CUPS: Denial of service — GLSA 200703-28

CUPS incorrectly handles partially-negotiated SSL connections allowing for a Denial of Service.

Affected packages

net-print/cups on all architectures
Affected versions < 1.2.9
Unaffected versions >= 1.2.9

Background

CUPS provides a portable printing layer for UNIX-based operating systems.

Description

CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out.

Impact

An attacker could partially negotiate an SSL connection with a CUPS server, and cause future connections to that server to fail, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All CUPS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.9"

References

Release date
March 31, 2007

Latest revision
March 31, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries