First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 211449
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 211449 depends on: Show dependency tree
Bug 211449 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-02-25 20:58 0000 
A vulnerability has been discovered in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.

 The vulnerability is caused due to an error within the "process_browse_data()"
function when adding printers and classes. This can be exploited to free the
same buffer twice by sending specially crafted browser packets to the UDP port
on which cupsd is listening (by default port 631/UDP).

 Successful exploitation may allow execution of arbitrary code.

------- Comment #1 From Sune Kloppenborg Jeppesen 2008-02-26 20:34:15 0000 ------- 
printing please advise.

------- Comment #2 From Timo Gurr 2008-02-28 20:29:42 0000 ------- 
cups-1.2.12-r5.ebuild applying cups-1.2.12-CVE-2008-0882.patch commited to the
tree.
I also removed cups-1.3.5, cups >=1.3.6 not vulnerable.

------- Comment #3 From Christian Faulhammer 2008-02-29 07:52:14 0000 ------- 
Arches please do net-print/cups-1.2.12-r5

target keywords  are alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh
sparc ~sparc-fbsd x86 ~x86-fbsd

------- Comment #4 From Christian Faulhammer 2008-02-29 08:56:25 0000 ------- 
x86 stable

------- Comment #5 From Jeroen Roovers 2008-02-29 15:13:33 0000 ------- 
Stable for HPPA.

------- Comment #6 From Ferris McCormick 2008-02-29 17:03:22 0000 ------- 
Sparc stable.  Verified with network printers only, both ps and pdf files.

------- Comment #7 From Raúl Porcel 2008-03-02 15:02:50 0000 ------- 
alpha/ia64 stable, thanks Tobias

------- Comment #8 From Markus Rothe 2008-03-02 20:32:54 0000 ------- 
ppc64 stable

------- Comment #9 From Richard Freeman 2008-03-02 22:02:45 0000 ------- 
amd64 stable

------- Comment #10 From Tobias Scherbaum 2008-03-04 20:31:34 0000 ------- 
ppc stable

------- Comment #11 From Peter Volkov 2008-03-05 06:36:14 0000 ------- 
Fixed in release snapshot.

------- Comment #12 From Robert Buchholz 2008-03-08 16:39:21 0000 ------- 
proposing b1 as status, request filed.

------- Comment #13 From Robert Buchholz 2008-04-01 19:19:13 0000 ------- 
GLSA 200804-01
First Last Prev Next    No search results available      Search page      Enter new bug