Skip to navigation

Security Advisory Important: cups security update

Advisory: RHSA-2008:0161-3
Type: Security Advisory
Severity: Important
Issued on: 2008-02-25
Last updated on: 2008-02-25
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2008-0596
CVE-2008-0597

Details

Updated cups packages that fix two security issues are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A flaw was found in the way CUPS handled the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to attempt to dereference already freed
memory and crash. (CVE-2008-0597)

A memory management flaw was found in the way CUPS handled the addition and
removal of remote shared printers via IPP. When shared printer was
removed, allocated memory was not properly freed, leading to a memory leak
possibly causing CUPS daemon crash after exhausting available memory.
(CVE-2008-0596)

These issues were found during the investigation of CVE-2008-0882, which
did not affect Red Hat Enterprise Linux 4.

Note that the default configuration of CUPS on Red Hat Enterprise Linux
4 allow requests of this type only from the local subnet.

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 6539694c82709951ea448146d6003183
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: e8464c29009338639445a7d7c4ef6fa2
 
PPC:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2010:0755		     MD5: e44c4426cffb46214578af4b7bf3355f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2010:0755		     MD5: 7408a507942ccf45063d2712701bc820
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2010:0755		     MD5: ec9c615f9a4fb7cee321f6cdf6f0aec7
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 95065ef884476ffc80a5f3af10633da2
 
s390:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2f4714e2e43e762dba541ad75711ae38
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2456e5c5bf1211dd703896762afecbe2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2010:0755		     MD5: c709e0497732e17cb629032d20aadb0c
 
s390x:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2010:0755		     MD5: 29e76d263e08daa2ef20610b35426ba2
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2c7b6e1c00374cde9c20de0237e3e59b
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2010:0755		     MD5: c709e0497732e17cb629032d20aadb0c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2010:0755		     MD5: d8596765717c7bfd24de39bda5f228e5
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 6539694c82709951ea448146d6003183
 
Red Hat Enterprise Linux AS (v. 4.6.z)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: e8464c29009338639445a7d7c4ef6fa2
 
PPC:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2008:0498		     MD5: e44c4426cffb46214578af4b7bf3355f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2008:0498		     MD5: 7408a507942ccf45063d2712701bc820
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm
File outdated by:  RHSA-2008:0498		     MD5: ec9c615f9a4fb7cee321f6cdf6f0aec7
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 95065ef884476ffc80a5f3af10633da2
 
s390:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2008:0498		     MD5: 2f4714e2e43e762dba541ad75711ae38
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2008:0498		     MD5: 2456e5c5bf1211dd703896762afecbe2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2008:0498		     MD5: c709e0497732e17cb629032d20aadb0c
 
s390x:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2008:0498		     MD5: 29e76d263e08daa2ef20610b35426ba2
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2008:0498		     MD5: 2c7b6e1c00374cde9c20de0237e3e59b
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm
File outdated by:  RHSA-2008:0498		     MD5: c709e0497732e17cb629032d20aadb0c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm
File outdated by:  RHSA-2008:0498		     MD5: d8596765717c7bfd24de39bda5f228e5
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 6539694c82709951ea448146d6003183
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: e8464c29009338639445a7d7c4ef6fa2
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 6539694c82709951ea448146d6003183
 
Red Hat Enterprise Linux ES (v. 4.6.z)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2008:0498		     MD5: e8464c29009338639445a7d7c4ef6fa2
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2008:0498		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2008:0498		     MD5: 6539694c82709951ea448146d6003183
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4c1fb77c7a60cb8f29163f42cfc5aa43
 
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
 
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm
File outdated by:  RHSA-2010:0755		     MD5: e8464c29009338639445a7d7c4ef6fa2
 
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm
File outdated by:  RHSA-2010:0755		     MD5: 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm
File outdated by:  RHSA-2010:0755		     MD5: 6539694c82709951ea448146d6003183
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests
433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests


References

https://www.redhat.com/security/data/cve/CVE-2008-0596.html
https://www.redhat.com/security/data/cve/CVE-2008-0597.html
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/