I was tipped by amne on IRC and michip on the forums about a Nessus-triggered cupsd DoS. I narrowed it to the following HTTP request on port 631 : "GET /..X" You can reproduce it using : $ echo -e "GET /..A\n" | nc localhost 631 cupsd will hang and use 100% CPU. It didn't occur with the CUPS 1.1.20 I was using before. in scheduler/client.c: while ((path = strstr(path, "/..")) != NULL) if (!path[3] || path[3] == '/') return (0); This was introduced between 1.1.20 and 1.1.21. It's fixed in 1.1.23 final release. Patch is at : http://cvs.easysw.com/cvsweb.cgi/cups/scheduler/client.c.diff?r2=1.196&r1=1.195&f=u
Confirmed through http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042 printing: please bump to 1.1.23 final...
bumped to 1.1.23 and marked stable on x86, the xpdf patches are no longer needed, since it uses xpdf directly now, remaining keywords: ~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc
ok, i included the patches again since xpdf isn't tested on all arches, but it's still bumped to 1.1.23 with all security fixes
Arches please test 1.1.23 final and mark stable. Will be released as an UPDATE to GLSA 200412-25.
ppc stable.
amd64 and sparc are stable
Stable on ppc64
Stable on hppa.
Alpha stable.
Ready for GLSA update, will do it tomorrow.
GLSA 200412-25:02 update arm, ia64,mips,s390: please mark 1.1.23 stable to benefit from updated GLSA
Stable on mips