diff --git a/hplip-3.9.8-CVE-2010-4267.patch b/hplip-3.9.8-CVE-2010-4267.patch new file mode 100644 index 0000000..17101ec --- /dev/null +++ b/hplip-3.9.8-CVE-2010-4267.patch @@ -0,0 +1,11 @@ +--- io/hpmud/pml.c.orig 2009-08-04 23:37:25.000000000 +0200 ++++ io/hpmud/pml.c 2010-12-17 13:09:28.000000000 +0100 +@@ -504,6 +504,8 @@ enum HPMUD_RESULT hpmud_get_pml(HPMUD_DE + p += 2; /* eat type and length */ + } + ++ if (dLen > buf_size) ++ dLen = buf_size; + memcpy(buf, p, dLen); + *bytes_read = dLen; + *type = dt; diff --git a/hplip.changes b/hplip.changes index bc3a2a4..3a403d7 100644 --- a/hplip.changes +++ b/hplip.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 13 16:29:01 CET 2011 - jsmeix@suse.de + +- hplip-3.9.8-CVE-2010-4267.patch fixes a remote buffer overflow + (CVE-2010-4267 and Novell/Suse Bugzilla bnc#336658). + ------------------------------------------------------------------- Wed Dec 29 15:52:56 UTC 2010 - gber@opensuse.org diff --git a/hplip.spec b/hplip.spec index ee1dbb6..d19a7a6 100644 --- a/hplip.spec +++ b/hplip.spec @@ -42,6 +42,8 @@ Source0: %{name}-%{version}.tar.bz2 # Patch10 fixes "... is used uninitialized ..." warnings: Patch10: fix-uninitialized-variables.diff # Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source. +# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixes a remote buffer overflow in hpmud/pml.c: +Patch12: hplip-3.9.8-CVE-2010-4267.patch # Source100... is for special Suse sources: # Source100 is the primary source for the suse_update_desktop_file stuff. # It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip': @@ -267,6 +269,9 @@ Authors: # Patch10 fix-uninitialized-variables.diff # fixes "... is used uninitialized ..." warnings: %patch10 +# Patch12 hplip-3.9.8-CVE-2010-4267.patch +# fixes a remote buffer overflow in hpmud/pml.c: +%patch12 # Patch101 change-udev-rules.diff # changes the udev rules files 55-hpmud.rules and 56-hpmud_support.rules: %patch101