Re: [OE-core] [OE-core,mickledore][PATCH] cups: Fix CVE-2023-32324

Wed, 21 Jun 2023 07:23:22 -0700 

On Tue, Jun 20, 2023 at 10:03 PM Sanjaykumar kantibhai Chitroda -X
(schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
<schitrod=cisco....@lists.openembedded.org> wrote:
>
> Hi Steve,
>
> CVE fix for cups package is accepted and merged on master.
> https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e
>
> Is there any comment for similar fix on mickledore branch?

Hi Sanjay,

It is in the current test queue for mickledore, which you can browse at:

https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Steve

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org 
> <openembedded-core@lists.openembedded.org> On Behalf Of Sanjaykumar kantibhai 
> Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
> Sent: Wednesday, June 14, 2023 1:00 AM
> To: openembedded-core@lists.openembedded.org
> Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 
> <schit...@cisco.com>
> Subject: [OE-core] [OE-core,mickledore][PATCH] cups: Fix CVE-2023-32324
>
> OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and 
> prior, a heap buffer overflow vulnerability would allow a remote attacker to 
> launch a denial of service (DoS) attack. A buffer overflow vulnerability in 
> the function `format_log_line` could allow remote attackers to cause a DoS on 
> the affected system. Exploitation of the vulnerability can be triggered when 
> the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. 
> No known patches or workarounds exist at time of publication.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2023-32324
> https://security-tracker.debian.org/tracker/CVE-2023-32324
>
> Upstream Patch:
> https://github.com/OpenPrinting/cups/commit/fd8bc2d32589
>
> Signed-off-by: Sanjay Chitroda <schit...@cisco.com>
> ---
>  meta/recipes-extended/cups/cups.inc           |  1 +
>  .../cups/cups/CVE-2023-32324.patch            | 36 +++++++++++++++++++
>  2 files changed, 37 insertions(+)
>  create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
>
> diff --git a/meta/recipes-extended/cups/cups.inc 
> b/meta/recipes-extended/cups/cups.inc
> index da320b1085..d77758fd3f 100644
> --- a/meta/recipes-extended/cups/cups.inc
> +++ b/meta/recipes-extended/cups/cups.inc
> @@ -15,6 +15,7 @@ SRC_URI = 
> "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
>             file://0004-cups-fix-multilib-install-file-conflicts.patch \
>             file://volatiles.99_cups \
>             file://cups-volatiles.conf \
> +           file://CVE-2023-32324.patch \
>             "
>
>  GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases";
> diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32324.patch 
> b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
> new file mode 100644
> index 0000000000..40b89c9899
> --- /dev/null
> +++ b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
> @@ -0,0 +1,36 @@
> +From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001
> +From: Zdenek Dohnal <zdoh...@redhat.com>
> +Date: Thu, 1 Jun 2023 12:04:00 +0200
> +Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes
> +CVE-2023-32324)
> +
> +CVE: CVE-2023-32324
> +Upstream-Status: Backport
> +[https://github.com/OpenPrinting/cups/commit/fd8bc2d32589]
> +
> +(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e)
> +Signed-off-by: Sanjay Chitroda <schit...@cisco.com>
> +---
> + cups/string.c | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/cups/string.c b/cups/string.c index 93cdad19..6ef58515
> +100644
> +--- a/cups/string.c
> ++++ b/cups/string.c
> +@@ -1,6 +1,7 @@
> + /*
> +  * String functions for CUPS.
> +  *
> ++ * Copyright © 2023 by OpenPrinting.
> +  * Copyright © 2007-2019 by Apple Inc.
> +  * Copyright © 1997-2007 by Easy Software Products.
> +  *
> +@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,             /* O - 
> Destination string */
> +   size_t      srclen;                 /* Length of source string */
> +
> +
> ++  if (size == 0)
> ++    return (0);
> ++
> +  /*
> +   * Figure out how much room is needed...
> +   */
> --
> 2.35.6
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183184): 
https://lists.openembedded.org/g/openembedded-core/message/183184
Mute This Topic: https://lists.openembedded.org/mt/99513254/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
  • ... Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
    • ... Steve Sakoman

Reply via email to