[Fedora] Schwachstelle in CUPS – FEDORA-2011-11221

[Fedora] Schwachstelle in CUPS - FEDORA-2011-11221

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CUPS nutzt zum Dekodieren von GIF-Dateien die Implementierung aus
PBMPLUS.

CVE-2011-2896 – Schwachstelle im GIF Decoder von PBMPLUS

In der GIF Decoder Implementierung in PBMPLUS kann in der Funktion
LZWReadByte() bei der Behandlung bestimmter Daten in komprimierten
Dateien eine Endlosschleife oder ein Heap-Overflow ausgeloest werden.
Ein entfernter Angreifer kann diese Schwachstelle mit einer
manipulierten GIF-Datei ausnutzen, um schlimmstenfalls beliebige Befehle
mit den Rechten der Anwendung, welche die Implementierung nutzt, zur
Ausfuehrung zu bringen.

Betroffen sind die folgenden Software Pakete und Plattformen:

Paket cups

Fedora 14

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —

Michael Groening (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

– ——————————————————————————–
Fedora Update Notification
FEDORA-2011-11221
2011-08-19 21:18:04
– ——————————————————————————–

Name : cups
Product : Fedora 14
Version : 1.4.8
Release : 2.fc14
URL : http://www.cups.org/
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

– ——————————————————————————–
Update Information:

This update avoids a GIF reader loop (CVE-2011-2896).
The new upstream release fixes a number of scheduler, driver, and backend issues.
– ——————————————————————————–
ChangeLog:

* Fri Aug 19 2011 Tim Waugh 1:1.4.8-2
– – Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
* Tue Jul 26 2011 Jiri Popelka 1:1.4.8-1
– – 1.4.8
* Wed Jul 20 2011 Tim Waugh 1:1.4.7-8
– – Don’t delete job data files when restarted (STR #3880).
* Fri Jul 15 2011 Tim Waugh 1:1.4.7-7
– – Ship an rpm macro for where to put driver executables.
* Wed Jul 13 2011 Tim Waugh 1:1.4.7-6
– – Avoid busy loop in cups-polld (bug #720921).
* Thu Jul 7 2011 Jiri Popelka 1:1.4.7-5
– – Fix SNMP supply level crasher (STR #3875, bug #719057).
* Thu Jul 7 2011 Tim Waugh 1:1.4.7-4
– – Undo last change which had no effect. We already remove the .SILENT
target from the Makefile as part of the build.
* Thu Jul 7 2011 Tim Waugh 1:1.4.7-3
– – Make build log verbose enough to include compiler flags used.
* Wed Jun 29 2011 Tim Waugh 1:1.4.7-2
– – Tag localization files correctly (bug #716421).
* Tue Jun 28 2011 Jiri Popelka 1:1.4.7-1
– – 1.4.7.
* Thu Mar 10 2011 Tim Waugh 1:1.4.6-7
– – LSPP: only warn when unable to get printer context.
* Fri Feb 25 2011 Tim Waugh 1:1.4.6-6
– – Fixed build failure due to php_zend_api macro type.
* Fri Feb 25 2011 Tim Waugh 1:1.4.6-5
– – Fixed dbus notifier support for job-state-changed.
* Thu Feb 10 2011 Jiri Popelka 1:1.4.6-4
– – Remove testing cups-usb-buffer-size.patch (bug #661814).
* Tue Jan 18 2011 Tim Waugh 1:1.4.6-3
– – Don’t use –enable-pie configure option as it has been removed and
is now assumed. See STR #3691.
* Mon Jan 10 2011 Tim Waugh 1:1.4.6-2
– – Use a smaller buffer when writing to USB devices (bug #661814).
– – Handle EAI_NONAME when resolving hostnames (bug #617208).
* Fri Jan 7 2011 Jiri Popelka 1:1.4.6-1
– – 1.4.6.
* Wed Dec 22 2010 Tim Waugh 1:1.4.5-4
– – Don’t crash when job queued for browsed printer that times out
(bug #660604).
* Mon Dec 13 2010 Jiri Popelka 1:1.4.5-3
– – Call avc_init() only once to not leak file descriptors (bug #654075).
* Fri Dec 3 2010 Jiri Popelka 1:1.4.5-2
– – Changed subsystem lock file name in initscript
so the service is correctly stopped on reboot or halt (bug #659391).
* Fri Nov 12 2010 Jiri Popelka 1:1.4.5-1
– – 1.4.5.
– – No longer need CVE-2010-2941, str3608
* Thu Nov 11 2010 Tim Waugh 1:1.4.4-11
– – Applied patch to fix cupsd memory corruption vulnerability
(CVE-2010-2941, bug #652161).
– – Don’t crash when MIME database could not be loaded (bug #610088).
* Wed Sep 29 2010 jkeating – 1:1.4.4-10.1
– – Rebuilt for gcc bug 634757
– ——————————————————————————–
References:

[ 1 ] Bug #727800 – CVE-2011-2896 David Koblas’ GIF decoder LZW decoder buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=727800
– ——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
– ——————————————————————————–

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJOahHqAAoJEJtyb8U7iGZBl4sIAJiK/V5QFYzE+Vyu3xQ56MdL
LJPoBLmKkdD9BbxCgQfReTCB9wHgx0BZfJJYGEAjYCkle2IeakfKvr/B7mV8WpOM
VV6L5ewD7SjXBnHK/FKBC9h1WC5pGJasPhRLzswGVXt/JL+kq8obujIebt1RDBr3
uDA+j33gxb+cvUQOFpAVJZgadABE1RVEC7QEeguRRcSNywB+0IzofXGpcRzvLiw2
VswhtUCBEtzJenBw3vQoZyXF2haZDr9s9CJuNn+NTu/JRxunt46zGMBl4AmkQ8jq
klQcRPlWG48nfPe/zmtLS3vV1o2hn0GLk+TkP6Kr3+/2AETC4E8/qvAHptMJKiI=
=7Mga
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben