GLSA-200409-25 : CUPS: Denial of service vulnerability
Medium Nessus Plugin ID 14780
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200409-25 (CUPS: Denial of service vulnerability)
Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol (IPP) implementation that allows remote attackers to cause CUPS to stop listening on the IPP port.
A remote user with malicious intent can easily cause a denial of service to the CUPS daemon by sending a specially crafted UDP datagram packet to the IPP port.
There is no known workaround at this time.
SolutionAll CUPS users should upgrade to the latest version:
# emerge sync # emerge -pv '>=net-print/cups-1.1.20-r2' # emerge '>=net-print/cups-1.1.20-r2'