SUSE has issued an advisory today (February 2): https://lists.suse.com/pipermail/sle-security-updates/2021-February/008267.html The issue is fixed upstream in 2.3.3op2. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 2.3.3op2Whiteboard: (none) => MGA7TOO
cups-2.3.3op2-1.mga8 uploaded for Cauldron by Thierry.
Assignee: bugsquad => thierry.vignaudVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)
openSUSE has issued an advisory for this today (February 5): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EYJFJX2GGKH4VAMYMTSR5TZZO2F2HPHC/
Fedora has issued an advisory for this on February 7: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5UJW2PDBQXOWGEVBB2UJEFJCOTDQXG7H/
patch added in mga7: src: - cups-2.2.13-1.5.mga7
Status comment: Fixed upstream in 2.3.3op2 => (none)Assignee: thierry.vignaud => qa-bugsCC: (none) => mageia
RPMs: cups-2.2.13-1.5.mga7 cups-common-2.2.13-1.5.mga7 libcups2-devel-2.2.13-1.5.mga7 libcups2-2.2.13-1.5.mga7 cups-filesystem-2.2.13-1.5.mga7
Advisory: ======================== Updated cups packages fix security vulnerability: Out-of-bounds read in the ippReadIO function (CVE-2020-10001). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EYJFJX2GGKH4VAMYMTSR5TZZO2F2HPHC/
Installed and tested without issue. Printer: HP Officejet 4658 (USB connection) System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. Tested printing (color, gray) and scanning. HP Device Manager works without issues. $ uname -a Linux marte 5.10.19-desktop-1.mga7 #1 SMP Fri Feb 26 23:48:09 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep cups | sort cups-2.2.13-1.5.mga7 cups-common-2.2.13-1.5.mga7 cups-drivers-foo2zjs-0.0-1.20121012.11.mga7 cups-filesystem-2.2.13-1.5.mga7 cups-filters-1.22.5-1.mga7 cups-pk-helper-0.2.6-3.mga7 gutenprint-cups-5.2.14-2.mga7 lib64cups2-2.2.13-1.5.mga7 lib64cups-filters1-1.22.5-1.mga7 libcups2-2.2.13-1.5.mga7 python3-cups-1.9.74-2.mga7 $ dmesg | tail -n 20 | grep usb [ 3182.141668] usb 1-1: new high-speed USB device number 9 using ehci-pci [ 3182.270520] usb 1-1: New USB device found, idVendor=03f0, idProduct=d911, bcdDevice= 1.00 [ 3182.270528] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3182.270531] usb 1-1: Product: OfficeJet 4650 series [ 3182.270534] usb 1-1: Manufacturer: HP [ 3182.270536] usb 1-1: SerialNumber: <SNIP> [ 3182.335359] usblp 1-1:1.1: usblp1: USB Bidirectional printer dev 9 if 1 alt 0 proto 2 vid 0x03F0 pid 0xD911 [ 3182.335403] usbcore: registered new interface driver usblp
CC: (none) => mageia
Also installed and tested without issues. Printers: HP Deskjet 5650, Color Laserjet CP1215. Both connected via usb. System: Mageia 7 x86_64, Plasma i5 2500, Intel i915 graphics. Removed an old, now inoperable Officejet 6110, obtained updates, installed the Laserjet, printed test pages in color and monochrome. Left system-config-printer and opened the HP Device Manager. Printed another test page from the Laserjet and one from the Deskjet. Examined cups information for both. Giving this an OK, and validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA7-64-OKKeywords: (none) => validated_update
Agree, no regression on this M7 64 Plasma system. Able to print and to change settings. Advisory committed to SVN.
CVE: (none) => CVE-2020-10001Keywords: (none) => advisoryCC: (none) => ouaurelien
OK also here M7 64 Plasma, Canon on ethernet, and Boomaga
CC: (none) => fri
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0116.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED