Linux Today: Linux News On Internet Time.

More on LinuxToday

Mandrake Linux Advisory: cups

Nov 07, 2003, 15:58 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

Mandrake Linux Security Update Advisory

Package name: cups
Advisory ID: MDKSA-2003:104
Date: November 5th, 2003
Affected versions: 9.0, Corporate Server 2.1

Problem Description:

A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).

The provided packages have been patched to correct this problem.


Updated Packages:

Corporate Server 2.1:
584a05963995876e075e5ca9817cfadb corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.i586.rpm
7971d0e5ac93d322e6aa97677e815eef corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.i586.rpm
06320efce369f26e61c37f32eb16169f corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.i586.rpm
525bb92144b0b12c8ed04422cdc82d71 corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.i586.rpm
6d35d2b7a8cb4eb93292cf47f408a4fe corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.i586.rpm
b93777ca1fa1ef8b3471f5a3827c1e32 corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
32240f855fb4495a9041f06f595ab8e2 x86_64/corporate/2.1/RPMS/cups-1.1.18-2.2.C21mdk.x86_64.rpm
77f573305193f54dd39d7f0418da466e x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.2.C21mdk.x86_64.rpm
5b68c85307ccbcb6dd7d8b4494781cf9 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.2.C21mdk.x86_64.rpm
bcc3fdf22ebc631bbd0560795413d312 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.2.C21mdk.x86_64.rpm
67d11d928cd59d3e734c90a9b1f02e05 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.2.C21mdk.x86_64.rpm
b93777ca1fa1ef8b3471f5a3827c1e32 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.2.C21mdk.src.rpm

Mandrake Linux 9.0:
ef999ce7a7361856bde78493357c173c 9.0/RPMS/cups-1.1.18-2.2.90mdk.i586.rpm
23772861be6813682316071ac5142169 9.0/RPMS/cups-common-1.1.18-2.2.90mdk.i586.rpm
517a0a906e0f6135aacb31fc1dc98c1c 9.0/RPMS/cups-serial-1.1.18-2.2.90mdk.i586.rpm
e5ba8a833fab015d04743e61466adcb3 9.0/RPMS/libcups1-1.1.18-2.2.90mdk.i586.rpm
fce8efc7313816c9aaabaa6c9abf6201 9.0/RPMS/libcups1-devel-1.1.18-2.2.90mdk.i586.rpm
4357ea21f3bb199c65fc37c9eebd1066 9.0/SRPMS/cups-1.1.18-2.2.90mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

If you want to report vulnerabilities, please contact

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security>