[Pkg-cups-devel] Bug#557740: cups: CVE-2009-3553 denial-of-service
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Nov 24 02:16:04 UTC 2009
Package: cups
Version: 1.3.8-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cups.
CVE-2009-3553[0]:
| Use-after-free vulnerability in the abstract file-descriptor handling
| interface in the cupsdDoSelect function in scheduler/select.c in the
| scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to
| cause a denial of service (daemon crash or hang) via a client
| disconnection during listing of a large number of print jobs, related
| to improperly maintaining a reference count. NOTE: some of these
| details are obtained from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Note that lenny is affected, so please prepare a proposed-updates for
the next lenny release.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553
http://security-tracker.debian.org/tracker/CVE-2009-3553
More information about the Pkg-cups-devel
mailing list