mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
libcupsfilters: patch CVE-2024-47076
Details https://nvd.nist.gov/vuln/detail/CVE-2024-47076
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 1ef236b6c5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
@@ -0,0 +1,38 @@
|
|||||||
|
From 5f950f6a52c7453d76fb30dbc8d66bbc1cc682a3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||||
|
Date: Thu, 26 Sep 2024 23:09:29 +0200
|
||||||
|
Subject: [PATCH] CVE-2024-47076
|
||||||
|
|
||||||
|
cfGetPrinterAttributes5(): Validate response attributes before return
|
||||||
|
|
||||||
|
The destination can be corrupted or forged, so validate the response
|
||||||
|
to strenghten security measures.
|
||||||
|
|
||||||
|
CVE: CVE-2024-47076
|
||||||
|
Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018]
|
||||||
|
|
||||||
|
(cherry picked from commit 95576ec3d20c109332d14672a807353cdc551018)
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
cupsfilters/ipp.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
|
||||||
|
index a0814ae5..994c8dac 100644
|
||||||
|
--- a/cupsfilters/ipp.c
|
||||||
|
+++ b/cupsfilters/ipp.c
|
||||||
|
@@ -452,6 +452,14 @@ cfGetPrinterAttributes5(http_t *http_printer,
|
||||||
|
ippDelete(response2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ // Check if the response is valid
|
||||||
|
+ if (!ippValidateAttributes(response))
|
||||||
|
+ {
|
||||||
|
+ ippDelete(response);
|
||||||
|
+ response = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (have_http == 0) httpClose(http_printer);
|
||||||
|
if (uri) free(uri);
|
||||||
|
return (response);
|
||||||
@@ -8,6 +8,7 @@ DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff"
|
|||||||
SRC_URI = " \
|
SRC_URI = " \
|
||||||
https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
|
https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
|
||||||
file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
|
file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
|
||||||
|
file://0001-CVE-2024-47076.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601"
|
SRC_URI[sha256sum] = "542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user