Skip to navigation

Security Advisory cups security update

Advisory: RHSA-2005:571-06
Type: Security Advisory
Severity: Moderate
Issued on: 2005-07-14
Last updated on: 2005-07-14
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-2154

Details

Updated CUPS packages that fix a security issue are now available for Red
Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer for
UNIX(R) operating systems.

When processing a request, the CUPS scheduler would use case-sensitive
matching on the queue name to decide which authorization policy should be
used. However, queue names are not case-sensitive. An unauthorized user
could print to a password-protected queue without needing a password. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-2154 to this issue.

Please note that the version of CUPS included in Red Hat Enterprise Linux 4
is not vulnerable to this issue.

All users of CUPS should upgrade to these erratum packages which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
cups-1.1.17-13.3.29.src.rpm
File outdated by:  RHSA-2010:0754
    MD5: 81c72be8ece7d629a9a73ffa32916c41
 
IA-32:
cups-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36bdfb6c6aa5eb58d5fe41b457ac7361
cups-devel-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 72307b7ee7bba211a5546a28362ac2a6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
 
x86_64:
cups-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a692e1999e3ee1a95f3053d894675100
cups-devel-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f56302afb665afafcf61577a31bb1d6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 56379591a637d0085b0838e0d97f0111
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
cups-1.1.17-13.3.29.src.rpm
File outdated by:  RHSA-2010:0754
    MD5: 81c72be8ece7d629a9a73ffa32916c41
 
IA-32:
cups-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36bdfb6c6aa5eb58d5fe41b457ac7361
cups-devel-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 72307b7ee7bba211a5546a28362ac2a6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
 
IA-64:
cups-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36d374d2e1abacc34ce965750541626b
cups-devel-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f3441b9e9879be1087bcd0607b1ab66
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a96ac4679c8b522d5433f23fade03f07
 
PPC:
cups-1.1.17-13.3.29.ppc.rpm
File outdated by:  RHSA-2010:0754
    MD5: 86f8571af07d8d5fa479ed729a13af37
cups-devel-1.1.17-13.3.29.ppc.rpm
File outdated by:  RHSA-2010:0754
    MD5: ff62e1f6ae117e1db87a4299a4bd33a9
cups-libs-1.1.17-13.3.29.ppc.rpm
File outdated by:  RHSA-2010:0754
    MD5: 6e334775b2dbb8c09c25e011cb69cba4
cups-libs-1.1.17-13.3.29.ppc64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 9f23a140336a37a76bf6a9dbcbcdb9ff
 
s390:
cups-1.1.17-13.3.29.s390.rpm
File outdated by:  RHSA-2010:0754
    MD5: 54d08a23a20b825b5c0c1e59ea0fe54b
cups-devel-1.1.17-13.3.29.s390.rpm
File outdated by:  RHSA-2010:0754
    MD5: eb62a6ea4f287a6eab9a0157f909e9e4
cups-libs-1.1.17-13.3.29.s390.rpm
File outdated by:  RHSA-2010:0754
    MD5: e067385a2f2e9ab235bd9f98943626c7
 
s390x:
cups-1.1.17-13.3.29.s390x.rpm
File outdated by:  RHSA-2010:0754
    MD5: d400e53066c2c831ae85155c9b8b0de0
cups-devel-1.1.17-13.3.29.s390x.rpm
File outdated by:  RHSA-2010:0754
    MD5: e3c00601315da00de3b8980a2c93aec8
cups-libs-1.1.17-13.3.29.s390.rpm
File outdated by:  RHSA-2010:0754
    MD5: e067385a2f2e9ab235bd9f98943626c7
cups-libs-1.1.17-13.3.29.s390x.rpm
File outdated by:  RHSA-2010:0754
    MD5: f6bb5b5be02c4acd32561a7a857c7eae
 
x86_64:
cups-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a692e1999e3ee1a95f3053d894675100
cups-devel-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f56302afb665afafcf61577a31bb1d6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 56379591a637d0085b0838e0d97f0111
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
cups-1.1.17-13.3.29.src.rpm
File outdated by:  RHSA-2010:0754
    MD5: 81c72be8ece7d629a9a73ffa32916c41
 
IA-32:
cups-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36bdfb6c6aa5eb58d5fe41b457ac7361
cups-devel-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 72307b7ee7bba211a5546a28362ac2a6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
 
IA-64:
cups-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36d374d2e1abacc34ce965750541626b
cups-devel-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f3441b9e9879be1087bcd0607b1ab66
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a96ac4679c8b522d5433f23fade03f07
 
x86_64:
cups-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a692e1999e3ee1a95f3053d894675100
cups-devel-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f56302afb665afafcf61577a31bb1d6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 56379591a637d0085b0838e0d97f0111
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
cups-1.1.17-13.3.29.src.rpm
File outdated by:  RHSA-2010:0754
    MD5: 81c72be8ece7d629a9a73ffa32916c41
 
IA-32:
cups-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36bdfb6c6aa5eb58d5fe41b457ac7361
cups-devel-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 72307b7ee7bba211a5546a28362ac2a6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
 
IA-64:
cups-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 36d374d2e1abacc34ce965750541626b
cups-devel-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f3441b9e9879be1087bcd0607b1ab66
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.ia64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a96ac4679c8b522d5433f23fade03f07
 
x86_64:
cups-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: a692e1999e3ee1a95f3053d894675100
cups-devel-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 7f56302afb665afafcf61577a31bb1d6
cups-libs-1.1.17-13.3.29.i386.rpm
File outdated by:  RHSA-2010:0754
    MD5: 5dc46b9df27b30286b6604c6a1e6ee98
cups-libs-1.1.17-13.3.29.x86_64.rpm
File outdated by:  RHSA-2010:0754
    MD5: 56379591a637d0085b0838e0d97f0111
 

Bugs fixed (see bugzilla for more information)

162405 - CAN-2004-2154 <Location ...> directive is case-sensitive in cupsd.conf but should not


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/