rpms/cups
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-11-25 12:10:16 +00:00
parent 9d5439db61
commit dfb2c3fcd9
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
SOURCES/CVE-2025-58364.patch Normal file
View File

@ -0,0 +1,46 @@
diff -up cups-2.2.6/cups/ipp.c.cve-2025-58364 cups-2.2.6/cups/ipp.c
--- cups-2.2.6/cups/ipp.c.cve-2025-58364 2025-10-22 10:15:10.072426099 +0200
+++ cups-2.2.6/cups/ipp.c 2025-10-22 10:20:00.117427768 +0200
@@ -3050,34 +3050,6 @@ ippReadIO(void *src, /* I - Data
*/
tag = (ipp_tag_t)buffer[0];
- if (tag == IPP_TAG_EXTENSION)
- {
- /*
- * Read 32-bit "extension" tag...
- */
-
- if ((*cb)(src, buffer, 4) < 1)
- {
- DEBUG_puts("1ippReadIO: Callback returned EOF/error");
- _cupsBufferRelease((char *)buffer);
- return (IPP_STATE_ERROR);
- }
-
- tag = (ipp_tag_t)((((((buffer[0] << 8) | buffer[1]) << 8) |
- buffer[2]) << 8) | buffer[3]);
-
- if (tag & IPP_TAG_CUPS_CONST)
- {
- /*
- * Fail if the high bit is set in the tag...
- */
-
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1);
- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag));
- _cupsBufferRelease((char *)buffer);
- return (IPP_STATE_ERROR);
- }
- }
if (tag == IPP_TAG_END)
{
@@ -3286,6 +3258,7 @@ ippReadIO(void *src, /* I - Data
if ((*cb)(src, buffer, (size_t)n) < n)
{
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1);
DEBUG_puts("1ippReadIO: unable to read name.");
_cupsBufferRelease((char *)buffer);
return (IPP_STATE_ERROR);

9
SPECS/cups.spec
View File

@ -22,7 +22,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 63%{?dist}
Release: 64%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -193,6 +193,8 @@ Patch95: 0001-ppdize-preset-and-template-names.patch
Patch96: 0001-Fix-make-and-model-whitespace-trimming-Issue-1096.patch
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
Patch97: CVE-2025-58060.patch
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
Patch98: CVE-2025-58364.patch
Patch1000: cups-lspp.patch
@ -523,6 +525,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch96 -p1 -b .make-model-trim
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
%patch97 -p1 -b .cve-2025-58060
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
%patch98 -p1 -b .cve-2025-58364
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -950,6 +954,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Wed Oct 22 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-64
- RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
* Thu Sep 04 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-63
- RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling