Red Hat Bugzilla – Bug 250161
CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service
Last modified: 2008-03-23 06:08:54 EDT
Description of problem:
SUSE-SR:2007:014 (see URL field) reads:
- cups denial of service regression fix
CUPS packages were released to fix another denial of service problem
introduced by the previous Denial of Service Fix for CVE-2007-0720, which was
Version-Release number of selected component (if applicable):
CVE-2007-4045 Affects: RHEL4
CVE-2007-4045 Affects: RHEL5
CVE-2007-4045 Affects: FC6
CVE-2007-4045 Affects: FC7
Created attachment 160266 [details]
Patch for CVE-2007-4045 CUPS DoS sucked from SUSE package
cups-1.3.4-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.2.12-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue only affected CUPS versions prior to 1.2.x and was addressed in CUPS
packages in Red Hat Enterprise Linux 3 and 4.
Patches applied to Fedora packages were not needed and were dropped few weeks later:
* Fri Nov 30 2007 Tim Waugh <twaugh-at-redhat.com>
- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are
not moved in array operations, only pointers to them.
Also noted by upstream in http://www.cups.org/str.php?L2725:
This patch is not valid or needed for any version of CUPS since 1.2.
The problem in 1.1.x was that the Clients array was allocated as a
contiguous array, so when a client went away the user data pointer for
OpenSSL needed to be updated to point to the correct http_t structure.
In 1.2 we changed the Clients array to use individually-allocated
cupsd_client_t structures managed by the CUPS array API. This means
that the address of the http_t structure won't change when a client
is removed or added.
This issue was addressed in:
Red Hat Enterprise Linux: