Red Hat Bugzilla – Bug 167801
CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
Last modified: 2007-08-30 15:57:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/18.104.22.168
Description of problem:
05.32.14 CVE: CAN-2005-2097
Title: Easy Software Products CUPS Denial of Service
Description: CUPS is a set of printing utilities for UNIX-based
systems. It is vulnerable to a denial of service issue due to improper
bounds checking done by the application when handling malformed PDF
files. Easy Software Products CUPS versions 1.1.23 rc1 and earlier are
Version-Release number of selected component (if applicable):
the redhat 7.3 package, cups-1.1.14-15.4.5.legacy.src.rpm, does not have the
same code as included in the patches for newer versions. Does anybody know if
it is vulnerable or not?
-----BEGIN PGP SIGNED MESSAGE-----
I've created updated packages for RH9, FC1, and FC2. I'm still not sure
RH9 is using the patch directly from RHEL 3, FC1 and FC2 I had to
create on my own. They are the same as the RHEL patch, except
the line numbers are different, and I added open/close brackets
around the if statement to stick with the coding style in that file.
Packages are here:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
We've got a few more issues to fix:
CVE-2005-3191, 3192, 3193, 3624, 3625, 3626, 3627, 3628.
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.