First Last Prev Next    This bug is not in your last search results.
Bug 715643 - VUL-0: cups: gif_read_lzw function in filter/image-gif.c LZW handling
VUL-0: cups: gif_read_lzw function in filter/image-gif.c LZW handling
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
All SUSE Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle10-sp4:43333 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-02 08:00 UTC by Thomas Biege
Modified: 2018-10-19 18:08 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2011-09-02 08:00:16 UTC 
Hi.
There is a security bug in package 'cups'.

This bug is public.

There is no coordinated release date (CRD) set.

CVE number: CVE-2011-3170
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
CVSS v2 Base Score: 5.1 (moderate) (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Buffer Errors (CWE-119)


Original posting:


 allows remote heap-based buffer overflow
CVE-ID: CVE-2011-3170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170


The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-YYYY-NNN.


Current Votes:
None (candidate not yet proposed)
Comment 1 Johannes Meixner 2011-09-15 09:18:38 UTC 
CUPS upstream bug report
http://www.cups.org/str.php?L3914
with patch
http://www.cups.org/strfiles/3914/str3914.patch
and a test.gif to reproduce it
http://www.cups.org/strfiles/3914/test.gif

Submitted fixed cups to SUSE:SLE-11-SP1:Update:Test
via submitrequest 15007
Comment 2 Johannes Meixner 2011-09-15 09:41:47 UTC 
For SLE-10-SP3/4 I reopened bnc#671735 because I will fix this
together with bnc#715643 CVE-2011-3170 and bnc#711490 CVE-2011-2896
Comment 3 Johannes Meixner 2011-09-15 13:54:39 UTC 
Submitted fixed cups to SUSE:SLE-10-SP3:Update:Test
via submitrequest 15090
Comment 9 Swamp Workflow Management 2011-09-16 12:21:07 UTC 
The SWAMPID for this issue is 43219.
This issue was rated as moderate.
Please submit fixed packages until 2011-09-30.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 15 Sebastian Krahmer 2011-10-17 09:29:50 UTC 
done
Comment 16 Swamp Workflow Management 2011-10-17 12:58:21 UTC 
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 17 Swamp Workflow Management 2011-10-17 19:09:41 UTC 
Update released for: cups, cups-client, cups-devel, cups-libs
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 18 Swamp Workflow Management 2011-10-17 20:00:56 UTC 
Update released for: cups, cups-client, cups-debuginfo, cups-debugsource, cups-devel, cups-libs, cups-libs-32bit, cups-libs-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 19 Swamp Workflow Management 2011-10-17 20:11:02 UTC 
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86
Products:
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
First Last Prev Next    This bug is not in your last search results.