Skip to navigation

Security Advisory Moderate: cups security update

Advisory: RHSA-2008:0192-8
Type: Security Advisory
Severity: Moderate
Issued on: 2008-04-01
Last updated on: 2008-04-01
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2008-0047
CVE-2008-0053
CVE-2008-1373

Details

Updated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A heap buffer overflow flaw was found in a CUPS administration interface
CGI script. A local attacker able to connect to the IPP port (TCP port 631)
could send a malicious request causing the script to crash or, potentially,
execute arbitrary code as the "lp" user. Please note: the default CUPS
configuration in Red Hat Enterprise Linux 5 does not allow remote
connections to the IPP TCP port. (CVE-2008-0047)

Red Hat would like to thank "regenrecht" for reporting this issue.

This issue did not affect the versions of CUPS as shipped with Red Hat
Enterprise Linux 3 or 4.

Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly execute
arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)

A buffer overflow flaw was discovered in the GIF decoding routines used by
CUPS image converting filters "imagetops" and "imagetoraster". An attacker
could create a malicious GIF file that could possibly execute arbitrary
code as the "lp" user if the file was printed. (CVE-2008-1373)

All cups users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
cups-1.2.4-11.14.el5_1.6.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 21ede6dd52dddf432b8c9bdf32e2b641
 
IA-32:
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
 
x86_64:
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: b297522283583ece05b3dff7a0e11227
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cups-1.2.4-11.14.el5_1.6.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 21ede6dd52dddf432b8c9bdf32e2b641
 
IA-32:
cups-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 5d45bcc926a231478e8d38404e2b8424
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8ca8863c89f4f6f6741f3a98332ef3d9
 
IA-64:
cups-1.2.4-11.14.el5_1.6.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: da2b311d7c6b27775ec172216640dd50
cups-devel-1.2.4-11.14.el5_1.6.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: d5d5c8b8014f9ddfc9796cd352a30ded
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-libs-1.2.4-11.14.el5_1.6.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 187f16a68c8ee0013ba7cfefbfff6e88
cups-lpd-1.2.4-11.14.el5_1.6.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 9cbbfe4b8d68597c5b3243231cc4fa1f
 
PPC:
cups-1.2.4-11.14.el5_1.6.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 6f6c919cbcc38f6c0b63f21f44f51dcd
cups-devel-1.2.4-11.14.el5_1.6.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: a8a3d27f09efc0dc1980ffab48f53bf8
cups-devel-1.2.4-11.14.el5_1.6.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 24b07dd07ed40c18e289a9dba3327dc7
cups-libs-1.2.4-11.14.el5_1.6.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4514d9c81696435ec029d135d3255999
cups-libs-1.2.4-11.14.el5_1.6.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 40346d17ecb694c5b9f7b18ec03af3c0
cups-lpd-1.2.4-11.14.el5_1.6.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8aae4474fa3285b13cd07f28caaab11c
 
s390x:
cups-1.2.4-11.14.el5_1.6.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 26950e32165b07b593b0af2e4933e5ba
cups-devel-1.2.4-11.14.el5_1.6.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: cebfbebf7a7c56d22e4116545c6f882f
cups-devel-1.2.4-11.14.el5_1.6.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 544440809e989660dc52bfdd8648188d
cups-libs-1.2.4-11.14.el5_1.6.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0afab2581d4494cb5287a1d68a3da357
cups-libs-1.2.4-11.14.el5_1.6.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: b10596ae8af4a1f9a840c33cfe44805c
cups-lpd-1.2.4-11.14.el5_1.6.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 65ce6a13cf9a3782eceadd9c1794f25b
 
x86_64:
cups-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: a9543f0ab8e5ef63f7f99b7ca09aedf6
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: b297522283583ece05b3dff7a0e11227
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 697cc37168b2ec51e4ab086fcee4f3c3
cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: bd7b8acc5fcff86de5fe5c1f4387ab19
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
cups-1.2.4-11.14.el5_1.6.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 21ede6dd52dddf432b8c9bdf32e2b641
 
