diff --git a/CVE-2019-2228.patch b/CVE-2019-2228.patch new file mode 100644 index 0000000000000000000000000000000000000000..6daa793b6f976159a645c8c1cff6afc5dd12fbd7 --- /dev/null +++ b/CVE-2019-2228.patch @@ -0,0 +1,40 @@ +From a7f63f254bcb43f52dc45ab5d883ae6517678544 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Fri, 13 Dec 2019 09:30:46 -0500 +Subject: [PATCH] CVE-2019-2228: Fix ippSetValueTag validation of default + language. + +--- + CHANGES.md | 2 ++ + cups/ipp.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/CHANGES.md b/CHANGES.md +index 7220dc9..06f96bc 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -5,6 +5,8 @@ CHANGES - 2.2.8 - 2018-06-05 + Changes in CUPS v2.2.8 + ---------------------- + ++- CVE-2019-2228: The `ippSetValuetag` function did not validate the default ++ language value. + - Additional changes for the scheduler to substitute default values for invalid + job attributes when running in "relaxed conformance" mode (Issue #5229) + - The `ipptool` program no longer checks for duplicate attributes when running +diff --git a/cups/ipp.c b/cups/ipp.c +index 5807de8..1143550 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -4654,7 +4654,7 @@ ippSetValueTag( + return (0); + + if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name && +- !strcmp(ipp->attrs->next->name, "attributes-natural-language")) ++ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE) + { + /* + * Use the language code from the IPP message... +-- +1.8.3.1 + diff --git a/cups.spec b/cups.spec index 2b76804981daeae2a5f624961bbf2b68b52eb274..489e3e2ed2412157287fbf840b7d326b538ad47c 100644 --- a/cups.spec +++ b/cups.spec @@ -1,7 +1,7 @@ Name: cups Epoch: 1 Version: 2.2.8 -Release: 8 +Release: 9 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: GPLv2+ and LGPLv2+ with exceptions and AML Url: http://www.cups.org/ @@ -39,6 +39,7 @@ Patch44: cups-ippeve-webui.patch Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch Patch6000: CVE-2018-4300.patch Patch6001: CVE-2019-8675-CVE-2019-8696.patch +Patch6002: CVE-2019-2228.patch Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat @@ -331,6 +332,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Thu Mar 26 chenzhen - 2.2.8-9 +- Type:cves +- ID:CVE-2019-2228 +- SUG:restart +- DESC: fix CVE-2019-2228 + * Sat Jan 11 2020 openEuler Buildteam - 2.2.8-8 - Type:enhancement - ID:NA