- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729).
This commit is contained in:
parent
96894a57b6
commit
a5bf04c3a5
14
cups-CVE-2008-0047.patch
Normal file
14
cups-CVE-2008-0047.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c
|
||||||
|
--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 2008-01-16 22:20:33.000000000 +0000
|
||||||
|
+++ cups-1.3.6/cgi-bin/search.c 2008-04-01 16:41:30.000000000 +0100
|
||||||
|
@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query) /* I
|
||||||
|
* string + RE overhead...
|
||||||
|
*/
|
||||||
|
|
||||||
|
- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
|
||||||
|
+ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
|
||||||
|
+ if (lword)
|
||||||
|
+ wlen += strlen(lword);
|
||||||
|
|
||||||
|
if (wlen > slen)
|
||||||
|
{
|
22
cups-CVE-2008-1373.patch
Normal file
22
cups-CVE-2008-1373.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
diff -up cups-1.3.6/filter/image-gif.c.CVE-2008-1373 cups-1.3.6/filter/image-gif.c
|
||||||
|
--- cups-1.3.6/filter/image-gif.c.CVE-2008-1373 2008-01-14 22:12:58.000000000 +0000
|
||||||
|
+++ cups-1.3.6/filter/image-gif.c 2008-04-01 16:43:22.000000000 +0100
|
||||||
|
@@ -38,6 +38,8 @@
|
||||||
|
#define GIF_INTERLACE 0x40
|
||||||
|
#define GIF_COLORMAP 0x80
|
||||||
|
|
||||||
|
+#define MAX_LWZ_BITS 12
|
||||||
|
+
|
||||||
|
typedef cups_ib_t gif_cmap_t[256][4];
|
||||||
|
typedef short gif_table_t[4096];
|
||||||
|
|
||||||
|
@@ -465,6 +467,9 @@ gif_read_image(FILE *fp, /* I -
|
||||||
|
if (!pixels)
|
||||||
|
return (-1);
|
||||||
|
|
||||||
|
+ if (code_size > MAX_LWZ_BITS)
|
||||||
|
+ return (-1);
|
||||||
|
+
|
||||||
|
if (gif_read_lzw(fp, 1, code_size) < 0)
|
||||||
|
{
|
||||||
|
free(pixels);
|
11
cups.spec
11
cups.spec
@ -7,7 +7,7 @@
|
|||||||
Summary: Common Unix Printing System
|
Summary: Common Unix Printing System
|
||||||
Name: cups
|
Name: cups
|
||||||
Version: 1.3.6
|
Version: 1.3.6
|
||||||
Release: 8%{?svn:.svn%{svn}}%{?dist}
|
Release: 9%{?svn:.svn%{svn}}%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
|
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
|
||||||
@ -48,6 +48,8 @@ Patch23: cups-logrotate.patch
|
|||||||
Patch25: cups-usb-paperout.patch
|
Patch25: cups-usb-paperout.patch
|
||||||
Patch26: cups-str2715.patch
|
Patch26: cups-str2715.patch
|
||||||
Patch27: cups-str2727.patch
|
Patch27: cups-str2727.patch
|
||||||
|
Patch28: cups-CVE-2008-0047.patch
|
||||||
|
Patch29: cups-CVE-2008-1373.patch
|
||||||
Patch100: cups-lspp.patch
|
Patch100: cups-lspp.patch
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Url: http://www.cups.org/
|
Url: http://www.cups.org/
|
||||||
@ -165,6 +167,8 @@ lpd emulation.
|
|||||||
%patch25 -p1 -b .usb-paperout
|
%patch25 -p1 -b .usb-paperout
|
||||||
%patch26 -p1 -b .str2715
|
%patch26 -p1 -b .str2715
|
||||||
%patch27 -p1 -b .str2727
|
%patch27 -p1 -b .str2727
|
||||||
|
%patch28 -p1 -b .CVE-2008-0047
|
||||||
|
%patch29 -p1 -b .CVE-2008-1373
|
||||||
|
|
||||||
%if %lspp
|
%if %lspp
|
||||||
%patch100 -p1 -b .lspp
|
%patch100 -p1 -b .lspp
|
||||||
@ -441,6 +445,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{cups_serverbin}/daemon/cups-lpd
|
%{cups_serverbin}/daemon/cups-lpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.6-9
|
||||||
|
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
|
||||||
|
- Applied patch to prevent heap-based buffer overflow in CUPS helper
|
||||||
|
program (bug #436153, CVE-2008-0047, STR #2729).
|
||||||
|
|
||||||
* Thu Apr 1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.6-8
|
* Thu Apr 1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.6-8
|
||||||
- Ship a few doc files (bug #438598).
|
- Ship a few doc files (bug #438598).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user