Skip to navigation

Security Advisory Moderate: cups security update

Advisory: RHSA-2008:1029-5
Type: Security Advisory
Severity: Moderate
Issued on: 2008-12-15
Last updated on: 2008-12-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
CVEs (cve.mitre.org): CVE-2008-5183

Details

Updated cups packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Common UNIX® Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.

A null pointer dereference flaw was found in the way CUPS handled
subscriptions for printing job completion notifications. A local user could
use this flaw to crash the CUPS daemon by submitting a large number of
printing jobs requiring mail notification on completion, leading to a
denial of service. (CVE-2008-5183)

Users of cups should upgrade to these updated packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
cups-1.2.4-11.18.el5_2.3.src.rpm
File outdated by:  RHBA-2011:0185		     MD5: 2c1f8a71e75eeb80f78d6f9c759d945a
 
IA-32:
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
 
x86_64:
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
cups-devel-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: f3def3abf37523758154bc82eb950a50
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
cups-1.2.4-11.18.el5_2.3.src.rpm
File outdated by:  RHBA-2011:0185		     MD5: 2c1f8a71e75eeb80f78d6f9c759d945a
 
IA-32:
cups-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: e1bdce9bdd2a0399b404935cead2b3f9
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-lpd-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: e825e31cc8f2edcfa7d1a7b5a81e3c99
 
IA-64:
cups-1.2.4-11.18.el5_2.3.ia64.rpm
File outdated by:  RHBA-2011:0185		     MD5: 9aaae85d2f1b44511a6db32457cae942
cups-devel-1.2.4-11.18.el5_2.3.ia64.rpm
File outdated by:  RHBA-2011:0185		     MD5: c27859790b787c375d07e951d976f997
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-libs-1.2.4-11.18.el5_2.3.ia64.rpm
File outdated by:  RHBA-2011:0185		     MD5: f8886cbdb4607c45b4fc572c012e4c48
cups-lpd-1.2.4-11.18.el5_2.3.ia64.rpm
File outdated by:  RHBA-2011:0185		     MD5: ca7c60a607a27be05d42c8e69682c458
 
PPC:
cups-1.2.4-11.18.el5_2.3.ppc.rpm
File outdated by:  RHBA-2011:0185		     MD5: 83b3ad0027b5672b1733b69e66014a31
cups-devel-1.2.4-11.18.el5_2.3.ppc.rpm
File outdated by:  RHBA-2011:0185		     MD5: 0bcd995a6feef466d583c03b114035b5
cups-devel-1.2.4-11.18.el5_2.3.ppc64.rpm
File outdated by:  RHBA-2011:0185		     MD5: d5220993d8a558da676b8b64ff4ab068
cups-libs-1.2.4-11.18.el5_2.3.ppc.rpm
File outdated by:  RHBA-2011:0185		     MD5: e38832a1dca94f4960d8819703e93c2d
cups-libs-1.2.4-11.18.el5_2.3.ppc64.rpm
File outdated by:  RHBA-2011:0185		     MD5: a4249b646fddcd2a4ae550565a46e60c
cups-lpd-1.2.4-11.18.el5_2.3.ppc.rpm
File outdated by:  RHBA-2011:0185		     MD5: ebba40b4f51ab2b50d345afcaa528d3d
 
s390x:
cups-1.2.4-11.18.el5_2.3.s390x.rpm
File outdated by:  RHBA-2011:0185		     MD5: 813be19499a8164c8dd1aed792095d86
cups-devel-1.2.4-11.18.el5_2.3.s390.rpm
File outdated by:  RHBA-2011:0185		     MD5: f294adb71cc4b3192e90b2e78e5c97b1
cups-devel-1.2.4-11.18.el5_2.3.s390x.rpm
File outdated by:  RHBA-2011:0185		     MD5: 4e352f6fd65d308742d45896aac5df4f
cups-libs-1.2.4-11.18.el5_2.3.s390.rpm
File outdated by:  RHBA-2011:0185		     MD5: 6e22a14d161fedd3ee9c4e9eee3b8846
cups-libs-1.2.4-11.18.el5_2.3.s390x.rpm
File outdated by:  RHBA-2011:0185		     MD5: c1f9717c3b4b3a259d1957937d32f306
cups-lpd-1.2.4-11.18.el5_2.3.s390x.rpm
File outdated by:  RHBA-2011:0185		     MD5: 13922ab364cab940f1620ea923d2e744
 
x86_64:
cups-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: f2d5499ea257850cb50501473e1f9439
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
cups-devel-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: f3def3abf37523758154bc82eb950a50
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-libs-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: cf6e3eef4aee756dfebb48974abf5bdf
cups-lpd-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: 82461a30604ed8104ca9a0e550b12245
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
cups-1.2.4-11.18.el5_2.3.src.rpm
File outdated by:  RHBA-2011:0185		     MD5: 2c1f8a71e75eeb80f78d6f9c759d945a
 
