Debian Bug report logs - #467653
cupsys: CVE-2008-0882 remote denial of service

version graph

Package: cupsys; Maintainer for cupsys is (unknown);

Reported by: Nico Golde <nion@debian.org>

Date: Tue, 26 Feb 2008 18:09:03 UTC

Severity: grave

Tags: patch, security

Found in version cupsys/1.3.5-1

Fixed in versions cupsys/1.3.6-1, cupsys/1.3.5-1+lenny1, cupsys/1.2.7-4etch3

Done: Martin Pitt <mpitt@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#467653; Package cupsys. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: cupsys: CVE-2008-0882 remote denial of service
Date: Tue, 26 Feb 2008 19:07:50 +0100
[Message part 1 (text/plain, inline)]
Package: cupsys
Version: 1.3.5-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cupsys.

CVE-2008-0882[0]:
| Double free vulnerability in the process_browse_data function in CUPS
| 1.3.5 allows remote attackers to cause a denial of service (daemon
| crash) and possibly execute arbitrary code via crafted packets to the
| cupsd port (631/udp), related to an unspecified manipulation of a
| remote printer.  NOTE: some of these details are obtained from third
| party information.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

Patches can be found on:
http://www.cups.org/str.php?L2656

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Bug marked as fixed in version 1.3.6-1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 27 Feb 2008 15:51:03 GMT) Full text and rfc822 format available.

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 467653-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 467653-close@bugs.debian.org
Subject: Bug#467653: fixed in cupsys 1.3.5-1+lenny1
Date: Tue, 11 Mar 2008 13:17:05 +0000
Source: cupsys
Source-Version: 1.3.5-1+lenny1

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.3.5-1+lenny1_i386.deb
cupsys-client_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.3.5-1+lenny1_i386.deb
cupsys-common_1.3.5-1+lenny1_all.deb
  to pool/main/c/cupsys/cupsys-common_1.3.5-1+lenny1_all.deb
cupsys-dbg_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.3.5-1+lenny1_i386.deb
cupsys_1.3.5-1+lenny1.diff.gz
  to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1.diff.gz
cupsys_1.3.5-1+lenny1.dsc
  to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1.dsc
cupsys_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1_i386.deb
libcupsimage2-dev_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.3.5-1+lenny1_i386.deb
libcupsimage2_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.3.5-1+lenny1_i386.deb
libcupsys2-dev_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.3.5-1+lenny1_i386.deb
libcupsys2_1.3.5-1+lenny1_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.3.5-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 467653@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 10 Mar 2008 16:28:06 +0100
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common cupsys-dbg
Architecture: source all i386
Version: 1.3.5-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 467653
Changes: 
 cupsys (1.3.5-1+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by security team.
   * Add CVE-2008-0882.dpatch to fix a double free programming error in
     the process_browse_data that allows remote users to trigger a daemon crash
     and thus and possibly execute arbitrary code (Closes: #467653).
Files: 
 2d458a14c6eaffe2943b9fcc3179f312 1184 net optional cupsys_1.3.5-1+lenny1.dsc
 7ceefb2be5e7c88fb243f587928251c1 4866646 net optional cupsys_1.3.5.orig.tar.gz
 85ff3a660956e7b7dcfff89141de0833 109696 net optional cupsys_1.3.5-1+lenny1.diff.gz
 6d0e93d6210b2ae519961383e385d438 1143948 net optional cupsys-common_1.3.5-1+lenny1_all.deb
 1efa6cb23b0b80382c9925ff8b0e004a 164630 libs optional libcupsys2_1.3.5-1+lenny1_i386.deb
 e1d6ecec4e596fa3afbbe143fdbb4d8a 88264 libs optional libcupsimage2_1.3.5-1+lenny1_i386.deb
 6adbad851e31b7c827f661037dd8e958 2106940 net optional cupsys_1.3.5-1+lenny1_i386.deb
 12d043a84e99fc21dea9b5527b1ad89f 87050 net optional cupsys-client_1.3.5-1+lenny1_i386.deb
 82d78b3ccd41450498ae7d531e21493e 142104 libdevel optional libcupsys2-dev_1.3.5-1+lenny1_i386.deb
 b0b8323dbaecbf1dbbb74d174c8936b1 58178 libdevel optional libcupsimage2-dev_1.3.5-1+lenny1_i386.deb
 4ebd049708413492f65754182aa0d942 36674 net extra cupsys-bsd_1.3.5-1+lenny1_i386.deb
 eefc8a6ad1ee8f768fb1a6077c6aa2b6 1045324 libdevel extra cupsys-dbg_1.3.5-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH1WmuHYflSXNkfP8RAsrAAKCeeDpPnwEmYig+Jyua7Tq29IcYMQCfe24f
NtaobLUkzpG8JjzG1zBm5GA=
=UAec
-----END PGP SIGNATURE-----





Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 467653-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 467653-close@bugs.debian.org
Subject: Bug#467653: fixed in cupsys 1.2.7-4etch3
Date: Fri, 11 Apr 2008 19:52:38 +0000
Source: cupsys
Source-Version: 1.2.7-4etch3

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb
cupsys-client_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb
cupsys-common_1.2.7-4etch3_all.deb
  to pool/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb
cupsys-dbg_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb
cupsys_1.2.7-4etch3.diff.gz
  to pool/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz
cupsys_1.2.7-4etch3.dsc
  to pool/main/c/cupsys/cupsys_1.2.7-4etch3.dsc
cupsys_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb
libcupsimage2-dev_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb
libcupsimage2_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb
libcupsys2-dev_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb
libcupsys2-gnutls10_1.2.7-4etch3_all.deb
  to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb
libcupsys2_1.2.7-4etch3_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 467653@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 22 Mar 2008 13:12:42 +0100
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch3
Distribution: stable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 467653 472105
Changes: 
 cupsys (1.2.7-4etch3) stable-security; urgency=high
 .
   * Add 72_CVE-2008-0047.dpatch:  Fix buffer overflow in cgiCompileSearch()
     using crafted search expressions. Exploitable if printer sharing is
     enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
   * Add 73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(),
     which could be exploited to a remote DoS by sending crafted data to the
     cups UDP port. Thanks to Nico Golde for the report and dpatchifying!
     (CVE-2008-0882, STR #2656, Closes: #467653)
   * 47_pid.dpatch: Specify PidFile in temporary directory in the self test's
     cupsd.conf. This affects the test suite (in the sense that it actually
     works now) and does not affect the built binaries at all. (Backported from
     trunk).
Files: 
 0276f8e59e00181d39d204a28494d18c 1084 net optional cupsys_1.2.7-4etch3.dsc
 b684811e24921a7574798108ac6988d7 104776 net optional cupsys_1.2.7-4etch3.diff.gz
 0b4ce3e9c2af460c5b694b906f450b12 45654 libs optional libcupsys2-gnutls10_1.2.7-4etch3_all.deb
 65b1ff3cb7b8bbbe3b334ee43875aac4 927322 net optional cupsys-common_1.2.7-4etch3_all.deb
 c029e686ec624c2fdf156f885d1daf5c 160080 libs optional libcupsys2_1.2.7-4etch3_i386.deb
 aebef9f4a309afdff01a7cce17b6f57b 86674 libs optional libcupsimage2_1.2.7-4etch3_i386.deb
 7c19a56cb4a782487e104a01f31e0b47 1565044 net optional cupsys_1.2.7-4etch3_i386.deb
 7460f7b76d597bcb02bdc0fe5897a32a 79892 net optional cupsys-client_1.2.7-4etch3_i386.deb
 b726701fdb3e8948e5111e2e831bf853 137686 libdevel optional libcupsys2-dev_1.2.7-4etch3_i386.deb
 b45cf2a324d52524244351d213c8be41 53418 libdevel optional libcupsimage2-dev_1.2.7-4etch3_i386.deb
 fa90419b34b6733ef32f13797e4606f3 37600 net extra cupsys-bsd_1.2.7-4etch3_i386.deb
 e754dc8df237302fac7019754e42352b 997608 libdevel extra cupsys-dbg_1.2.7-4etch3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH5d/TYrVLjBFATsMRAoZ3AJ0Rx/qG88XHgPkp7MqFsvFqRopvRQCfY1wC
0N01eA9Dxu1e0ujH6cHfA2E=
=fUAX
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 10 Jun 2008 07:38:33 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:25:10 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.