IA-32:
cups-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 5d45bcc926a231478e8d38404e2b8424
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8ca8863c89f4f6f6741f3a98332ef3d9
 
x86_64:
cups-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: a9543f0ab8e5ef63f7f99b7ca09aedf6
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 697cc37168b2ec51e4ab086fcee4f3c3
cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: bd7b8acc5fcff86de5fe5c1f4387ab19
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
cups-1.2.4-11.14.el5_1.6.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 21ede6dd52dddf432b8c9bdf32e2b641
 
IA-32:
cups-1.2.4-11.14.el5_1.6.i386.rpm     MD5: 5d45bcc926a231478e8d38404e2b8424
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm     MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm     MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm     MD5: 8ca8863c89f4f6f6741f3a98332ef3d9
 
IA-64:
cups-1.2.4-11.14.el5_1.6.ia64.rpm     MD5: da2b311d7c6b27775ec172216640dd50
cups-devel-1.2.4-11.14.el5_1.6.ia64.rpm     MD5: d5d5c8b8014f9ddfc9796cd352a30ded
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm     MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-libs-1.2.4-11.14.el5_1.6.ia64.rpm     MD5: 187f16a68c8ee0013ba7cfefbfff6e88
cups-lpd-1.2.4-11.14.el5_1.6.ia64.rpm     MD5: 9cbbfe4b8d68597c5b3243231cc4fa1f
 
PPC:
cups-1.2.4-11.14.el5_1.6.ppc.rpm     MD5: 6f6c919cbcc38f6c0b63f21f44f51dcd
cups-devel-1.2.4-11.14.el5_1.6.ppc.rpm     MD5: a8a3d27f09efc0dc1980ffab48f53bf8
cups-devel-1.2.4-11.14.el5_1.6.ppc64.rpm     MD5: 24b07dd07ed40c18e289a9dba3327dc7
cups-libs-1.2.4-11.14.el5_1.6.ppc.rpm     MD5: 4514d9c81696435ec029d135d3255999
cups-libs-1.2.4-11.14.el5_1.6.ppc64.rpm     MD5: 40346d17ecb694c5b9f7b18ec03af3c0
cups-lpd-1.2.4-11.14.el5_1.6.ppc.rpm     MD5: 8aae4474fa3285b13cd07f28caaab11c
 
s390x:
cups-1.2.4-11.14.el5_1.6.s390x.rpm     MD5: 26950e32165b07b593b0af2e4933e5ba
cups-devel-1.2.4-11.14.el5_1.6.s390.rpm     MD5: cebfbebf7a7c56d22e4116545c6f882f
cups-devel-1.2.4-11.14.el5_1.6.s390x.rpm     MD5: 544440809e989660dc52bfdd8648188d
cups-libs-1.2.4-11.14.el5_1.6.s390.rpm     MD5: 0afab2581d4494cb5287a1d68a3da357
cups-libs-1.2.4-11.14.el5_1.6.s390x.rpm     MD5: b10596ae8af4a1f9a840c33cfe44805c
cups-lpd-1.2.4-11.14.el5_1.6.s390x.rpm     MD5: 65ce6a13cf9a3782eceadd9c1794f25b
 
x86_64:
cups-1.2.4-11.14.el5_1.6.x86_64.rpm     MD5: a9543f0ab8e5ef63f7f99b7ca09aedf6
cups-devel-1.2.4-11.14.el5_1.6.i386.rpm     MD5: ae558c8e4f2c6ab7fb1ba31f328bbb8f
cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm     MD5: b297522283583ece05b3dff7a0e11227
cups-libs-1.2.4-11.14.el5_1.6.i386.rpm     MD5: 8e64408ea46d9a7b8825c976bd15981d
cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm     MD5: 697cc37168b2ec51e4ab086fcee4f3c3
cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm     MD5: bd7b8acc5fcff86de5fe5c1f4387ab19
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

436153 - CVE-2008-0047 cups: heap based buffer overflow in cgiCompileSearch()
438117 - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
438303 - CVE-2008-1373 cups: overflow in gif image filter


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/