[cups/f14] Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
Tim Waugh
twaugh at fedoraproject.org
Fri Aug 19 11:37:15 UTC 2011
commit cf15da723aa4d465b13a4a4ea7f7690393342e72
Author: Tim Waugh <twaugh at redhat.com>
Date: Fri Aug 19 11:35:13 2011 +0100
Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
cups-CVE-2011-2896.patch | 33 +++++++++++++++++++++++++++++++++
cups.spec | 8 +++++++-
2 files changed, 40 insertions(+), 1 deletions(-)
---
diff --git a/cups-CVE-2011-2896.patch b/cups-CVE-2011-2896.patch
new file mode 100644
index 0000000..a949b9d
--- /dev/null
+++ b/cups-CVE-2011-2896.patch
@@ -0,0 +1,33 @@
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896 2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c 2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp, /* I - File to
+
+ if (code == max_code)
+ {
+- *sp++ = firstcode;
+- code = oldcode;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode;
++
++ code = oldcode;
+ }
+
+- while (code >= clear_code)
++ while (code >= clear_code && sp < (stack + 8192))
+ {
+ *sp++ = table[1][code];
+ if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp, /* I - File to
+ code = table[0][code];
+ }
+
+- *sp++ = firstcode = table[1][code];
+- code = max_code;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode = table[1][code];
++
++ code = max_code;
+
+ if (code < 4096)
+ {
diff --git a/cups.spec b/cups.spec
index 2912b19..f602c5e 100644
--- a/cups.spec
+++ b/cups.spec
@@ -8,7 +8,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -66,6 +66,7 @@ Patch31: cups-dnssd-deviceid.patch
Patch32: cups-ricoh-deviceid-oid.patch
Patch33: cups-texttops-rotate-page.patch
Patch34: cups-polld-busy-loop.patch
+Patch35: cups-CVE-2011-2896.patch
Patch100: cups-lspp.patch
@@ -266,6 +267,8 @@ module.
%patch33 -p1 -b .texttops-rotate-page
# Avoid busy loop in cups-polld (bug #720921).
%patch34 -p1 -b .polld-busy-loop
+# Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+%patch35 -p1 -b .CVE-2011-2896
%if %lspp
# LSPP support.
@@ -574,6 +577,9 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so
%changelog
+* Fri Aug 19 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.8-2
+- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+
* Tue Jul 26 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.8-1
- 1.4.8
More information about the scm-commits
mailing list