oem-qa team mailing list archive

Thread
Date
[Bug 329293] Re: Please update cupsys to the generic version for hardy to fix several security vulnerabilities

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: Henry Hall <hlh@xxxxxxxxxxxxx>
Date: Thu, 02 Apr 2009 15:49:02 -0000
Reply-to: Bug 329293 <329293@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Updated status and assigned to oem-security

** Changed in: dell-mini
   Importance: Undecided => Critical

** Changed in: dell-mini
       Status: New => Triaged

** Changed in: dell-mini
     Assignee: (unassigned) => Canonical OEM Security (oem-security)

-- 
Please update cupsys to the generic version for hardy to fix several security vulnerabilities
https://bugs.launchpad.net/bugs/329293
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Triaged

Bug description:
Cupsys in hardy for the dell mini is in version 1.3.7-1ubuntu3 which is affected by several security vulnerabilities. The version in generic hardy ( 1.3.7-1ubuntu3) includes already the patches. So those should be ported to hardy for the mini. 

Changelog:

cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service by adding a large number of RSS
    subscriptions (LP: #298241)
    - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
      being reached in scheduler/{ipp.c,subscriptions.c}.
    - CVE-2008-5183
  * SECURITY UPDATE: unauthorized access to RSS subscription functions in
    web interface (LP: #298241)
    - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated
      in /cgi-bin/admin.c.
    - CVE-2008-5184
  * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
    image with a large height value
    - This issue was introduced in the patch for CVE-2008-1722.
    - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
      instead of img->ysize so we don't overflow in filter/image-png.c.
    - CVE-2008-5286
  * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
    - debian/filters/pstopdf: use the cleaned-up version from Debian.
    - CVE-2008-5377

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 08 Jan 2009 10:29:38 -0500 

cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low

  * debian/rules: Install the serial backend with 0700 permissions to make it
    run as root, since /dev/ttyS* are root:dialout and thus not accessible as
    user "lp". (LP: #154277)

 -- Martin Pitt <martin.pitt@xxxxxxxxxx>  Wed, 26 Nov 2008 14:30:00 +0000

cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust
      filter/image-sgilib.c to properly check for xsize. Taken from Debian
      patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust
      textcommon.c and texttops.c to check for too large or negative page
      metrics. Taken from Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust
      hpgl-attr.c to properly check for an invalid number of pens. Also
      includes fix for regression in orginal upstream patch which changed
      the color mapping and an off-by-one loop error. Taken from Debian patch
      by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

 -- Jamie Strandboge <jamie@xxxxxxxxxx>  Tue, 14 Oct 2008 13:17:07 -0500