Skip to navigation

Security Advisory Important: cups security and bug fix update

Advisory: RHSA-2007:1020-3
Type: Security Advisory
Severity: Important
Issued on: 2007-10-31
Last updated on: 2007-10-31
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-4351

Details

Updated CUPS packages that fix a security issue in the Internet Printing
Protocol (IPP) handling and correct some bugs are now available for Red Hat
Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A flaw was found in the way CUPS handles certain Internet Printing Protocol
(IPP) tags. A remote attacker who is able to connect to the IPP TCP port
could send a malicious request causing the CUPS daemon to crash, or
potentially execute arbitrary code. Please note that the default CUPS
configuration does not allow remote hosts to connect to the IPP TCP port.
(CVE-2007-4351)

Red Hat would like to thank Alin Rad Pop for reporting this issue.

All CUPS users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

In addition, the following bugs were fixed:

* the CUPS service has been changed to start after sshd, to avoid causing
delays when logging in when the system is booted.

* the logrotate settings have been adjusted so they do not cause CUPS to
reload its configuration. This is to avoid re-printing the current job,
which could occur when it was a long-running job.

* a bug has been fixed in the handling of the If-Modified-Since: HTTP
header.

* in the LSPP configuration, labels for labeled jobs did not line-wrap.
This has been fixed.

* an access check in the LSPP configuration has been made more secure.

* the cups-lpd service no longer ignores the "-odocument-format=..."
option.

* a memory allocation bug has been fixed in cupsd.

* support for UNIX domain sockets authentication without passwords has been
added.

* in the LSPP configuration, a problem that could lead to cupsd crashing
has been fixed.

* the error handling in the initscript has been improved.

* The job-originating-host-name attribute was not correctly set for jobs
submitted via the cups-lpd service. This has been fixed.

* a problem with parsing IPv6 addresses in the configuration file has been
fixed.

* a problem that could lead to cupsd crashing when it failed to open a
"file:" URI has been fixed.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
cups-1.2.4-11.14.el5_1.1.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: d4024b6f80540a02718c91f739a8bf05
 
IA-32:
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4fe280e49d3dcf3c63fd54524390a09
 
x86_64:
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4fe280e49d3dcf3c63fd54524390a09
cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 263d1d22a7c9be2f4dbd0c8b43b80e2a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cups-1.2.4-11.14.el5_1.1.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: d4024b6f80540a02718c91f739a8bf05
 
IA-32:
cups-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 04105308f4089ea32df6a2d8bf540d5a
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4fe280e49d3dcf3c63fd54524390a09
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4e79e982cc21036b2848f6ded17ecdd
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0ad495e3b1565dcdf0f75eac2eb5e8a7
 
IA-64:
cups-1.2.4-11.14.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: af37a1ebfdf26598d5897bc9507e78f3
cups-devel-1.2.4-11.14.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 7ac227b7833556eedb6ecba08ba6bca8
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4e79e982cc21036b2848f6ded17ecdd
cups-libs-1.2.4-11.14.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 50caa7e5a1665b947b6d4ce812b4c082
cups-lpd-1.2.4-11.14.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 887f0418bc37a56c2d1ac8d718b5f8b2
 
PPC:
cups-1.2.4-11.14.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 6aa115515899f2ee4c7cea725a0ccabb
cups-devel-1.2.4-11.14.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 3655447b3b729453387439aa0aee91af
cups-devel-1.2.4-11.14.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: bd9683c6898cdecf1064bdf9237a26f6
cups-libs-1.2.4-11.14.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 55cf96a356456cc9c97260424a180e74
cups-libs-1.2.4-11.14.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 612f14d317b075c75b3ff6a879569a97
cups-lpd-1.2.4-11.14.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 9ee96feb5dd1cb42503decbdc776d521
 
s390x:
cups-1.2.4-11.14.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: cc0e592487e1443afe2632ce8132c200
cups-devel-1.2.4-11.14.el5_1.1.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: a4e18a2797c91483bffabefcb3bd257c
cups-devel-1.2.4-11.14.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 00fbb56f9d73eec63607ea20febfa616
cups-libs-1.2.4-11.14.el5_1.1.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: 754c8b7459b07318a7ee21e3947e0197
cups-libs-1.2.4-11.14.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 52ee99fe60dec2c85ef0489642ab5b6e
cups-lpd-1.2.4-11.14.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8779ba5c0746dad6c3899561b807b552
 
x86_64:
cups-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0a7fe3996a0c8ea2feb144fa07f76d98
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4fe280e49d3dcf3c63fd54524390a09
cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 263d1d22a7c9be2f4dbd0c8b43b80e2a
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4e79e982cc21036b2848f6ded17ecdd
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 056a430c4c1308c44c88441639e312b9
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: c9d27661f6732bda4ae0b30e8f0aa725
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
cups-1.2.4-11.14.el5_1.1.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: d4024b6f80540a02718c91f739a8bf05
 
IA-32:
cups-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 04105308f4089ea32df6a2d8bf540d5a
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4e79e982cc21036b2848f6ded17ecdd
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0ad495e3b1565dcdf0f75eac2eb5e8a7
 
x86_64:
cups-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0a7fe3996a0c8ea2feb144fa07f76d98
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: b4e79e982cc21036b2848f6ded17ecdd
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 056a430c4c1308c44c88441639e312b9
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: c9d27661f6732bda4ae0b30e8f0aa725
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

213828 - Cups starts as S55cups, before sshd
228107 - [LSPP] Labels for labeled printing don't linewrap
229673 - [LSPP] cups is overriding mls when querying jobs with lpq -al
230073 - cups-lpd : server-args has no effect
230613 - [LSPP] cups is allowing users to delete other user's job
231522 - [LSPP] cupsd crash
237953 - Wrong init script
240223 - cups-lpd doesn't set 'job-originating-host-name'
241400 - IPV6 addresses not accepted in "Allow From" directives
250415 - cupsd crashes when failing to open a file: URI
345091 - CVE-2007-4351 cups boundary error


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/