Bug 711490 - VUL-1: cups: LZW heap corruption (CVE-2011-2896)
VUL-1: cups: LZW heap corruption (CVE-2011-2896)
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle10-sp4:43333 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-10 11:25 UTC by Thomas Biege
Modified: 2019-05-01 14:47 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Johannes Meixner 2011-09-15 09:13:51 UTC
Reopening because I will fix this one
together with bug #715643

CUPS upstream bug report
http://www.cups.org/str.php?L3867
with patch
http://www.cups.org/strfiles/3867/str3867.patch
and a fuzzed.gif to reproduce it
http://www.cups.org/strfiles/3867/fuzzed.gif
Comment 6 Johannes Meixner 2011-09-15 09:18:41 UTC
Submitted fixed cups to SUSE:SLE-11-SP1:Update:Test
via submitrequest 15007
Comment 7 Johannes Meixner 2011-09-15 09:41:43 UTC
For SLE-10-SP3/4 I reopened bnc#671735 because I will fix this
together with bnc#715643 CVE-2011-3170 and bnc#711490 CVE-2011-2896
Comment 8 Johannes Meixner 2011-09-15 13:54:43 UTC
Submitted fixed cups to SUSE:SLE-10-SP3:Update:Test
via submitrequest 15090
Comment 18 Sebastian Krahmer 2011-10-17 09:30:03 UTC
done
Comment 19 Sebastian Krahmer 2011-10-17 09:30:52 UTC
.
Comment 20 Swamp Workflow Management 2011-10-17 12:58:16 UTC
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 21 Swamp Workflow Management 2011-10-17 19:09:39 UTC
Update released for: cups, cups-client, cups-devel, cups-libs
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 22 Swamp Workflow Management 2011-10-17 20:00:54 UTC
Update released for: cups, cups-client, cups-debuginfo, cups-debugsource, cups-devel, cups-libs, cups-libs-32bit, cups-libs-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 23 Swamp Workflow Management 2011-10-17 20:11:00 UTC
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86
Products:
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)