Skip to navigation

Security Advisory Important: cups security update

Advisory: RHSA-2008:0153-5
Type: Security Advisory
Severity: Important
Issued on: 2008-02-25
Last updated on: 2008-02-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2008-0596
CVE-2008-0597

Details

Updated cups packages that fixes two security issues and a bug are now
available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A flaw was found in the way CUPS handled the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to attempt to dereference already freed
memory and crash. (CVE-2008-0597)

A memory management flaw was found in the way CUPS handled the addition and
removal of remote shared printers via IPP. When shared printer was
removed, allocated memory was not properly freed, leading to a memory leak
possibly causing CUPS daemon crash after exhausting available memory.
(CVE-2008-0596)

These issues were found during the investigation of CVE-2008-0882, which
did not affect Red Hat Enterprise Linux 3.

Note that the default configuration of CUPS on Red Hat Enterprise Linux
3 allow requests of this type only from the local subnet.

In addition, these updated cups packages fix a bug that occurred when using
the CUPS polling daemon. Excessive debugging log information was saved to
the error_log file regardless of the LogLevel setting, which filled up disk
space rapidly.

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
cups-1.1.17-13.3.51.src.rpm
File outdated by:  RHSA-2010:0754		     MD5: a83d8badc12e4527cf2d8683e269a101
 
IA-32:
cups-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4b0105e1b3a1dee8e5f55575866caf81
cups-devel-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8a18a621588f597effbbddc4b882bfe9
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
 
x86_64:
cups-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 00e775c6a85dcd3643b4179ecbf34e3d
cups-devel-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 1ee0bbaa551d2e68b503c334a4839cbd
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: c1fb6cee6ba549bfa58c9af28547eaff
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
cups-1.1.17-13.3.51.src.rpm
File outdated by:  RHSA-2010:0754		     MD5: a83d8badc12e4527cf2d8683e269a101
 
IA-32:
cups-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4b0105e1b3a1dee8e5f55575866caf81
cups-devel-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8a18a621588f597effbbddc4b882bfe9
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
 
IA-64:
cups-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6fe3c4c7f287dbb9344b5b9d17e041ef
cups-devel-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 5518ecfe2d5de4531ce3a8c762fe0167
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4f3aa9239717e04a52ee9a39fac3b5af
 
PPC:
cups-1.1.17-13.3.51.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: d7588f25cf4a4c661d9f52694a026852
cups-devel-1.1.17-13.3.51.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: dad4a01ec369b7ab8869c40a1e4424e4
cups-libs-1.1.17-13.3.51.ppc.rpm
File outdated by:  RHSA-2010:0754		     MD5: 38e0c9fc614029b36e177d0bd731e866
cups-libs-1.1.17-13.3.51.ppc64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 43e59cacdbb0789974efc5fbd46c38b5
 
s390:
cups-1.1.17-13.3.51.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: ef382d45569651666468fc675f758f61
cups-devel-1.1.17-13.3.51.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: b7028965b7c0c41ad1daea9797dfaa08
cups-libs-1.1.17-13.3.51.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 989604494b9f4567ea24c57d7a5c9627
 
s390x:
cups-1.1.17-13.3.51.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: 82afba05fa3301f4b2ca57c39d0017eb
cups-devel-1.1.17-13.3.51.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: a10e09cc17f8ff1eb9cb154987c5b836
cups-libs-1.1.17-13.3.51.s390.rpm
File outdated by:  RHSA-2010:0754		     MD5: 989604494b9f4567ea24c57d7a5c9627
cups-libs-1.1.17-13.3.51.s390x.rpm
File outdated by:  RHSA-2010:0754		     MD5: 7e9c1b2cfb385282a3f63be512757417
 
x86_64:
cups-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 00e775c6a85dcd3643b4179ecbf34e3d
cups-devel-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 1ee0bbaa551d2e68b503c334a4839cbd
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: c1fb6cee6ba549bfa58c9af28547eaff
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
cups-1.1.17-13.3.51.src.rpm
File outdated by:  RHSA-2010:0754		     MD5: a83d8badc12e4527cf2d8683e269a101
 
IA-32:
cups-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4b0105e1b3a1dee8e5f55575866caf81
cups-devel-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8a18a621588f597effbbddc4b882bfe9
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
 
IA-64:
cups-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6fe3c4c7f287dbb9344b5b9d17e041ef
cups-devel-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 5518ecfe2d5de4531ce3a8c762fe0167
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4f3aa9239717e04a52ee9a39fac3b5af
 
x86_64:
cups-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 00e775c6a85dcd3643b4179ecbf34e3d
cups-devel-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 1ee0bbaa551d2e68b503c334a4839cbd
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: c1fb6cee6ba549bfa58c9af28547eaff
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
cups-1.1.17-13.3.51.src.rpm
File outdated by:  RHSA-2010:0754		     MD5: a83d8badc12e4527cf2d8683e269a101
 
IA-32:
cups-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4b0105e1b3a1dee8e5f55575866caf81
cups-devel-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 8a18a621588f597effbbddc4b882bfe9
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
 
IA-64:
cups-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 6fe3c4c7f287dbb9344b5b9d17e041ef
cups-devel-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 5518ecfe2d5de4531ce3a8c762fe0167
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.ia64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 4f3aa9239717e04a52ee9a39fac3b5af
 
x86_64:
cups-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 00e775c6a85dcd3643b4179ecbf34e3d
cups-devel-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: 1ee0bbaa551d2e68b503c334a4839cbd
cups-libs-1.1.17-13.3.51.i386.rpm
File outdated by:  RHSA-2010:0754		     MD5: 857fe97565d10f9c719b9c9e4bd850fc
cups-libs-1.1.17-13.3.51.x86_64.rpm
File outdated by:  RHSA-2010:0754		     MD5: c1fb6cee6ba549bfa58c9af28547eaff
 

Bugs fixed (see bugzilla for more information)

246545 - Cups fills up logfiles if queue is turned on
433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests
433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests


References

https://www.redhat.com/security/data/cve/CVE-2008-0596.html
https://www.redhat.com/security/data/cve/CVE-2008-0597.html
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/