IA-32:
cups-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: e1bdce9bdd2a0399b404935cead2b3f9
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-lpd-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: e825e31cc8f2edcfa7d1a7b5a81e3c99
 
x86_64:
cups-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: f2d5499ea257850cb50501473e1f9439
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm
File outdated by:  RHBA-2011:0185		     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-libs-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: cf6e3eef4aee756dfebb48974abf5bdf
cups-lpd-1.2.4-11.18.el5_2.3.x86_64.rpm
File outdated by:  RHBA-2011:0185		     MD5: 82461a30604ed8104ca9a0e550b12245
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)
SRPMS:
cups-1.2.4-11.18.el5_2.3.src.rpm
File outdated by:  RHBA-2011:0185		     MD5: 2c1f8a71e75eeb80f78d6f9c759d945a
 
IA-32:
cups-1.2.4-11.18.el5_2.3.i386.rpm     MD5: e1bdce9bdd2a0399b404935cead2b3f9
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-lpd-1.2.4-11.18.el5_2.3.i386.rpm     MD5: e825e31cc8f2edcfa7d1a7b5a81e3c99
 
IA-64:
cups-1.2.4-11.18.el5_2.3.ia64.rpm     MD5: 9aaae85d2f1b44511a6db32457cae942
cups-devel-1.2.4-11.18.el5_2.3.ia64.rpm     MD5: c27859790b787c375d07e951d976f997
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-libs-1.2.4-11.18.el5_2.3.ia64.rpm     MD5: f8886cbdb4607c45b4fc572c012e4c48
cups-lpd-1.2.4-11.18.el5_2.3.ia64.rpm     MD5: ca7c60a607a27be05d42c8e69682c458
 
PPC:
cups-1.2.4-11.18.el5_2.3.ppc.rpm     MD5: 83b3ad0027b5672b1733b69e66014a31
cups-devel-1.2.4-11.18.el5_2.3.ppc.rpm     MD5: 0bcd995a6feef466d583c03b114035b5
cups-devel-1.2.4-11.18.el5_2.3.ppc64.rpm     MD5: d5220993d8a558da676b8b64ff4ab068
cups-libs-1.2.4-11.18.el5_2.3.ppc.rpm     MD5: e38832a1dca94f4960d8819703e93c2d
cups-libs-1.2.4-11.18.el5_2.3.ppc64.rpm     MD5: a4249b646fddcd2a4ae550565a46e60c
cups-lpd-1.2.4-11.18.el5_2.3.ppc.rpm     MD5: ebba40b4f51ab2b50d345afcaa528d3d
 
s390x:
cups-1.2.4-11.18.el5_2.3.s390x.rpm     MD5: 813be19499a8164c8dd1aed792095d86
cups-devel-1.2.4-11.18.el5_2.3.s390.rpm     MD5: f294adb71cc4b3192e90b2e78e5c97b1
cups-devel-1.2.4-11.18.el5_2.3.s390x.rpm     MD5: 4e352f6fd65d308742d45896aac5df4f
cups-libs-1.2.4-11.18.el5_2.3.s390.rpm     MD5: 6e22a14d161fedd3ee9c4e9eee3b8846
cups-libs-1.2.4-11.18.el5_2.3.s390x.rpm     MD5: c1f9717c3b4b3a259d1957937d32f306
cups-lpd-1.2.4-11.18.el5_2.3.s390x.rpm     MD5: 13922ab364cab940f1620ea923d2e744
 
x86_64:
cups-1.2.4-11.18.el5_2.3.x86_64.rpm     MD5: f2d5499ea257850cb50501473e1f9439
cups-devel-1.2.4-11.18.el5_2.3.i386.rpm     MD5: 9cea0a0d1b10abe5ec67f6327f0d1ac7
cups-devel-1.2.4-11.18.el5_2.3.x86_64.rpm     MD5: f3def3abf37523758154bc82eb950a50
cups-libs-1.2.4-11.18.el5_2.3.i386.rpm     MD5: 786fc5ba3aedeebf6182ea5fb527248b
cups-libs-1.2.4-11.18.el5_2.3.x86_64.rpm     MD5: cf6e3eef4aee756dfebb48974abf5bdf
cups-lpd-1.2.4-11.18.el5_2.3.x86_64.rpm     MD5: 82461a30604ed8104ca9a0e550b12245
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

473901 - CVE-2008-5183 cups: DoS (daemon crash) caused by the large number of subscriptions


References

https://www.redhat.com/security/data/cve/CVE-2008-5183.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/