Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 64168

Summary: net-print/cups: denial of service hole
Product: Gentoo Security Reporter: Luke Macken (RETIRED) <lewk>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: printing
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.cups.org/str.php?L863
Whiteboard: B3 [glsa] lewk
Package list:
Runtime testing required: ---

Description Luke Macken (RETIRED) gentoo-dev 2004-09-15 12:43:18 UTC 
Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes.


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-09-15 12:46:54 UTC 
Printing please apply patch.
Comment 2 Heinrich Wendel (RETIRED) gentoo-dev 2004-09-16 06:51:34 UTC 
added cups-1.1.20-r2 with this patch, other arches please test
Comment 3 Luke Macken (RETIRED) gentoo-dev 2004-09-16 07:20:48 UTC 
arches, please mark stable.
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2004-09-16 07:47:06 UTC 
sparc stable.
Comment 5 Olivier Crete (RETIRED) gentoo-dev 2004-09-16 09:02:04 UTC 
already stable on x86
Comment 6 Jochen Maes (RETIRED) gentoo-dev 2004-09-17 02:04:11 UTC 
stable on ppc
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2004-09-17 03:18:31 UTC 
Stable on alpha.
Comment 8 Danny van Dyk (RETIRED) gentoo-dev 2004-09-19 08:59:21 UTC 
stable on amd64.

printing-herd: you've no 1.1.18 version of cups in the tree, but the config file in ${FILESDIR} did remain. Don't wanna remove it ? (It's >20kB too)
Comment 9 SpanKY gentoo-dev 2004-09-19 17:44:59 UTC 
arm/hppa/ia64 stable now
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-09-20 13:43:59 UTC 
GLSA 200409-25
Comment 11 Joshua Kinard gentoo-dev 2004-09-22 00:34:56 UTC 
Stable on mips.
Comment 12 SpanKY gentoo-dev 2004-09-22 21:05:45 UTC 
s390 stable
Comment 13 Tom Gall (RETIRED) gentoo-dev 2004-10-09 17:26:43 UTC 
thanks, stable on ppc64