulnerabilities/647613/ > > It lists CVE-2015-1158 and CVE-2015-1159. It's not clear where those CVEs > came from, or what, if any, relationship they have to the issues fixed in > 2.0.3. Debian and Ubuntu have issued advisories for these today: https://www.debian.org/security/2015/dsa-3283 http://www.ubuntu.com/usn/usn-2629-1/ According to Ubuntu, both CVEs are associated with the first security bug fixed upstream in 2.0.3: http://www.cups.org/str.php?L4609 They've also indicated this as a high-severity issue.
Summary: cups new security issues fixed upstream in 2.0.3 => cups new security issues fixed upstream in 2.0.3 (including CVE-2015-1158 and CVE-2015-1159)
Patches for both STR#4609 and STR#4602 committed into Mageia 4 and Cauldron SVN.
Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated cups packages fix security vulnerabilities: It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code (CVE-2015-1158). It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings (CVE-2015-1159). It was discovered that the CUPS server can get stuck in an infinite loop when a user queues a malformed gzip file. When this happens the CUPS server will be unable to service any further requests (STR#4602). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1159 http://www.cups.org/str.php?L4609 http://www.cups.org/str.php?L4602 http://www.ubuntu.com/usn/usn-2629-1/ ======================== Updated packages in core/updates_testing: ======================== cups-1.7.0-7.5.mga4 cups-common-1.7.0-7.5.mga4 libcups2-devel-1.7.0-7.5.mga4 libcups2-1.7.0-7.5.mga4 cups-filesystem-1.7.0-7.5.mga4 from cups-1.7.0-7.5.mga4.src.rpm
Version: Cauldron => 4Assignee: thierry.vignaud => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
MGA4-64 on HP Probook 6555b No installation issues testing from Comment 4 ref http://www.cups.org/str.php?L4602 Deleted printer from MCC, installed it again. Printed a small file: OK Downloaded the gziphang.dat from the ref above and followed the lp command. Printed again the small file, ensuring that printing was not blocked by the testcase: works OK.
CC: (none) => herman.viaeneWhiteboard: (none) => has_procedure MGA4-64-OK
Advisory added to svn. Currently, the qa team is validating updates if they work on either arch. Can someone from the sysadmin team please push the cups update.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0247.html
Status: NEW => RESOLVEDResolution: (none) => FIXED