Skip to content
Permalink
Browse files

CVE-2018-4700: Linux session cookies used a predictable random number…

… seed.
  • Loading branch information...
michaelrsweet committed Dec 7, 2018
1 parent 46637f3 commit b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3
Showing with 5 additions and 2 deletions.
  1. +2 −1 CHANGES.md
  2. +3 −1 cgi-bin/var.c
@@ -1,4 +1,4 @@
CHANGES - 2.3b6 - 2018-12-06
CHANGES - 2.3b6 - 2018-12-07
============================

Changes in CUPS v2.3b6
@@ -7,6 +7,7 @@ Changes in CUPS v2.3b6
- Localization update (Issue #5339, Issue #5348, Issue #5362, Issue #5408,
Issue #5410)
- Documentation updates (Issue #5369, Issue #5402, Issue #5403, Issue #5404)
- CVE-2018-4700: Linux session cookies used a predictable random number seed.
- All user commands now support the `--help` option (Issue #5326)
- The `lpoptions` command now works with IPP Everywhere printers that have not
yet been added as local queues (Issue #5045)
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
struct timeval curtime; /* Current time */


if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";

CUPS_SRAND(time(NULL));
gettimeofday(&curtime, NULL);
CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,

0 comments on commit b9ff93c

Please sign in to comment.
You can’t perform that action at this time.