© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
We've determined through source code analysis that the older versions of CUPS as
shipped in Red Hat Enterprise Linux 3 and 4 do not contain the code that can
cause this double-free to occur. We also tested this using a reproducer.
Red Hat Enterprise Linux 5 does have the double-free and we can cause CUPS to
remotely crash using an internal reproducer. However the glibc pointer checking
as part of Enterprise Linux 5 limits the exploitability of this issue to just a
crash of CUPS and not the ability to execute arbitrary code.