Vulnerability

    CUPS

Affected

    CUPS prior to 1.1.5

Description

    Following is based on  a Linux-Mandrake Security Update  Advisory.
    A problem exists in all versions  of CUPS prior to 1.1.5 with  the
    httpGets() function.  It could go into an infinite loop if a  line
    longer than  the input  buffer size  was sent  by a  client.  This
    could  be  used  as  a  DoS  attack.   As  well, all occurances of
    sprintf() calls were changed to snprintf(), and all occurances  of
    strcpy()  calls  were  changed  to  strncpy() calls, both of which
    protect against buffer overflows.   Finally, CUPS now defaults  to
    not broadcasting the printer  information anymore by default,  and
    by default access is only allowed from the local machine.

Solution

    Patches:

        Linux-Mandrake 7.2: 7.2/RPMS/cups-1.1.6-10.1mdk.i586.rpm
                            7.2/RPMS/cups-devel-1.1.6-10.1mdk.i586.rpm
                            7.2/SRPMS/cups-1.1.6-10.1mdk.src.rpm