Bug 1211643 (CVE-2023-32324)

https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
is now public accessible

public

via oss-security

From: Zdenek Dohnal <zdohnal@redhat.com>
Subject: [oss-security] [vs] CVE-2023-32324 heap buffer overflow in cupsd
Date: Thu, 1 Jun 2023 12:35:16 +0200

there is currently embargoed CVE-2023-32324 in cups project:


      Summary

A heap buffer overflow vulnerability would allow a remote attacker to 
lauch a dos attack.


      Details

A buffer overflow vulnerability in the function |format_log_line| could 
allow remote attackers to cause a denial-of-service(DoS) on the affected 
system (not verified for possible arbitrary code execution).

The vulnerability affects the commit #c0c4037 and the latest commit 
#4310a07 on the GitHub master branch as well as the latest release 
version v2.4.2. I have only tested these versions so far.

Exploitation of the vulnerability can be triggered when the 
configuration file |cupsd.conf| sets the value of |loglevel |to |DEBUG| 
if the log location is set to a file.


      Reproduce
...

Submitted fix to openSUSE:Factory:
----------------------------------------------------------------
# osc request accept 1090271 \
 --message="Fix for CVE-2023-32324 \
            Heap buffer overflow in cupsd bsc#1211643"

Result of change request state: ok
openSUSE:Factory 
Forward this submit to it? ([y]/n)y
The following submit requests are already open: 990954, 1042341.
Supersede the old requests? (y/n/c) y
Fix for CVE-2023-32324 Heap buffer overflow in cupsd bsc#1211643
 (forwarded request 1090271 from jsmeix)
New request # 1090272
----------------------------------------------------------------

This is an autogenerated message for OBS integration:
This bug (1211643) was mentioned in
https://build.opensuse.org/request/show/1090272 Factory / cups

SUSE-SU-2023:2347-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1211643
CVE References: CVE-2023-32324
Sources used:
openSUSE Leap Micro 5.3 (src): cups-2.2.7-150000.3.43.1
openSUSE Leap 15.4 (src): cups-2.2.7-150000.3.43.1
openSUSE Leap 15.5 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.4 (src): cups-2.2.7-150000.3.43.1
Basesystem Module 15-SP4 (src): cups-2.2.7-150000.3.43.1
Basesystem Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
Desktop Applications Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
Development Tools Module 15-SP4 (src): cups-2.2.7-150000.3.43.1
Development Tools Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Real Time 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Proxy 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Retail Branch Server 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Server 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Enterprise Storage 7.1 (src): cups-2.2.7-150000.3.43.1
SUSE Enterprise Storage 7 (src): cups-2.2.7-150000.3.43.1
SUSE CaaS Platform 4.0 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): cups-2.2.7-150000.3.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2023:2346-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1211643
CVE References: CVE-2023-32324
Sources used:
SUSE OpenStack Cloud 9 (src): cups-1.7.5-20.39.1
SUSE OpenStack Cloud Crowbar 9 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): cups-1.7.5-20.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

https://build.opensuse.org/request/show/1090272
is accepted so this issue is FIXED.