--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: cups: Memory leak in cupsd
- From: Rik Theys <Rik.Theys@esat.kuleuven.be>
- Date: Wed, 18 Dec 2019 11:10:37 +0100
- Message-id: <157666383780.13725.8587949102189948491.reportbug@oxygen.esat.kuleuven.be>
Package: cups
Version: 2.2.10-6+deb10u1
Severity: important
Hi,
After upgrading our print server from Debian 9 to 10, we frequently get
notified by our monitoring system that the server is running out of
memory.
It seems there's a memory leak in cupsd. The memory usage starts at
about 3.8% and can grow to 98% of system memory.
When I monitor the memory usage of the cupsd process with top, and then
run the following command in a terminal on the print server, I can see
the memory usage grow with each invocation:
lpstat -W completed -u
The memory usage is increased and never decreased again.
The memory usage also increases with other commands (although not as
much), such as 'lpstat -a'.
I assume client systems trigger the same issue when they query printer
status.
Just last night the memory usage went from about 100MB to 3GB in 23
minutes (cups was restarted by logrotate).
A similar issue is described in the comments of
https://askubuntu.com/questions/1160624/cupsd-service-high-memory-usage
Regards,
Rik
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cups depends on:
ii cups-client 2.2.10-6+deb10u1
ii cups-common 2.2.10-6+deb10u1
ii cups-core-drivers 2.2.10-6+deb10u1
ii cups-daemon 2.2.10-6+deb10u1
ii cups-filters 1.21.6-5
ii cups-ppdc 2.2.10-6+deb10u1
ii cups-server-common 2.2.10-6+deb10u1
ii debconf [debconf-2.0] 1.5.71
ii ghostscript 9.27~dfsg-2+deb10u3
ii libavahi-client3 0.7-4+b1
ii libavahi-common3 0.7-4+b1
ii libc6 2.28-10
ii libcups2 2.2.10-6+deb10u1
ii libcupsimage2 2.2.10-6+deb10u1
ii libgcc1 1:8.3.0-6
ii libstdc++6 8.3.0-6
ii libusb-1.0-0 2:1.0.22-2
ii poppler-utils 0.71.0-5
ii procps 2:3.3.15-2
Versions of packages cups recommends:
pn avahi-daemon <none>
ii colord 1.4.3-4
ii cups-filters [ghostscript-cups] 1.21.6-5
pn printer-driver-gutenprint <none>
Versions of packages cups suggests:
ii cups-bsd 2.2.10-6+deb10u1
pn cups-pdf <none>
pn foomatic-db-compressed-ppds | foomatic-db <none>
ii hplip 3.18.12+dfsg0-2
ii printer-driver-hpcups 3.18.12+dfsg0-2
ii smbclient 2:4.9.5+dfsg-5+deb10u1
ii udev 241-7~deb10u2
-- Configuration Files:
/etc/default/cups changed [not included]
-- debconf information:
cupsys/backend: lpd, socket, usb, snmp, dnssd
cupsys/raw-print: true
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 2.2.10-6+deb10u2
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 946941@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Jan 2020 09:36:31 +0100
Source: cups
Architecture: source
Version: 2.2.10-6+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Closes: 946782 946941
Changes:
cups (2.2.10-6+deb10u2) buster; urgency=medium
.
* Backport upstream security fixes:
- Fix memory leak in ppdOpen (Closes: #946941)
- CVE-2019-2228: The `ippSetValuetag` function did not validate the
default language value (Closes: #946782)
Checksums-Sha1:
0d1c1a1e54ed58c990bd67042ce80bc21a7762b9 3472 cups_2.2.10-6+deb10u2.dsc
4f1adef4a0879adbd051db12f8d736a54111efc2 360016 cups_2.2.10-6+deb10u2.debian.tar.xz
Checksums-Sha256:
5bee91b9c8c35ad211d67e2dfe250787dd4bb3a2f5c67db1b2b3f3794a0ec331 3472 cups_2.2.10-6+deb10u2.dsc
86f8f8acfd8251602e3f629b5561775a05f41ed9b472752e46eec1e2c930bb33 360016 cups_2.2.10-6+deb10u2.debian.tar.xz
Files:
daeb4c9b84eac7b91f0ffc967eb253ee 3472 net optional cups_2.2.10-6+deb10u2.dsc
b8c941b468c64e3ed26486d646a9ffef 360016 net optional cups_2.2.10-6+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEJ3k7rA0YCplkx4gZqcb6xg1jAWkFAl4kHBQACgkQqcb6xg1j
AWkENRAApiTyxftpUPJLKJRmC5JOKlAxZKokuIOp1opZWbx0aq0iWfnTlB6Cuq5f
8lQvBs3XTMAxO7acFDfYMzh1H51M6clBOPLmjVtZGZ9bngB1SKwyOFMJe+0SGEWj
bqm9Fad44McAxFI36mKVRTIaBKguXwk+3knGNvwiBXkWGi+q+3ZgrnkUiAZVfTdk
ikeRngsYWJ/S6q6HZXTFLskpYDkwV5wW0p8w6Kvl81rbi49+2oMYpl+Qm+83cspl
UnAazScux22IMilhjLXwZ2CqmnjlSaPflYd1jgxg/vF9CFA/OCPf+AFJFeVcFqAF
YmpHMyulYlkcT6iV+HJb12pwOm3da+SkTMrVOUqDTHUZAhq93qSZFu2xKCvUaUZr
PA/Abjg+B1vcYaBexeyP4MNBQCKJxPfZRR5QRQWsSTWZfOUrPNaCN8FgLFlaQGbG
mm2CY4HagqzCFvqb7Y0zLSdmgrEZLfvfna0BlpP3qDeXf9oftuI4SWedeWAagO13
IUjGuDx4K60QcJXkanXctypfM2WRCZTmnDrcuB+DRAYUE+5BnZj8I1wJdI5+EoVt
e8w0QQb7T8ZDjVLxiHfWQVNawgst4zXcgGZHtISmADYHdoFACVv2zbn5JVJdTyQg
qxr/exQlra1KYYzHSLdfdWYE115sO2g2UOZ/pWystgRA/5OULTY=
=7rM5
-----END PGP SIGNATURE-----
--- End Message ---