Bug 167801 - CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: cups (Show other bugs)
unspecified
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://rhn.redhat.com/errata/RHSA-200...
LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-08 08:37 EDT by John Dalbec
Modified: 2007-08-30 15:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-30 15:57:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-09-08 08:37:16 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.32.14 CVE: CAN-2005-2097
Platform: Unix
Title: Easy Software Products CUPS Denial of Service
Description: CUPS is a set of printing utilities for UNIX-based
systems. It is vulnerable to a denial of service issue due to improper
bounds checking done by the application when handling malformed PDF
files. Easy Software Products CUPS versions 1.1.23 rc1 and earlier are
vulnerable.
Ref: http://rhn.redhat.com/errata/RHSA-2005-706.html 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Jeff Sheltren 2005-09-27 10:28:21 EDT
the redhat 7.3 package, cups-1.1.14-15.4.5.legacy.src.rpm, does not have the
same code as included in the patches for newer versions.  Does anybody know if
it is vulnerable or not?
Comment 2 Jeff Sheltren 2005-09-28 09:25:23 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've created updated packages for RH9, FC1, and FC2. I'm still not sure
about RH7.3.

RH9 is using the patch directly from RHEL 3, FC1 and FC2 I had to
create on my own.  They are the same as the RHEL patch, except
the line numbers are different, and I added open/close brackets
around the if statement to stick with the coding style in that file.

Packages are here:
http://www.cs.ucsb.edu/~jeff/legacy/cups/

da1434ced8fa03b9177139a778ced2af8470be4a  cups-1.1.17-13.3.0.15.legacy.src.rpm
c1b3596fdbdfdfe0f0121c4df11f8895ab6d13d6  cups-1.1.19-13.10.legacy.src.rpm
8842c291c9fabfa352176cf4bf0387d40c2dec7d  cups-1.1.20-11.11.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDOpnvKe7MLJjUbNMRAmolAJ4mTcbZvERdX7bs2vmKMJym4xRFkQCcDcHc
MV5K1gvi8Y1KUSW9pxTiyJw=
=r6IF
-----END PGP SIGNATURE-----
Comment 3 Marc Deslauriers 2006-03-12 09:07:07 EST
We've got a few more issues to fix:
CVE-2005-3191, 3192, 3193, 3624, 3625, 3626, 3627, 3628.

https://rhn.redhat.com/errata/RHSA-2005-878.html
https://rhn.redhat.com/errata/RHSA-2006-0163.html
Comment 4 Jesse Keating 2007-08-30 15:57:09 EDT
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.