Security Advisory Important: cups security update

Advisory: RHSA-2009:1083-1
Type: Security Advisory
Severity: Important
Issued on: 2009-06-03
Last updated on: 2009-06-03
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091083.xml
CVEs (cve.mitre.org): CVE-2009-0791
CVE-2009-0949
CVE-2009-1196

Details

Updated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX® Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The Internet Printing Protocol (IPP) allows
users to print and manage printing-related tasks over a network. The CUPS
"pdftops" filter converts Portable Document Format (PDF) files to
PostScript. "pdftops" is based on Xpdf and the CUPS imaging library.

A NULL pointer dereference flaw was found in the CUPS IPP routine, used for
processing incoming IPP requests for the CUPS scheduler. An attacker could
use this flaw to send specially-crafted IPP requests that would crash the
cupsd daemon. (CVE-2009-0949)

A use-after-free flaw was found in the CUPS scheduler directory services
routine, used to process data about available printers and printer classes.
An attacker could use this flaw to cause a denial of service (cupsd daemon
stop or crash). (CVE-2009-1196)

Multiple integer overflows flaws, leading to heap-based buffer overflows,
were found in the CUPS "pdftops" filter. An attacker could create a
malicious PDF file that would cause "pdftops" to crash or, potentially,
execute arbitrary code as the "lp" user if the file was printed.
(CVE-2009-0791)

Red Hat would like to thank Anibal Sacco from Core Security Technologies
for reporting the CVE-2009-0949 flaw, and Swen van Brussel for reporting
the CVE-2009-1196 flaw.

Users of cups are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
cups-1.1.17-13.3.62.src.rpm     480e819f217889efe182ddc98297f9f3
 
IA-32:
cups-1.1.17-13.3.62.i386.rpm     161cb7d287a78d77e142514fbe4ba14a
cups-devel-1.1.17-13.3.62.i386.rpm     0c9e1184858ef14e3210f137016b54f3
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
 
x86_64:
cups-1.1.17-13.3.62.x86_64.rpm     4f2cfdccae882fdc2f3f7866f82433ce
cups-devel-1.1.17-13.3.62.x86_64.rpm     6d72f1d68d9d8033ea57252d5ba5b799
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.x86_64.rpm     221454912af85b557f3059164bfa667d
 
Red Hat Desktop (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
cups-1.1.17-13.3.62.src.rpm     480e819f217889efe182ddc98297f9f3
 
IA-32:
cups-1.1.17-13.3.62.i386.rpm     161cb7d287a78d77e142514fbe4ba14a
cups-devel-1.1.17-13.3.62.i386.rpm     0c9e1184858ef14e3210f137016b54f3
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
 
IA-64:
cups-1.1.17-13.3.62.ia64.rpm     76c425f2c31fc4df199fecace85273f2
cups-devel-1.1.17-13.3.62.ia64.rpm     04797543ee008107c142bed10142507f
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.ia64.rpm     a5badbe26a1d346c945764ae5e22f999
 
PPC:
cups-1.1.17-13.3.62.ppc.rpm     a2e2a02f030daa6f12c5df283fac1ad2
cups-devel-1.1.17-13.3.62.ppc.rpm     701f7eb3938fbb46104b2f26d75af718
cups-libs-1.1.17-13.3.62.ppc.rpm     3e4bc0a8e097e89de215e33d639a0f02
cups-libs-1.1.17-13.3.62.ppc64.rpm     2a55f8a4779ba742a56b034488335c65
 
s390:
cups-1.1.17-13.3.62.s390.rpm     a577618d92f9642727b3c42f0692b0b8
cups-devel-1.1.17-13.3.62.s390.rpm     31002da92ab8a9571e37c93be5cc065c
cups-libs-1.1.17-13.3.62.s390.rpm     0c8a6d9ac6d1c6b42cd7a1166aaa649c
 
s390x:
cups-1.1.17-13.3.62.s390x.rpm     6e253d4331b7c4afd9876b57be5c3ca4
cups-devel-1.1.17-13.3.62.s390x.rpm     bef6471226288b02bba9a6e4b78f2ded
cups-libs-1.1.17-13.3.62.s390.rpm     0c8a6d9ac6d1c6b42cd7a1166aaa649c
cups-libs-1.1.17-13.3.62.s390x.rpm     e0002cdc7d2b70fd99599a8629d51a5f
 
x86_64:
cups-1.1.17-13.3.62.x86_64.rpm     4f2cfdccae882fdc2f3f7866f82433ce
cups-devel-1.1.17-13.3.62.x86_64.rpm     6d72f1d68d9d8033ea57252d5ba5b799
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.x86_64.rpm     221454912af85b557f3059164bfa667d
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
IA-64:
cups-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     e2e3cdac653c8236c353b5cdb6822371
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     402ab20f4cd6dad3a3bf43476e347807
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     3c59f443fe74570fce8572e1d39587cc
 
