Upstream information

CVE-2009-3553 at MITRE

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having important severity.

SUSE Bugzilla entries: 554861 [RESOLVED / FIXED], 574336 [RESOLVED / FIXED], 578215 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • cups >= 1.7.5-2.7
  • cups-client >= 1.7.5-2.7
  • cups-libs >= 1.7.5-2.7
  • cups-libs-32bit >= 1.7.5-2.7
Patchnames:
SUSE Linux Enterprise Desktop 12 GA cups
SUSE Linux Enterprise Desktop 12 SP1
  • cups >= 1.7.5-9.1
  • cups-client >= 1.7.5-9.1
  • cups-libs >= 1.7.5-9.1
  • cups-libs-32bit >= 1.7.5-9.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA cups
SUSE Linux Enterprise Desktop 12 SP2
  • cups >= 1.7.5-12.4
  • cups-client >= 1.7.5-12.4
  • cups-libs >= 1.7.5-12.4
  • cups-libs-32bit >= 1.7.5-12.4
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA cups
SUSE Linux Enterprise Server 11 SP2
  • cups >= 1.3.9-8.44.1
  • cups-client >= 1.3.9-8.44.1
  • cups-libs >= 1.3.9-8.44.1
  • cups-libs-32bit >= 1.3.9-8.44.1
  • cups-libs-x86 >= 1.3.9-8.44.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA cups
SUSE Linux Enterprise Server 11 SP3
  • cups >= 1.3.9-8.46.46.1
  • cups-client >= 1.3.9-8.46.46.1
  • cups-libs >= 1.3.9-8.46.46.1
  • cups-libs-32bit >= 1.3.9-8.46.46.1
  • cups-libs-x86 >= 1.3.9-8.46.46.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA cups
SUSE Linux Enterprise Server 11 SP4
  • cups >= 1.3.9-8.46.56.1
  • cups-client >= 1.3.9-8.46.56.1
  • cups-libs >= 1.3.9-8.46.56.1
  • cups-libs-32bit >= 1.3.9-8.46.56.1
  • cups-libs-x86 >= 1.3.9-8.46.56.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA cups
SUSE Linux Enterprise Server 12
  • cups >= 1.7.5-2.7
  • cups-client >= 1.7.5-2.7
  • cups-libs >= 1.7.5-2.7
  • cups-libs-32bit >= 1.7.5-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA cups
SUSE Linux Enterprise Server 12 SP1
  • cups >= 1.7.5-9.1
  • cups-client >= 1.7.5-9.1
  • cups-libs >= 1.7.5-9.1
  • cups-libs-32bit >= 1.7.5-9.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA cups
SUSE Linux Enterprise Server 12 SP2
  • cups >= 1.7.5-12.4
  • cups-client >= 1.7.5-12.4
  • cups-libs >= 1.7.5-12.4
  • cups-libs-32bit >= 1.7.5-12.4
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA cups
SUSE Linux Enterprise Software Development Kit 11 SP4
  • cups-devel >= 1.3.9-8.46.56.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA cups-devel
SUSE Linux Enterprise Software Development Kit 12
  • cups-devel >= 1.7.5-2.7
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA cups-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • cups-devel >= 1.7.5-9.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA cups-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • cups-ddk >= 1.7.5-12.4
  • cups-devel >= 1.7.5-12.4
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA cups-ddk
openSUSE 11.0
  • cups-debuginfo >= 1.3.7-25.14
  • cups-debugsource >= 1.3.7-25.14
openSUSE 11.0
  • cups >= 1.3.7-25.14
  • cups-client >= 1.3.7-25.14
  • cups-devel >= 1.3.7-25.14
  • cups-libs >= 1.3.7-25.14
  • cups-libs-32bit >= 1.3.7-25.14
  • cups-libs-64bit >= 1.3.7-25.14
openSUSE 11.1
  • cups-debuginfo >= 1.3.9-7.6.1
  • cups-debugsource >= 1.3.9-7.6.1
openSUSE 11.1
  • cups >= 1.3.9-7.6.1
  • cups-client >= 1.3.9-7.6.1
  • cups-devel >= 1.3.9-7.6.1
  • cups-libs >= 1.3.9-7.6.1
  • cups-libs-32bit >= 1.3.9-7.6.1
  • cups-libs-64bit >= 1.3.9-7.6.1
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • cups >= 1.1.20-108.63
  • cups-client >= 1.1.20-108.63
  • cups-devel >= 1.1.20-108.63
  • cups-libs >= 1.1.20-108.63
core9.s390
sles9-nlpos.x86
core9.x86-64
core9.x86
core9.ia64
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
core9.s390x
sles9-nld.x86
YOU Patch Nr: 12561
Novell Linux Desktop 9 for x86_64
  • cups >= 1.1.20-108.63
  • cups-client >= 1.1.20-108.63
  • cups-devel >= 1.1.20-108.63
  • cups-libs >= 1.1.20-108.63
  • cups-libs-32bit >= 9-200912011928
core9.s390
sles9-nlpos.x86
core9.x86-64
core9.x86
core9.ia64
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
core9.s390x
sles9-nld.x86
YOU Patch Nr: 12561
SUSE Linux Enterprise 11 Moblin 2.1
  • cups >= 1.3.9-8.34.1
  • cups-client >= 1.3.9-8.34.1
  • cups-libs >= 1.3.9-8.34.1
SAT Patch Nr: 2149
SUSE Linux Enterprise SDK 11 GA
  • cups-devel >= 1.3.9-8.30.1
sle11-debuginfo.ppc
sled11.x86
sles11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sles11.ppc
sle11-sdk.s390x
sles11.x86
sle11-debuginfo.s390x
sle11-debuginfo.ia64
sles11.ia64
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sles11.s390x
sle11-debuginfo.x86
sle11-sdk.ia64
sled11.x86-64
SAT Patch Nr: 2108
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise Server 11 GA
  • cups >= 1.3.9-8.30.1
  • cups-client >= 1.3.9-8.30.1
  • cups-libs >= 1.3.9-8.30.1
sle11-debuginfo.ppc
sled11.x86
sles11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sles11.ppc
sle11-sdk.s390x
sles11.x86
sle11-debuginfo.s390x
sle11-debuginfo.ia64
sles11.ia64
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sles11.s390x
sle11-debuginfo.x86
sle11-sdk.ia64
sled11.x86-64
SAT Patch Nr: 2108
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise Server 11 GA
  • cups >= 1.3.9-8.30.1
  • cups-client >= 1.3.9-8.30.1
  • cups-libs >= 1.3.9-8.30.1
  • cups-libs-32bit >= 1.3.9-8.30.1
sle11-debuginfo.ppc
sled11.x86
sles11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sles11.ppc
sle11-sdk.s390x
sles11.x86
sle11-debuginfo.s390x
sle11-debuginfo.ia64
sles11.ia64
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sles11.s390x
sle11-debuginfo.x86
sle11-sdk.ia64
sled11.x86-64
SAT Patch Nr: 2108
SUSE Linux Enterprise Server 11 GA
  • cups >= 1.3.9-8.30.1
  • cups-client >= 1.3.9-8.30.1
  • cups-libs >= 1.3.9-8.30.1
  • cups-libs-x86 >= 1.3.9-8.30.1
sle11-debuginfo.ppc
sled11.x86
sles11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sles11.ppc
sle11-sdk.s390x
sles11.x86
sle11-debuginfo.s390x
