Bug 167801 - CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
Summary: CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: cups
Version: unspecified
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://rhn.redhat.com/errata/RHSA-200...
Whiteboard: LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-08 12:37 UTC by John Dalbec
Modified: 2007-08-30 19:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-30 19:57:09 UTC
Embargoed:


Attachments (Terms of Use)

Description John Dalbec 2005-09-08 12:37:16 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.32.14 CVE: CAN-2005-2097
Platform: Unix
Title: Easy Software Products CUPS Denial of Service
Description: CUPS is a set of printing utilities for UNIX-based
systems. It is vulnerable to a denial of service issue due to improper
bounds checking done by the application when handling malformed PDF
files. Easy Software Products CUPS versions 1.1.23 rc1 and earlier are
vulnerable.
Ref: http://rhn.redhat.com/errata/RHSA-2005-706.html 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:

Comment 1 Jeff Sheltren 2005-09-27 14:28:21 UTC
the redhat 7.3 package, cups-1.1.14-15.4.5.legacy.src.rpm, does not have the
same code as included in the patches for newer versions.  Does anybody know if
it is vulnerable or not?

Comment 2 Jeff Sheltren 2005-09-28 13:25:23 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've created updated packages for RH9, FC1, and FC2. I'm still not sure
about RH7.3.

RH9 is using the patch directly from RHEL 3, FC1 and FC2 I had to
create on my own.  They are the same as the RHEL patch, except
the line numbers are different, and I added open/close brackets
around the if statement to stick with the coding style in that file.

Packages are here:
http://www.cs.ucsb.edu/~jeff/legacy/cups/

da1434ced8fa03b9177139a778ced2af8470be4a  cups-1.1.17-13.3.0.15.legacy.src.rpm
c1b3596fdbdfdfe0f0121c4df11f8895ab6d13d6  cups-1.1.19-13.10.legacy.src.rpm
8842c291c9fabfa352176cf4bf0387d40c2dec7d  cups-1.1.20-11.11.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDOpnvKe7MLJjUbNMRAmolAJ4mTcbZvERdX7bs2vmKMJym4xRFkQCcDcHc
MV5K1gvi8Y1KUSW9pxTiyJw=
=r6IF
-----END PGP SIGNATURE-----

Comment 3 Marc Deslauriers 2006-03-12 14:07:07 UTC
We've got a few more issues to fix:
CVE-2005-3191, 3192, 3193, 3624, 3625, 3626, 3627, 3628.

https://rhn.redhat.com/errata/RHSA-2005-878.html
https://rhn.redhat.com/errata/RHSA-2006-0163.html


Comment 4 Jesse Keating 2007-08-30 19:57:09 UTC
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.


Note You need to log in before you can comment on or make changes to this bug.