Description of problem: SUSE-SR:2007:014 (see URL field) reads: - cups denial of service regression fix CUPS packages were released to fix another denial of service problem introduced by the previous Denial of Service Fix for CVE-2007-0720, which was incomplete. Version-Release number of selected component (if applicable): CVE-2007-4045 Affects: RHEL4 CVE-2007-4045 Affects: RHEL5 CVE-2007-4045 Affects: FC6 CVE-2007-4045 Affects: FC7
Created attachment 160266 [details] Patch for CVE-2007-4045 CUPS DoS sucked from SUSE package
cups-1.3.4-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.2.12-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue only affected CUPS versions prior to 1.2.x and was addressed in CUPS packages in Red Hat Enterprise Linux 3 and 4. Patches applied to Fedora packages were not needed and were dropped few weeks later: * Fri Nov 30 2007 Tim Waugh <twaugh-at-redhat.com> - CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them. Also noted by upstream in http://www.cups.org/str.php?L2725: This patch is not valid or needed for any version of CUPS since 1.2. The problem in 1.1.x was that the Clients array was allocated as a contiguous array, so when a client went away the user data pointer for OpenSSL needed to be updated to point to the correct http_t structure. In 1.2 we changed the Clients array to use individually-allocated cupsd_client_t structures managed by the CUPS array API. This means that the address of the http_t structure won't change when a client is removed or added.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1022.html http://rhn.redhat.com/errata/RHSA-2007-1023.html