rpms/cups
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1657750 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [fedora-all]

Browse Source
This commit is contained in:
Zdenek Dohnal 2018-12-10 15:29:24 +01:00
parent f68ad8183f
commit 13d9a7ab2b
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 316b67f05..12f3c8344 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
+ struct timeval curtime; /* Current time */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";
- CUPS_SRAND(time(NULL));
+ gettimeofday(&curtime, NULL);
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,

8
cups.spec
View File

@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.2.8 Version: 2.2.8
Release: 6%{?dist} Release: 7%{?dist}
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -107,6 +107,8 @@ Patch44: cups-ippeve-webui.patch
Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch
# 1622432 - multiple file job can stuck when data transfer is interrupted, so now it is aborted (https://github.com/apple/cups/pull/5413) # 1622432 - multiple file job can stuck when data transfer is interrupted, so now it is aborted (https://github.com/apple/cups/pull/5413)
Patch46: 0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch Patch46: 0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch
# 1657750 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [fedora-all]
Patch47: 0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch
##### Patches removed because IMHO they aren't no longer needed ##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal ##### but still I'll leave them in git in case their removal
@ -356,6 +358,7 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
# fixed covscan issues from upstream # fixed covscan issues from upstream
%patch45 -p1 -b .covscan %patch45 -p1 -b .covscan
%patch46 -p1 -b .multifile-stuck %patch46 -p1 -b .multifile-stuck
%patch47 -p1 -b .predictable-cookie
# if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be # if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be
# in cupsd.conf to disable cupsd logrotate functionality and use logrotated # in cupsd.conf to disable cupsd logrotate functionality and use logrotated
@ -749,6 +752,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz %{_mandir}/man5/ipptoolfile.5.gz
%changelog %changelog
* Mon Dec 10 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.8-7
- 1657750 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [fedora-all]
* Fri Nov 09 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.8-6 * Fri Nov 09 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.8-6
- 1622432 - Jobs with multiple files don't complete when backend fails - 1622432 - Jobs with multiple files don't complete when backend fails
- 1648396 - 'cupsd[998]: [CGI] Unable to execute ippfind utility: No such file or directory' in journal - 1648396 - 'cupsd[998]: [CGI] Unable to execute ippfind utility: No such file or directory' in journal