Red Hat Bugzilla – Bug 433847
CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests
Last modified: 2008-07-28 03:05:47 EDT
Whilst investigating a memory leak issue handling IPP browse requests (Bug
#433825) we discovered that older versions of CUPS as shipped with Enterprise
Linux 3 and 4 could end up derefencing free'd memory.
A malicious user on the local subnet could send a set of carefully crafted IPP
packets to the udp port in such a way as to cause CUPS to crash.
This issue doesn't affect recent upstream versions of CUPS as shipped in Red Hat
Enterprise Linux 5.
This issue was addressed in:
Red Hat Enterprise Linux:
Created attachment 312753 [details]
Patch as used in Red Hat Enterprise Linux 4 CUPS packages based on upstream 1.1.22rc1