sle11-debuginfo.ia64
sles11.ia64
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sles11.s390x
sle11-debuginfo.x86
sle11-sdk.ia64
sled11.x86-64
SAT Patch Nr: 2108
SUSE Linux Enterprise 11 Moblin 2.1
  • cups >= 1.3.9-8.36.1
  • cups-client >= 1.3.9-8.36.1
  • cups-libs >= 1.3.9-8.36.1
SAT Patch Nr: 2324
SUSE Linux Enterprise 11 Moblin 2.0
  • cups-debuginfo >= 1.3.9-8.35.1
  • cups-debugsource >= 1.3.9-8.35.1
SAT Patch Nr: 2323
SUSE Linux Enterprise 11 Moblin 2.0
  • cups >= 1.3.9-8.35.1
  • cups-client >= 1.3.9-8.35.1
  • cups-libs >= 1.3.9-8.35.1
SAT Patch Nr: 2323
SUSE Linux Enterprise 11 Moblin 2.0
  • cups-debuginfo >= 1.3.9-8.33.1
  • cups-debugsource >= 1.3.9-8.33.1
SAT Patch Nr: 2105
SUSE Linux Enterprise 11 Moblin 2.0
  • cups >= 1.3.9-8.33.1
  • cups-client >= 1.3.9-8.33.1
  • cups-libs >= 1.3.9-8.33.1
SAT Patch Nr: 2105
openSUSE 11.2
  • cups-debuginfo >= 1.3.11-4.2.1
  • cups-debugsource >= 1.3.11-4.2.1
  • cups-libs-debuginfo-32bit >= 1.3.11-4.2.1
openSUSE 11.2
  • cups >= 1.3.11-4.2.1
  • cups-client >= 1.3.11-4.2.1
  • cups-devel >= 1.3.11-4.2.1
  • cups-libs >= 1.3.11-4.2.1
  • cups-libs-32bit >= 1.3.11-4.2.1
openSUSE 11.0
  • cups-debuginfo >= 1.3.7-25.17
  • cups-debugsource >= 1.3.7-25.17
openSUSE 11.0
  • cups >= 1.3.7-25.17
  • cups-client >= 1.3.7-25.17
  • cups-devel >= 1.3.7-25.17
  • cups-libs >= 1.3.7-25.17
  • cups-libs-32bit >= 1.3.7-25.17
  • cups-libs-64bit >= 1.3.7-25.17
openSUSE 11.1
  • cups-debuginfo >= 1.3.9-7.8.1
  • cups-debugsource >= 1.3.9-7.8.1
openSUSE 11.1
  • cups >= 1.3.9-7.8.1
  • cups-client >= 1.3.9-7.8.1
  • cups-devel >= 1.3.9-7.8.1
  • cups-libs >= 1.3.9-7.8.1
  • cups-libs-32bit >= 1.3.9-7.8.1
  • cups-libs-64bit >= 1.3.9-7.8.1
openSUSE 11.2
  • cups-client-debuginfo >= 1.3.11-4.5.1
  • cups-debuginfo >= 1.3.11-4.5.1
  • cups-debugsource >= 1.3.11-4.5.1
  • cups-libs-debuginfo >= 1.3.11-4.5.1
  • cups-libs-debuginfo-32bit >= 1.3.11-4.5.1
openSUSE 11.2
  • cups >= 1.3.11-4.5.1
  • cups-client >= 1.3.11-4.5.1
  • cups-devel >= 1.3.11-4.5.1
  • cups-libs >= 1.3.11-4.5.1
  • cups-libs-32bit >= 1.3.11-4.5.1
openSUSE 13.2
  • cups >= 1.5.4-21.3.1
  • cups-client >= 1.5.4-21.3.1
  • cups-devel >= 1.5.4-21.3.1
  • cups-libs >= 1.5.4-21.3.1
  • cups-libs-32bit >= 1.5.4-21.3.1
Patchnames:
openSUSE 13.2 GA cups
openSUSE Leap 42.1
  • cups >= 1.7.5-5.6
  • cups-client >= 1.7.5-5.6
  • cups-devel >= 1.7.5-5.6
  • cups-libs >= 1.7.5-5.6
  • cups-libs-32bit >= 1.7.5-5.6
Patchnames:
openSUSE Leap 42.1 GA cups
openSUSE Leap 42.2
  • cups >= 1.7.5-7.10
  • cups-client >= 1.7.5-7.10
  • cups-devel >= 1.7.5-7.10
  • cups-libs >= 1.7.5-7.10
  • cups-libs-32bit >= 1.7.5-7.10
Patchnames:
openSUSE Leap 42.2 GA cups
openSUSE Tumbleweed
  • cups >= 2.1.3-2.3
  • cups-client >= 2.1.3-2.3
  • cups-ddk >= 2.1.3-2.3
  • cups-devel >= 2.1.3-2.3
  • cups-devel-32bit >= 2.1.3-2.3
  • cups-libs >= 2.1.3-2.3
  • cups-libs-32bit >= 2.1.3-2.3
Patchnames:
openSUSE Tumbleweed GA cups