First published: Fri May 15 2009(Updated: )
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Cups | =1.3.10 | |
Apple Cups | =1.3.7 | |
redhat/cups | <1:1.3.7-11.el5_4.4 | 1:1.3.7-11.el5_4.4 |
Apple Mac OS X | <10.5.8 | |
Apple Mac OS X | >=10.6.0<10.6.2 | |
Apple Mac OS X Server | <10.5.8 | |
Apple Mac OS X Server | >=10.6.0<10.6.2 | |
Fedoraproject Fedora | =10 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =8.04 | |
Canonical Ubuntu Linux | =8.10 | |
Canonical Ubuntu Linux | =9.04 | |
Canonical Ubuntu Linux | =9.10 | |
Debian Debian Linux | =5.0 | |
Redhat Enterprise Linux | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.