From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3 Description of problem: 05.32.14 CVE: CAN-2005-2097 Platform: Unix Title: Easy Software Products CUPS Denial of Service Description: CUPS is a set of printing utilities for UNIX-based systems. It is vulnerable to a denial of service issue due to improper bounds checking done by the application when handling malformed PDF files. Easy Software Products CUPS versions 1.1.23 rc1 and earlier are vulnerable. Ref: http://rhn.redhat.com/errata/RHSA-2005-706.html Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
the redhat 7.3 package, cups-1.1.14-15.4.5.legacy.src.rpm, does not have the same code as included in the patches for newer versions. Does anybody know if it is vulnerable or not?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've created updated packages for RH9, FC1, and FC2. I'm still not sure about RH7.3. RH9 is using the patch directly from RHEL 3, FC1 and FC2 I had to create on my own. They are the same as the RHEL patch, except the line numbers are different, and I added open/close brackets around the if statement to stick with the coding style in that file. Packages are here: http://www.cs.ucsb.edu/~jeff/legacy/cups/ da1434ced8fa03b9177139a778ced2af8470be4a cups-1.1.17-13.3.0.15.legacy.src.rpm c1b3596fdbdfdfe0f0121c4df11f8895ab6d13d6 cups-1.1.19-13.10.legacy.src.rpm 8842c291c9fabfa352176cf4bf0387d40c2dec7d cups-1.1.20-11.11.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDOpnvKe7MLJjUbNMRAmolAJ4mTcbZvERdX7bs2vmKMJym4xRFkQCcDcHc MV5K1gvi8Y1KUSW9pxTiyJw= =r6IF -----END PGP SIGNATURE-----
We've got a few more issues to fix: CVE-2005-3191, 3192, 3193, 3624, 3625, 3626, 3627, 3628. https://rhn.redhat.com/errata/RHSA-2005-878.html https://rhn.redhat.com/errata/RHSA-2006-0163.html
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.