From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>,
Olivier Schonken <olivier.schonken@gmail.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/cups-filters: fix CVE-2023-24805
Date: Sat, 4 Nov 2023 21:16:49 +0100 [thread overview]
Message-ID: <20231104211649.6e10a0ef@windsurf> (raw)
In-Reply-To: <20231001191522.1799946-1-fontaine.fabrice@gmail.com>
On Sun, 1 Oct 2023 21:15:22 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Fix CVE-2023-24805: cups-filters contains backends, filters, and other
> software required to get the cups printing service working on operating
> systems other than macos. If you use the Backend Error Handler (beh) to
> create an accessible network printer, this security vulnerability can
> cause remote code execution. `beh.c` contains the line `retval =
> system(cmdline) >> 8;` which calls the `system` command with the operand
> `cmdline`. `cmdline` contains multiple user controlled, unsanitized
> values. As a result an attacker with network access to the hosted print
> server can exploit this vulnerability to inject system commands which
> are executed in the context of the running server. This issue has been
> addressed in commit `8f2740357` and is expected to be bundled in the
> next release. Users are advised to upgrade when possible and to restrict
> access to network printers in the meantime.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...ecv-instead-of-system-CVE-2023-24805.patch | 208 ++++++++++++++++++
> package/cups-filters/cups-filters.mk | 3 +
> 2 files changed, 211 insertions(+)
> create mode 100644 package/cups-filters/0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-11-04 20:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-01 19:15 [Buildroot] [PATCH 1/1] package/cups-filters: fix CVE-2023-24805 Fabrice Fontaine
2023-11-04 20:16 ` Thomas Petazzoni via buildroot [this message]
2023-11-09 11:17 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231104211649.6e10a0ef@windsurf \
--to=buildroot@buildroot.org \
--cc=angelo.compagnucci@gmail.com \
--cc=fontaine.fabrice@gmail.com \
--cc=olivier.schonken@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.