Security Advisory Important: cups security update

Advisory: RHSA-2007:1021-3
Type: Security Advisory
Severity: Important
Issued on: 2007-11-07
Last updated on: 2007-11-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
OVAL: com.redhat.rhsa-20071021.xml
CVEs (cve.mitre.org): CVE-2007-4352
CVE-2007-5392
CVE-2007-5393

Details

Updated CUPS packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
cups-1.2.4-11.14.el5_1.3.src.rpm
File outdated by:  RHSA-2009:1595		     0e674156c66a85f4befb25b61ac11219
 
IA-32:
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1513		     ed50e67e5ac81816025b7044a60ff05c
 
x86_64:
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     ed50e67e5ac81816025b7044a60ff05c
cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     d6e9593b5bd3da21bfd5a722fd9153a9
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
cups-1.2.4-11.14.el5_1.3.src.rpm
File outdated by:  RHSA-2009:1595		     0e674156c66a85f4befb25b61ac11219
 
IA-32:
cups-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     0d1bc137688d648c1a6bb6d723d02131
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     ed50e67e5ac81816025b7044a60ff05c
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     725da2778499f0ef3d177ae5de2eac84
 
IA-64:
cups-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2009:1595		     6d6d5b2c9bb192c0221fab51ca406e54
cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2009:1595		     f8993c91631e1cb221053970359a15c3
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2009:1595		     b563493fa5c9938711246df30849740e
cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2009:1595		     fbeff7413bedcb74acd9691ffd34ec16
 
PPC:
cups-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2009:1595		     568c33780523d8934fd44cb8b38572f7
cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2009:1595		     8f47bde999fd4a20fdd95df19aa4d348
cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm
File outdated by:  RHSA-2009:1595		     904299c55e793be74463ed447d4c7912
cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2009:1595		     e510688e304707cdc2e69fbb690c105a
cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm
File outdated by:  RHSA-2009:1595		     a46a28e1dd83f550a8f90f76dd5de253
cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2009:1595		     22240ec5fb56b681652830c602f6d3ac
 
s390x:
cups-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2009:1595		     0600130d9ffbc51fefefe5363161f809
cups-devel-1.2.4-11.14.el5_1.3.s390.rpm
File outdated by:  RHSA-2009:1595		     205945b86014307d0351d958a3045bfd
cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2009:1595		     4494cce4dc572b50d825343ec9b2cfc1
cups-libs-1.2.4-11.14.el5_1.3.s390.rpm
File outdated by:  RHSA-2009:1595		     f58cff49807950fe15a0431d9c0eb0a4
cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2009:1595		     5b1a7f99fb9a376ac9dd6001bfc2400e
cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2009:1595		     8f41c8e4ad65b647974012e97e559050
 
x86_64:
cups-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     8a80ca4d3fb94684b6a157fd0fc03ffc
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     ed50e67e5ac81816025b7044a60ff05c
cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     d6e9593b5bd3da21bfd5a722fd9153a9
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     e7122321cb07e24fdea833aeb99fceff
cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     f1d2584267c494a0df96afb0f95cda27
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
cups-1.2.4-11.14.el5_1.3.src.rpm
File outdated by:  RHSA-2009:1595		     0e674156c66a85f4befb25b61ac11219
 
IA-32:
cups-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1513		     0d1bc137688d648c1a6bb6d723d02131
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1513		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1513		     725da2778499f0ef3d177ae5de2eac84
 
x86_64:
cups-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     8a80ca4d3fb94684b6a157fd0fc03ffc
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2009:1595		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     e7122321cb07e24fdea833aeb99fceff
cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2009:1595		     f1d2584267c494a0df96afb0f95cda27
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)
SRPMS:
cups-1.2.4-11.14.el5_1.3.src.rpm
File outdated by:  RHSA-2009:1595		     0e674156c66a85f4befb25b61ac11219
 
IA-32:
cups-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     0d1bc137688d648c1a6bb6d723d02131
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     ed50e67e5ac81816025b7044a60ff05c
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     725da2778499f0ef3d177ae5de2eac84
 
IA-64:
cups-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2008:0192		     6d6d5b2c9bb192c0221fab51ca406e54
cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2008:0192		     f8993c91631e1cb221053970359a15c3
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2008:0192		     b563493fa5c9938711246df30849740e
cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm
File outdated by:  RHSA-2008:0192		     fbeff7413bedcb74acd9691ffd34ec16
 
PPC:
cups-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2008:0192		     568c33780523d8934fd44cb8b38572f7
cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2008:0192		     8f47bde999fd4a20fdd95df19aa4d348
cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm
File outdated by:  RHSA-2008:0192		     904299c55e793be74463ed447d4c7912
cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2008:0192		     e510688e304707cdc2e69fbb690c105a
cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm
File outdated by:  RHSA-2008:0192		     a46a28e1dd83f550a8f90f76dd5de253
cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm
File outdated by:  RHSA-2008:0192		     22240ec5fb56b681652830c602f6d3ac
 
s390x:
cups-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2008:0192		     0600130d9ffbc51fefefe5363161f809
cups-devel-1.2.4-11.14.el5_1.3.s390.rpm
File outdated by:  RHSA-2008:0192		     205945b86014307d0351d958a3045bfd
cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2008:0192		     4494cce4dc572b50d825343ec9b2cfc1
cups-libs-1.2.4-11.14.el5_1.3.s390.rpm
File outdated by:  RHSA-2008:0192		     f58cff49807950fe15a0431d9c0eb0a4
cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2008:0192		     5b1a7f99fb9a376ac9dd6001bfc2400e
cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm
File outdated by:  RHSA-2008:0192		     8f41c8e4ad65b647974012e97e559050
 
x86_64:
cups-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2008:0192		     8a80ca4d3fb94684b6a157fd0fc03ffc
cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     ed50e67e5ac81816025b7044a60ff05c
cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2008:0192		     d6e9593b5bd3da21bfd5a722fd9153a9
cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
File outdated by:  RHSA-2008:0192		     9bf17e649f5c0f6c67344279a7dc4d1b
cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2008:0192		     e7122321cb07e24fdea833aeb99fceff
cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm
File outdated by:  RHSA-2008:0192		     f1d2584267c494a0df96afb0f95cda27
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/