170881 2007-03-14 14:14 0000 net-print/cups DoS (CVE-2007-0720) 2007-06-24 23:30:14 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720 A3 [glsa+] Falco P2 normal --- 136902 1 jaervosz@gentoo.org security@gentoo.org lars@chaotika.org mips@gentoo.org printing@gentoo.org jaervosz@gentoo.org 2007-03-14 14:14:52 0000 This seems not only to affect Apple. It should be fixed in cups 1.2.7. The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. falco@gentoo.org 2007-03-15 21:17:22 0000 bâ :( aetius@gentoo.org 2007-03-24 22:55:15 0000 bug is public: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232243 1.2.9 is already in the tree. Arches, please stabilize 1.2.9 (unless there are objections). aetius@gentoo.org 2007-03-24 22:57:45 0000 Note that per the Red Hat bug 1.1 is also affected. corsair@gentoo.org 2007-03-25 09:28:03 0000 ppc64 stable (1.2.9) dertobi123@gentoo.org 2007-03-25 10:26:40 0000 ppc stable maekke@gentoo.org 2007-03-25 11:28:16 0000 net-print/cups-1.2.9 USE="X dbus jpeg ldap nls pam png ppds samba ssl tiff -php -slp" 1. emerges on x86 2. passes collision test 3. net-print/libgnomecups-0.2.2 emerges with it 4. works Portage 2.1.2.2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19.7 i686) ================================================================= System uname: 2.6.19.7 i686 AMD Athlon(TM) XP1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 25 Mar 2007 09:30:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php4/ext-active/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ticho@gentoo.org 2007-03-25 19:39:27 0000 x86 done gustavoz@gentoo.org 2007-03-26 14:32:37 0000 sparc stable. wolf31o2@gentoo.org 2007-03-27 00:22:47 0000 alpha/amd64/ia64 done wolf31o2@gentoo.org 2007-03-27 00:26:19 0000 Crap... OK... not alpha (yet)... which version should I be stabilizing there? jer@gentoo.org 2007-03-27 04:49:30 0000 Stable for HPPA. jaervosz@gentoo.org 2007-03-27 06:51:33 0000 Pulling in maintainers now. Printing tt appears that 1.2.x is not working on alpha could you provide a fixed ebuild for 1.1.x as well? genstef@gentoo.org 2007-03-27 08:43:27 0000 I was under the impression that alpha have not yet payed attention to cups-1.2. See bug 136902 Where do you know from that it doesnt work on alpha? Can the individual who tested it please also comment there and explain why he believes that cups-1.2 does not work on alpha? Have marked the other bug as depend of this one for now. jaervosz@gentoo.org 2007-03-27 09:24:02 0000 @genstef I presumed (perhaps wrongly) that it was not working and alpha was not slacking. Chris please comment. wolf31o2@gentoo.org 2007-03-27 15:43:54 0000 I asked which versions I should be stabilizing. If I should be marking 1.2.9 (and deps) straight to stable, then just tell me as much. jaervosz@gentoo.org 2007-03-28 06:15:44 0000 This is only fixed in 1.2.9 so target keywords are: cups-1.2.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" I hope this covers everything. wolf31o2@gentoo.org 2007-03-29 14:32:41 0000 Alpha done... jaervosz@gentoo.org 2007-04-16 15:47:31 0000 *** Bug 174801 has been marked as a duplicate of this bug. *** lkundrak@v3.sk 2007-04-17 12:08:39 0000 Please note that the timeout actually fixes nothing. Tell Mr. Sweet, and he'll tell you that you are and idiot and that the DoS with just one connection and few bytes sent is equal to distributed DoS with hundreds of requests and resources spent and can not be fixed. Users should be warned somehow that they shouldn't expose the web interfaces to their print servers to Internet. That would be a good practice anyways. ('I' in "IPP" actually stands for "Intranet", not?) See attachment 151009 in Red Hat BTS for a PoC. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232241 jaervosz@gentoo.org 2007-05-02 11:54:11 0000 GLSA 200703-28