Skip to navigation

Security Advisory cups security update

Advisory: RHSA-2005:049-08
Type: Security Advisory
Severity: Important
Issued on: 2005-02-01
Last updated on: 2005-02-01
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2005-0064

Details

Updated CUPS packages that fixes a security issue are now available.

The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects the CUPS pdftops filter due to a shared codebase.
An attacker who has the ability to send a malicious PDF file to a printer
could possibly execute arbitrary code as the "lp" user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0064 to this issue.

Red Hat believes that the Exec-Shield technology (enabled by default since
Update 3) will block attempts to remotely exploit these buffer overflow
vulnerabilities on x86 architectures.

All users of cups should upgrade to these updated packages, which resolve
these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
IA-32:
cups-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4be61430a89b3f5ce5d6fca42ef20fcd
cups-devel-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 9fc05a57866b62e645fac812f9b28979
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
 
x86_64:
cups-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 13b6bd8315e1db39f732d7d7b729e7dd
cups-devel-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 648504d431a45cefc3ea2a63cb0a215a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 36e1f1cfe2c069ff5af18d7fa0d7c003
 
Red Hat Enterprise Linux AS (v. 3)
IA-32:
cups-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4be61430a89b3f5ce5d6fca42ef20fcd
cups-devel-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 9fc05a57866b62e645fac812f9b28979
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
 
IA-64:
cups-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 375e937a6fcc48bb7727e65d79b5571f
cups-devel-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6f508dc25cefbc66a15fb145225ebb1a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 48379200aa4fb109014240cc2f36211f
 
PPC:
cups-1.1.17-13.3.24.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: ec3b759fdc24f9905c5eb95464860af9
cups-devel-1.1.17-13.3.24.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: fce0e22e2092bcdcfe9b96c0613e5dcb
cups-libs-1.1.17-13.3.24.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: b46b705341066f844045655060cb5d18
cups-libs-1.1.17-13.3.24.ppc64.rpm
File outdated by:  RHSA-2010:0754		     MD5: dba813f9a9d674512c30125d1c33f9b2
 
s390:
cups-1.1.17-13.3.24.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 31f1b879dc8382c663a480f01036ad62
cups-devel-1.1.17-13.3.24.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 385b3041a05f712ed8eda1864ff39770
cups-libs-1.1.17-13.3.24.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 308ef15cc52e3e0b8cef91ee090b292c
 
s390x:
cups-1.1.17-13.3.24.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: b3b0fb4f6dc5cb5f3c6999e17f65b0a9
cups-devel-1.1.17-13.3.24.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: 09b18d8c490e7d02960f863128cb7ad9
cups-libs-1.1.17-13.3.24.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 308ef15cc52e3e0b8cef91ee090b292c
cups-libs-1.1.17-13.3.24.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: 0f467551fdc91cca02bec10c1d2e0d32
 
x86_64:
cups-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 13b6bd8315e1db39f732d7d7b729e7dd
cups-devel-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 648504d431a45cefc3ea2a63cb0a215a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 36e1f1cfe2c069ff5af18d7fa0d7c003
 
Red Hat Enterprise Linux ES (v. 3)
IA-32:
cups-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4be61430a89b3f5ce5d6fca42ef20fcd
cups-devel-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 9fc05a57866b62e645fac812f9b28979
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
 
IA-64:
cups-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 375e937a6fcc48bb7727e65d79b5571f
cups-devel-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6f508dc25cefbc66a15fb145225ebb1a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 48379200aa4fb109014240cc2f36211f
 
x86_64:
cups-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 13b6bd8315e1db39f732d7d7b729e7dd
cups-devel-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 648504d431a45cefc3ea2a63cb0a215a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 36e1f1cfe2c069ff5af18d7fa0d7c003
 
Red Hat Enterprise Linux WS (v. 3)
IA-32:
cups-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4be61430a89b3f5ce5d6fca42ef20fcd
cups-devel-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 9fc05a57866b62e645fac812f9b28979
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
 
IA-64:
cups-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 375e937a6fcc48bb7727e65d79b5571f
cups-devel-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6f508dc25cefbc66a15fb145225ebb1a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 48379200aa4fb109014240cc2f36211f
 
x86_64:
cups-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 13b6bd8315e1db39f732d7d7b729e7dd
cups-devel-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 648504d431a45cefc3ea2a63cb0a215a
cups-libs-1.1.17-13.3.24.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8d68b5b6fcb85c1e80ba033d86d9739f
cups-libs-1.1.17-13.3.24.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 36e1f1cfe2c069ff5af18d7fa0d7c003
 

Bugs fixed (see bugzilla for more information)

145102 - CAN-2005-0064 xpdf buffer overflow


References

https://www.redhat.com/security/data/cve/CVE-2005-0064.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/