Security Advisory Important: cups security update

Advisory: RHSA-2008:0157-5
Type: Security Advisory
Severity: Important
Issued on: 2008-02-21
Last updated on: 2008-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
OVAL: com.redhat.rhsa-20080157.xml
CVEs (cve.mitre.org): CVE-2008-0882

Details

Updated cups packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems. The Internet Printing Protocol (IPP) is a
standard network protocol for remote printing, as well as managing print
jobs.

A flaw was found in the way CUPS handles the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to crash. (CVE-2008-0882)

Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will
only accept requests of this type from the local subnet. This issue did not
affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or
4.

All cups users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm
File outdated by:  RHSA-2009:1595		     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1513		     61ed2f1148456b015f1e9af75126b867
 
x86_64:
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     61ed2f1148456b015f1e9af75126b867
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     9ac3e7460492e6bf57a542feb66c5123
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm
File outdated by:  RHSA-2009:1595		     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     cb158daeec9eeca33ed24a722175ceff
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     61ed2f1148456b015f1e9af75126b867
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     2fc9515399f6abbee294f475c022a090
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     e1d57506c2e474f5d6b41829f212ad84
 
IA-64:
cups-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2009:1595		     4a7edca6c4ae2c590e21789aa4169bb6
cups-devel-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2009:1595		     f1b77ef88fc8c6458d256735e63bdda7
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2009:1595		     669c5e2c28ab235e0164a3c1098d67e6
cups-lpd-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2009:1595		     b3ab3107bf53fba9cbc68393a6e8b71f
 
PPC:
cups-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2009:1595		     a64c0cd55dc4a0167fe1db40b4a2b525
cups-devel-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2009:1595		     00f402da5be086f24f82991ef1101335
cups-devel-1.2.4-11.14.el5_1.4.ppc64.rpm
File outdated by:  RHSA-2009:1595		     7a1f605f658a12b696be196ebea8f78d
cups-libs-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2009:1595		     53fc94eaf8b0e41591100982f81b1b47
cups-libs-1.2.4-11.14.el5_1.4.ppc64.rpm
File outdated by:  RHSA-2009:1595		     4d7e7b0e81d9e50e28a460c3cb8db8f2
cups-lpd-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2009:1595		     5820b1269630c7388c65a145210f7b20
 
s390x:
cups-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2009:1595		     56949b02960052134341ea4966e8876c
cups-devel-1.2.4-11.14.el5_1.4.s390.rpm
File outdated by:  RHSA-2009:1595		     ed4a43d66863754dc0b0fc1faa926cd7
cups-devel-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2009:1595		     688b9e0f47d8457b0ea66c23471464c5
cups-libs-1.2.4-11.14.el5_1.4.s390.rpm
File outdated by:  RHSA-2009:1595		     be7387fbb378bc78cbfb084a198ad344
cups-libs-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2009:1595		     cdd5e3a36bf0f1381aea4142db7e0c2e
cups-lpd-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2009:1595		     fce53915f86473bf506bd35fef42b093
 
x86_64:
cups-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     c4b23829ad62d4de40ebcbba5cebe389
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     61ed2f1148456b015f1e9af75126b867
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     9ac3e7460492e6bf57a542feb66c5123
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     04280894c25a526b737e03e34a338c13
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     a8bb32c0d59ef5e78ed851e90992b0f5
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm
File outdated by:  RHSA-2009:1595		     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1513		     cb158daeec9eeca33ed24a722175ceff
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1513		     2fc9515399f6abbee294f475c022a090
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1513		     e1d57506c2e474f5d6b41829f212ad84
 
x86_64:
cups-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     c4b23829ad62d4de40ebcbba5cebe389
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2009:1595		     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     04280894c25a526b737e03e34a338c13
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2009:1595		     a8bb32c0d59ef5e78ed851e90992b0f5
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm
File outdated by:  RHSA-2009:1595		     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     cb158daeec9eeca33ed24a722175ceff
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     61ed2f1148456b015f1e9af75126b867
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     2fc9515399f6abbee294f475c022a090
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     e1d57506c2e474f5d6b41829f212ad84
 
IA-64:
cups-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2008:0192		     4a7edca6c4ae2c590e21789aa4169bb6
cups-devel-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2008:0192		     f1b77ef88fc8c6458d256735e63bdda7
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2008:0192		     669c5e2c28ab235e0164a3c1098d67e6
cups-lpd-1.2.4-11.14.el5_1.4.ia64.rpm
File outdated by:  RHSA-2008:0192		     b3ab3107bf53fba9cbc68393a6e8b71f
 
PPC:
cups-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2008:0192		     a64c0cd55dc4a0167fe1db40b4a2b525
cups-devel-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2008:0192		     00f402da5be086f24f82991ef1101335
cups-devel-1.2.4-11.14.el5_1.4.ppc64.rpm
File outdated by:  RHSA-2008:0192		     7a1f605f658a12b696be196ebea8f78d
cups-libs-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2008:0192		     53fc94eaf8b0e41591100982f81b1b47
cups-libs-1.2.4-11.14.el5_1.4.ppc64.rpm
File outdated by:  RHSA-2008:0192		     4d7e7b0e81d9e50e28a460c3cb8db8f2
cups-lpd-1.2.4-11.14.el5_1.4.ppc.rpm
File outdated by:  RHSA-2008:0192		     5820b1269630c7388c65a145210f7b20
 
s390x:
cups-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2008:0192		     56949b02960052134341ea4966e8876c
cups-devel-1.2.4-11.14.el5_1.4.s390.rpm
File outdated by:  RHSA-2008:0192		     ed4a43d66863754dc0b0fc1faa926cd7
cups-devel-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2008:0192		     688b9e0f47d8457b0ea66c23471464c5
cups-libs-1.2.4-11.14.el5_1.4.s390.rpm
File outdated by:  RHSA-2008:0192		     be7387fbb378bc78cbfb084a198ad344
cups-libs-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2008:0192		     cdd5e3a36bf0f1381aea4142db7e0c2e
cups-lpd-1.2.4-11.14.el5_1.4.s390x.rpm
File outdated by:  RHSA-2008:0192		     fce53915f86473bf506bd35fef42b093
 
x86_64:
cups-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2008:0192		     c4b23829ad62d4de40ebcbba5cebe389
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     61ed2f1148456b015f1e9af75126b867
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2008:0192		     9ac3e7460492e6bf57a542feb66c5123
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
File outdated by:  RHSA-2008:0192		     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2008:0192		     04280894c25a526b737e03e34a338c13
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm
File outdated by:  RHSA-2008:0192		     a8bb32c0d59ef5e78ed851e90992b0f5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

433758 - CVE-2008-0882 cups: double free vulnerability in process_browse_data()


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/