CVE-2007-4045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4045): The CUPS service on SUSE Linux before 20070720 allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem.
Printing, please advise.
Created attachment 136006 [details, diff] cups-1.2.4-CVE-2007-4045.patch Patch from RedHat.
Created attachment 136007 [details, diff] cups-1.3.4-CVE-2007-4045.patch Patch from RedHat.
Fixed in following new revisions: cups-1.2.12-r3.ebuild cups-1.3.4-r3.ebuild
Sorry for delay. Arches, please test and mark stable net-print/cups-1.2.12-r3. Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
x86 stable
ppc64 stable
ppc stable
Compiles, merges, and works on amd64 for me. emerge --info: Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz Timestamp of tree: Sat, 08 Dec 2007 03:00:06 +0000 app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6, 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.cites.uiuc.edu/pub/gentoo/" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 berkdb bitmap-fonts cli cracklib crypt cups dri flac fortran gdbm gif gpm iconv ipv6 isdnlog jpeg kerberos midi mmx mp3 mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre perl png pppd python readline reflection session spl sse sse2 ssl tcpd test truetype-fonts type1-fonts unicode vorbis xorg xv zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="i810 vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Stable for HPPA.
amd64 done
Stable on sparc, tested with network printer only.
alpha/ia64 stable, thanks Tobias
all supported arches done, I vote YES here.
yes too, request filed.
GLSA 200712-14, thanks everyone.
GLSA is wrong, it says *>= 1.2.12-r4 & >= 1.3.5 are unaffected. There are neither 1.2.12-r4 nor 1.3.5.
(In reply to comment #17) > GLSA is wrong, it says *>= 1.2.12-r4 & >= 1.3.5 are unaffected. There are > neither 1.2.12-r4 nor 1.3.5. Please # emerge --sync If that does not help, change to a more up-to-date mirror.
Hello Robert, sorry for the noise, my bad. The new ebuilds just came down the pipe. Regards Sebastian
Does not affect current (2008.0) release. Removing release.
