From f14097377db1a182a5e035b85e8948ed72ee2b64 Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Tue, 1 Oct 2024 13:01:00 +0200 Subject: [PATCH] CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes Resolves: RHEL-60330 --- ...ibutes5-Validate-response-attributes.patch | 19 +++++++++++++++++++ cups-filters.spec | 3 +++ 2 files changed, 22 insertions(+) create mode 100644 0001-cfGetPrinterAttributes5-Validate-response-attributes.patch diff --git a/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch b/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch new file mode 100644 index 0000000..fde51bd --- /dev/null +++ b/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch @@ -0,0 +1,19 @@ +diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c +index 2c3b740..6b2b784 100644 +--- a/cupsfilters/ipp.c ++++ b/cupsfilters/ipp.c +@@ -377,6 +377,14 @@ get_printer_attributes5(http_t *http_printer, + total_attrs); + ippDelete(response); + } else { ++ ++ // Check if the response is valid ++ if (!ippValidateAttributes(response)) ++ { ++ ippDelete(response); ++ response = NULL; ++ } ++ + /* Suitable response, we are done */ + if (have_http == 0) httpClose(http_printer); + if (uri) free(uri); diff --git a/cups-filters.spec b/cups-filters.spec index 6e6511f..63f809b 100644 --- a/cups-filters.spec +++ b/cups-filters.spec @@ -46,6 +46,8 @@ Patch05: 0001-Use-description-location-from-server-if-available-ot.patch Patch06: browsed-ignore-NULL-attrs.patch # CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file Patch07: cups-filters-CVE-2024-47175.patch +# CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes +Patch08: 0001-cfGetPrinterAttributes5-Validate-response-attributes.patch # autogen.sh @@ -445,6 +447,7 @@ fi %changelog * Tue Oct 01 2024 Zdenek Dohnal - 1.28.7-18 - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file +- CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes * Tue Aug 06 2024 Zdenek Dohnal - 1.28.7-17 - RHEL-46785 - fix errors during installability tests about modified cups-browsed.conf