A vulnerability has been discovered in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerability is caused due to an error within the "process_browse_data()" function when adding printers and classes. This can be exploited to free the same buffer twice by sending specially crafted browser packets to the UDP port on which cupsd is listening (by default port 631/UDP). Successful exploitation may allow execution of arbitrary code.
printing please advise.
cups-1.2.12-r5.ebuild applying cups-1.2.12-CVE-2008-0882.patch commited to the tree. I also removed cups-1.3.5, cups >=1.3.6 not vulnerable.
Arches please do net-print/cups-1.2.12-r5 target keywords are alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
x86 stable
Stable for HPPA.
Sparc stable. Verified with network printers only, both ps and pdf files.
alpha/ia64 stable, thanks Tobias
ppc64 stable
amd64 stable
ppc stable
Fixed in release snapshot.
proposing b1 as status, request filed.
GLSA 200804-01