PPC:
cups-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     c998f9bce2b021956f2d5794a0f0388a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     acb853f88cbcffdd2ebf4588985d3ee6
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     9d700552fa7817f045a916ee0a4b5134
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ppc64.rpm     2f6e828cb81c9187dfd31f23b476de1b
 
s390:
cups-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     13a775ced67b9f048202812007f5c25b
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     cac6853242e170e9121758c65ce84fd3
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     51842f1b897010436cd9641e786b9e8b
 
s390x:
cups-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     fd6ca9148ef65517bdb6675dc09817c7
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     ebdd3aef5354eb988f67d7b6ad162a31
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     51842f1b897010436cd9641e786b9e8b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     c7782c1d1d213a5faac7f0634d600d79
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
IA-64:
cups-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     e2e3cdac653c8236c353b5cdb6822371
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     402ab20f4cd6dad3a3bf43476e347807
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     3c59f443fe74570fce8572e1d39587cc
 
PPC:
cups-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     c998f9bce2b021956f2d5794a0f0388a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     acb853f88cbcffdd2ebf4588985d3ee6
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ppc.rpm     9d700552fa7817f045a916ee0a4b5134
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ppc64.rpm     2f6e828cb81c9187dfd31f23b476de1b
 
s390:
cups-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     13a775ced67b9f048202812007f5c25b
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     cac6853242e170e9121758c65ce84fd3
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     51842f1b897010436cd9641e786b9e8b
 
s390x:
cups-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     fd6ca9148ef65517bdb6675dc09817c7
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     ebdd3aef5354eb988f67d7b6ad162a31
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390.rpm     51842f1b897010436cd9641e786b9e8b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.s390x.rpm     c7782c1d1d213a5faac7f0634d600d79
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
cups-1.1.17-13.3.62.src.rpm     480e819f217889efe182ddc98297f9f3
 
IA-32:
cups-1.1.17-13.3.62.i386.rpm     161cb7d287a78d77e142514fbe4ba14a
cups-devel-1.1.17-13.3.62.i386.rpm     0c9e1184858ef14e3210f137016b54f3
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
 
IA-64:
cups-1.1.17-13.3.62.ia64.rpm     76c425f2c31fc4df199fecace85273f2
cups-devel-1.1.17-13.3.62.ia64.rpm     04797543ee008107c142bed10142507f
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.ia64.rpm     a5badbe26a1d346c945764ae5e22f999
 
x86_64:
cups-1.1.17-13.3.62.x86_64.rpm     4f2cfdccae882fdc2f3f7866f82433ce
cups-devel-1.1.17-13.3.62.x86_64.rpm     6d72f1d68d9d8033ea57252d5ba5b799
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.x86_64.rpm     221454912af85b557f3059164bfa667d
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
IA-64:
cups-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     e2e3cdac653c8236c353b5cdb6822371
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     402ab20f4cd6dad3a3bf43476e347807
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     3c59f443fe74570fce8572e1d39587cc
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
IA-64:
cups-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     e2e3cdac653c8236c353b5cdb6822371
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     402ab20f4cd6dad3a3bf43476e347807
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     3c59f443fe74570fce8572e1d39587cc
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
cups-1.1.17-13.3.62.src.rpm     480e819f217889efe182ddc98297f9f3
 
IA-32:
cups-1.1.17-13.3.62.i386.rpm     161cb7d287a78d77e142514fbe4ba14a
cups-devel-1.1.17-13.3.62.i386.rpm     0c9e1184858ef14e3210f137016b54f3
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
 
IA-64:
cups-1.1.17-13.3.62.ia64.rpm     76c425f2c31fc4df199fecace85273f2
cups-devel-1.1.17-13.3.62.ia64.rpm     04797543ee008107c142bed10142507f
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.ia64.rpm     a5badbe26a1d346c945764ae5e22f999
 
x86_64:
cups-1.1.17-13.3.62.x86_64.rpm     4f2cfdccae882fdc2f3f7866f82433ce
cups-devel-1.1.17-13.3.62.x86_64.rpm     6d72f1d68d9d8033ea57252d5ba5b799
cups-libs-1.1.17-13.3.62.i386.rpm     45d0eb17d4c27b631dffaca89422dad8
cups-libs-1.1.17-13.3.62.x86_64.rpm     221454912af85b557f3059164bfa667d
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm     7bec87e3c888a0c65c94d0a5e901e342
 
IA-32:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     8106d6c4d4ce38bc20f0ddbaea792b16
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     da126cfd3cbb4b4c20aacfe13157f02b
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
 
IA-64:
cups-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     e2e3cdac653c8236c353b5cdb6822371
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     402ab20f4cd6dad3a3bf43476e347807
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.ia64.rpm     3c59f443fe74570fce8572e1d39587cc
 
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     be07eac16eaad906952468e4b224d36a
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     aa916fdde2a40a5cb45d880e76eef422
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm     fda9b4bdf2a2cf29b4a61014b3288bbb
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm     0198e1aee8ef42320a13399bf479fe25
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

491840 - CVE-2009-0791 cups: Multiple integer overflows in the CUPS "pdftops" filter
497135 - CVE-2009-1196 cups: DoS (stop, crash) by renewing CUPS browse packets
500972 - CVE-2009-0949 cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1196
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/