[Pkg-cups-devel] Bug#530027: cups: Request from "…" using invalid Host: field "…"

Ben Finney ben+debian at benfinney.id.au
Sat Apr 17 00:37:00 UTC 2010 

package cups
found 530027 1.4.3-1
thanks

On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> > 
> > =====
> >   * New upstream security/bug fix release:
> >     - The scheduler now protects against DNS rebinding attacks. Please note
> >       that this could lead to some regressions. (CVE-2009-0164)
> > =====
> > 
> > I'm completely unable to print or manage CUPS while this
> > continues. That sounds like a regression to me, but there's no
> > hint of how to fix it or know whether that's behind the problem.

This bug continues to occur in cups 1.4.3-1.

Enabling debug logging shows the following log entries when a client
attempts to connect:

=====
D [17/Apr/2010:10:23:40 +1000] cupsdAcceptClient: 13 from fuschia.local.whitetree.org:631 (IPv4)
D [17/Apr/2010:10:23:40 +1000] Report: clients=1
D [17/Apr/2010:10:23:40 +1000] Report: jobs=449
D [17/Apr/2010:10:23:40 +1000] Report: jobs-active=0
D [17/Apr/2010:10:23:40 +1000] Report: printers=3
D [17/Apr/2010:10:23:40 +1000] Report: printers-implicit=0
D [17/Apr/2010:10:23:40 +1000] Report: stringpool-string-count=1453
D [17/Apr/2010:10:23:40 +1000] Report: stringpool-alloc-bytes=8432
D [17/Apr/2010:10:23:40 +1000] Report: stringpool-total-bytes=25024
D [17/Apr/2010:10:23:40 +1000] cupsdReadClient: 13 POST / HTTP/1.1
D [17/Apr/2010:10:23:40 +1000] cupsdSetBusyState: Active clients
D [17/Apr/2010:10:23:40 +1000] cupsdAuthorize: No authentication data provided.
E [17/Apr/2010:10:23:40 +1000] Request from "fuschia.local.whitetree.org" using invalid Host: field "printserver"
D [17/Apr/2010:10:23:40 +1000] cupsdReadClient: 13 Closing because Keep-Alive disabled
D [17/Apr/2010:10:23:40 +1000] cupsdCloseClient: 13
D [17/Apr/2010:10:23:40 +1000] cupsdSetBusyState: Not busy
=====

What is the plan to address this bug? I'm unable to upgrade to any
version released in Squeeze so far.

-- 
 \      “I don't want to live peacefully with difficult realities, and |
  `\     I see no virtue in savoring excuses for avoiding a search for |
_o__)                        real answers.” —Paul Z. Myers, 2009-09-12 |
Ben Finney <ben at benfinney.id.au>

More information about the Pkg-cups-devel mailing list