Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081119190745.GJ11234@outflux.net>
Date: Wed, 19 Nov 2008 11:07:45 -0800
From: Kees Cook <kees@...ntu.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...re.org>
Subject: CVE request: CUPS DoS via RSS subscriptions

Hello!

I'd like to get a CVE assigned for the RSS subscription DoS mentioned
here[1].  It seems that CUPS upstream already fixed[2] the issue[3] in
their 1.3.8 release.  Prior to 1.3.8, the server can be made to crash
when visiting a malicious website due to CUPS general CSRF issues.

Thanks,

-Kees

[1] https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241
    http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
[2] http://www.cups.org/strfiles/2774/str2774.patch
[3] http://www.cups.org/str.php?L2774

-- 
Kees Cook
Ubuntu Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.