Debian Bug report logs -
#603344
cups: Incorrect memory handling in IPP - DOS / remote exploit (CVE-2010-2941)
Reported by: Petter Reinholdtsen <pere@hungry.com>
Date: Sat, 13 Nov 2010 10:06:02 UTC
Severity: important
Tags: security
Found in version cups/1.3.8-1
Fixed in version 1.4.4-7
Done: Martin Pitt <mpitt@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#603344; Package cups.
(Sat, 13 Nov 2010 10:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Petter Reinholdtsen <pere@hungry.com>:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>.
(Sat, 13 Nov 2010 10:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cups
Version: 1.3.8-1
Tags: security
Severity: important
According to <URL: http://security-tracker.debian.org/tracker/CVE-2010-2941 >
and <URL https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2941 >, there
is a security problem with cups in Lenny. This is the description on
the testing security tracker:
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate
memory for attribute values with invalid string data types, which
allows remote attackers to cause a denial of service (use-after-free
and application crash) or possibly execute arbitrary code via a
crafted IPP request.
I did not find an existing bug report, but notice this changelog entry
in version 1.4.4-7:
[ Marc Deslauriers ]
* Add CVE-2010-2941.dpatch: Fix denial of service and possible code execution
via invalid free. Skip over and reserve unused tags in cups/ipp.{c,h}.
[CVE-2010-2941]
Creating a bug report to track the status in older versions of Debian.
Happy hacking,
--
Petter Reinholdtsen
Reply sent
to Petter Reinholdtsen <pere@hungry.com>:
You have taken responsibility.
(Sat, 13 Nov 2010 10:12:06 GMT) (full text, mbox, link).
Notification sent
to Petter Reinholdtsen <pere@hungry.com>:
Bug acknowledged by developer.
(Sat, 13 Nov 2010 10:12:06 GMT) (full text, mbox, link).
Message #10 received at 603344-done@bugs.debian.org (full text, mbox, reply):
Version: 1.4.4-7
This issue is fixed in unstable, but still exist in Squeeze, Lenny and
earlier versions of Debian.
Happy hacking,
--
Petter Reinholdtsen
Reply sent
to Martin Pitt <mpitt@debian.org>:
You have taken responsibility.
(Mon, 06 Dec 2010 17:57:16 GMT) (full text, mbox, link).
Notification sent
to Petter Reinholdtsen <pere@hungry.com>:
Bug acknowledged by developer.
(Mon, 06 Dec 2010 17:57:16 GMT) (full text, mbox, link).
Message #15 received at 603344-done@bugs.debian.org (full text, mbox, reply):
Version: 1.4.4-7
Petter Reinholdtsen [2010-11-13 11:03 +0100]:
> I did not find an existing bug report, but notice this changelog entry
> in version 1.4.4-7:
>
> [ Marc Deslauriers ]
> * Add CVE-2010-2941.dpatch: Fix denial of service and possible code execution
> via invalid free. Skip over and reserve unused tags in cups/ipp.{c,h}.
> [CVE-2010-2941]
This version is in testing now, so closing this bug. I'll also
retroactively add it to the changelog.
Thanks!
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 04 Jan 2011 07:34:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:15:10 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon