[Pkg-cups-devel] Bug#557740: cups: CVE-2009-3553 denial-of-service

Michael Gilbert michael.s.gilbert at gmail.com
Tue Nov 24 02:16:04 UTC 2009


Package: cups
Version: 1.3.8-1
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cups.

CVE-2009-3553[0]:
| Use-after-free vulnerability in the abstract file-descriptor handling
| interface in the cupsdDoSelect function in scheduler/select.c in the
| scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to
| cause a denial of service (daemon crash or hang) via a client
| disconnection during listing of a large number of print jobs, related
| to improperly maintaining a reference count.  NOTE: some of these
| details are obtained from third party information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Note that lenny is affected, so please prepare a proposed-updates for
the next lenny release.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553
    http://security-tracker.debian.org/tracker/CVE-2009-3553





More information about the Pkg-cups-devel mailing list