[Bugs] [Bug 13508] New: [CVE 21] cups 2.3.3op2 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Авг 23 23:18:35 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13508

          Platform: 2021.1
            Bug ID: 13508
           Summary: [CVE 21] cups 2.3.3op2  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-26691, CVE-2023-34241,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package cups version 2.3.3op2

INFO (CVEs are): cups 2.3.3op2
 cves found
CVE-2022-26691
Desc: A logic issue was addressed with improved state management. This issue is
fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur
11.6.5. An application may be able to gain elevated privileges.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-26691
Severity: MEDIUM
CVE-2023-34241
Desc: OpenPrinting CUPS is a standards-based, open source printing system for
Linux and other Unix-like operating systems. Starting in version 2.0.0 and
prior to version 2.4.6, CUPS logs data of free memory to the logging service
AFTER the connection has been closed, when it should have logged the data right
before. This is a use-after-free bug that impacts the entire cupsd process.

The exact cause of this issue is the function `httpClose(con->http)` being
called in `scheduler/client.c`. The problem is that httpClose always, provided
its argument is not null, frees the pointer at the end of the call, only for
cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in
function `cupsdAcceptClient` if LogLevel is warn or higher and in two
scenarios: there is a double-lookup for the IP Address (HostNameLookups Double
is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP
wrappers and the connection is refused by rules from `/etc/hosts.allow` and
`/etc/hosts.deny`.

Version 2.4.6 has a patch for this issue.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-34241
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/d23ea222/attachment-0001.html>

Подробная информация о списке рассылки Bugs