CVE-2010-0302

Common Vulnerabilities and Exposures

Upstream information

CVE-2010-0302 at MITRE

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 574336, 578215

SUSE Security Advisories:

SUSE-SR:2010:007, published Tue, 30 Mar 2010 10:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO	`cups-debuginfo >= 1.3.9-8.34.1` `cups-debugsource >= 1.3.9-8.34.1`	SAT Patch Nr: 2149
SUSE Linux Enterprise 11 Moblin 2.1	`cups >= 1.3.9-8.34.1` `cups-client >= 1.3.9-8.34.1` `cups-libs >= 1.3.9-8.34.1`	SAT Patch Nr: 2149
SUSE Linux Enterprise 11 GA DEBUGINFO	`cups-debuginfo >= 1.3.9-8.30.1` `cups-debugsource >= 1.3.9-8.30.1`	sle11-debuginfo.ppc sled11.x86 sles11.x86-64 sle11-sdk.x86 sle11-sdk.ppc sles11.ppc sle11-sdk.s390x sles11.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sles11.ia64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.s390x sle11-debuginfo.x86 sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2108
SUSE Linux Enterprise SDK 11 GA	`cups-devel >= 1.3.9-8.30.1`	sle11-debuginfo.ppc sled11.x86 sles11.x86-64 sle11-sdk.x86 sle11-sdk.ppc sles11.ppc sle11-sdk.s390x sles11.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sles11.ia64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.s390x sle11-debuginfo.x86 sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2108
SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise Server 11 GA	`cups >= 1.3.9-8.30.1` `cups-client >= 1.3.9-8.30.1` `cups-libs >= 1.3.9-8.30.1`	sle11-debuginfo.ppc sled11.x86 sles11.x86-64 sle11-sdk.x86 sle11-sdk.ppc sles11.ppc sle11-sdk.s390x sles11.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sles11.ia64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.s390x sle11-debuginfo.x86 sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2108
SUSE Linux Enterprise Server 11 GA	`cups >= 1.3.9-8.30.1` `cups-client >= 1.3.9-8.30.1` `cups-libs >= 1.3.9-8.30.1` `cups-libs-x86 >= 1.3.9-8.30.1`	sle11-debuginfo.ppc sled11.x86 sles11.x86-64 sle11-sdk.x86 sle11-sdk.ppc sles11.ppc sle11-sdk.s390x sles11.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sles11.ia64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.s390x sle11-debuginfo.x86 sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2108
SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise Server 11 GA	`cups >= 1.3.9-8.30.1` `cups-client >= 1.3.9-8.30.1` `cups-libs >= 1.3.9-8.30.1` `cups-libs-32bit >= 1.3.9-8.30.1`	sle11-debuginfo.ppc sled11.x86 sles11.x86-64 sle11-sdk.x86 sle11-sdk.ppc sles11.ppc sle11-sdk.s390x sles11.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sles11.ia64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.s390x sle11-debuginfo.x86 sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2108
SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO	`cups-debuginfo >= 1.3.9-8.36.1` `cups-debugsource >= 1.3.9-8.36.1`	SAT Patch Nr: 2324
SUSE Linux Enterprise 11 Moblin 2.1	`cups >= 1.3.9-8.36.1` `cups-client >= 1.3.9-8.36.1` `cups-libs >= 1.3.9-8.36.1`	SAT Patch Nr: 2324
SUSE Linux Enterprise 11 Moblin 2.0	`cups-debuginfo >= 1.3.9-8.35.1` `cups-debugsource >= 1.3.9-8.35.1`	SAT Patch Nr: 2323
SUSE Linux Enterprise 11 Moblin 2.0	`cups >= 1.3.9-8.35.1` `cups-client >= 1.3.9-8.35.1` `cups-libs >= 1.3.9-8.35.1`	SAT Patch Nr: 2323
SUSE Linux Enterprise 11 Moblin 2.0	`cups-debuginfo >= 1.3.9-8.33.1` `cups-debugsource >= 1.3.9-8.33.1`	SAT Patch Nr: 2105
SUSE Linux Enterprise 11 Moblin 2.0	`cups >= 1.3.9-8.33.1` `cups-client >= 1.3.9-8.33.1` `cups-libs >= 1.3.9-8.33.1`	SAT Patch Nr: 2105
openSUSE 11.0	`cups-debuginfo >= 1.3.7-25.17` `cups-debugsource >= 1.3.7-25.17`
openSUSE 11.0	`cups >= 1.3.7-25.17` `cups-client >= 1.3.7-25.17` `cups-devel >= 1.3.7-25.17` `cups-libs >= 1.3.7-25.17` `cups-libs-32bit >= 1.3.7-25.17` `cups-libs-64bit >= 1.3.7-25.17`
openSUSE 11.1	`cups-debuginfo >= 1.3.9-7.8.1` `cups-debugsource >= 1.3.9-7.8.1`
openSUSE 11.1	`cups >= 1.3.9-7.8.1` `cups-client >= 1.3.9-7.8.1` `cups-devel >= 1.3.9-7.8.1` `cups-libs >= 1.3.9-7.8.1` `cups-libs-32bit >= 1.3.9-7.8.1` `cups-libs-64bit >= 1.3.9-7.8.1`
openSUSE 11.2	`cups-client-debuginfo >= 1.3.11-4.5.1` `cups-debuginfo >= 1.3.11-4.5.1` `cups-debugsource >= 1.3.11-4.5.1` `cups-libs-debuginfo >= 1.3.11-4.5.1` `cups-libs-debuginfo-32bit >= 1.3.11-4.5.1`
openSUSE 11.2	`cups >= 1.3.11-4.5.1` `cups-client >= 1.3.11-4.5.1` `cups-devel >= 1.3.11-4.5.1` `cups-libs >= 1.3.11-4.5.1` `cups-libs-32bit >= 1.3.11-4.5.1`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy