64168 – net-print/cups: denial of service hole

Bug 64168 - net-print/cups: denial of service hole

Summary: net-print/cups: denial of service hole

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.cups.org/str.php?L863
Whiteboard:	B3 [glsa] lewk
Keywords:

Depends on:
Blocks:

Reported:	2004-09-15 12:43 UTC by Luke Macken (RETIRED)
Modified:	2011-10-30 22:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Macken (RETIRED) gentoo-dev

2004-09-15 12:43:18 UTC

Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes.


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-15 12:46:54 UTC

Printing please apply patch.

Comment 2 Heinrich Wendel (RETIRED) gentoo-dev

2004-09-16 06:51:34 UTC

added cups-1.1.20-r2 with this patch, other arches please test

Comment 3 Luke Macken (RETIRED) gentoo-dev

2004-09-16 07:20:48 UTC

arches, please mark stable.

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2004-09-16 07:47:06 UTC

sparc stable.

Comment 5 Olivier Crete (RETIRED) gentoo-dev

2004-09-16 09:02:04 UTC

already stable on x86

Comment 6 Jochen Maes (RETIRED) gentoo-dev

2004-09-17 02:04:11 UTC

stable on ppc

Comment 7 Bryan Østergaard (RETIRED) gentoo-dev

2004-09-17 03:18:31 UTC

Stable on alpha.

Comment 8 Danny van Dyk (RETIRED) gentoo-dev

2004-09-19 08:59:21 UTC

stable on amd64.

printing-herd: you've no 1.1.18 version of cups in the tree, but the config file in ${FILESDIR} did remain. Don't wanna remove it ? (It's >20kB too)

Comment 9 SpanKY gentoo-dev

2004-09-19 17:44:59 UTC

arm/hppa/ia64 stable now

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2004-09-20 13:43:59 UTC

GLSA 200409-25

Comment 11 Joshua Kinard gentoo-dev

2004-09-22 00:34:56 UTC

Stable on mips.

Comment 12 SpanKY gentoo-dev

2004-09-22 21:05:45 UTC

s390 stable

Comment 13 Tom Gall (RETIRED) gentoo-dev

2004-10-09 17:26:43 UTC

thanks, stable on ppc64