Bugzilla – Bug 96707
VUL-0: CVE-2004-2154: cups treats a Location directive as case sensitive
Last modified: 2021-11-09 13:27:44 UTC
I just noticed CAN-2004-2154, as it got fixed by RedHat today. I think, I never build any patches for this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154 Please note, that this affects cups versions before 1.1.19rc1 only. This is the case for: SLES8, 8.2, 9.0 So, I wonder, if we should really work on this issue, or include it later (= my favorite). For SLES8 we started to make CUPS the default printing system, but LPRng was often installed at customer instead. Security-Team: need decision, if I should work on this.
I guess you'd use those ACLs to restrict printing to trusted users/hosts. So since you can DoS the print system easily I'd vote for fixing it if it's simple to fix.
submitted fixed packages. security-team please handle rest of process. TIA Note for Security Summary Report: only 3 distributions are affected.
SM-Tracker-1816
updates released
CVE-2004-2154: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)