This seems not only to affect Apple. It should be fixed in cups 1.2.7. The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
bâ :(
bug is public: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232243 1.2.9 is already in the tree. Arches, please stabilize 1.2.9 (unless there are objections).
Note that per the Red Hat bug 1.1 is also affected.
ppc64 stable (1.2.9)
ppc stable
net-print/cups-1.2.9 USE="X dbus jpeg ldap nls pam png ppds samba ssl tiff -php -slp" 1. emerges on x86 2. passes collision test 3. net-print/libgnomecups-0.2.2 emerges with it 4. works Portage 2.1.2.2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19.7 i686) ================================================================= System uname: 2.6.19.7 i686 AMD Athlon(TM) XP1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 25 Mar 2007 09:30:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php4/ext-active/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
x86 done
sparc stable.
alpha/amd64/ia64 done
Crap... OK... not alpha (yet)... which version should I be stabilizing there?
Stable for HPPA.
Pulling in maintainers now. Printing tt appears that 1.2.x is not working on alpha could you provide a fixed ebuild for 1.1.x as well?
I was under the impression that alpha have not yet payed attention to cups-1.2. See bug 136902 Where do you know from that it doesnt work on alpha? Can the individual who tested it please also comment there and explain why he believes that cups-1.2 does not work on alpha? Have marked the other bug as depend of this one for now.
@genstef I presumed (perhaps wrongly) that it was not working and alpha was not slacking. Chris please comment.
I asked which versions I should be stabilizing. If I should be marking 1.2.9 (and deps) straight to stable, then just tell me as much.
This is only fixed in 1.2.9 so target keywords are: cups-1.2.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" I hope this covers everything.
Alpha done...
*** Bug 174801 has been marked as a duplicate of this bug. ***
Please note that the timeout actually fixes nothing. Tell Mr. Sweet, and he'll tell you that you are and idiot and that the DoS with just one connection and few bytes sent is equal to distributed DoS with hundreds of requests and resources spent and can not be fixed. Users should be warned somehow that they shouldn't expose the web interfaces to their print servers to Internet. That would be a good practice anyways. ('I' in "IPP" actually stands for "Intranet", not?) See attachment 151009 [details, diff] in Red Hat BTS for a PoC. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232241
GLSA 200703-28
