[Pkg-cups-devel] Bug#603344: cups: Incorrect memory handling in IPP - DOS / remote exploit (CVE-2010-2941)
Petter Reinholdtsen
pere at hungry.com
Sat Nov 13 10:03:57 UTC 2010
Package: cups
Version: 1.3.8-1
Tags: security
Severity: important
According to <URL: http://security-tracker.debian.org/tracker/CVE-2010-2941 >
and <URL https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2941 >, there
is a security problem with cups in Lenny. This is the description on
the testing security tracker:
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate
memory for attribute values with invalid string data types, which
allows remote attackers to cause a denial of service (use-after-free
and application crash) or possibly execute arbitrary code via a
crafted IPP request.
I did not find an existing bug report, but notice this changelog entry
in version 1.4.4-7:
[ Marc Deslauriers ]
* Add CVE-2010-2941.dpatch: Fix denial of service and possible code execution
via invalid free. Skip over and reserve unused tags in cups/ipp.{c,h}.
[CVE-2010-2941]
Creating a bug report to track the status in older versions of Debian.
Happy hacking,
--
Petter Reinholdtsen
More information about the Pkg-cups-devel
mailing list