Skip to navigation

Security Advisory Moderate: foomatic security update

Advisory: RHSA-2011:1109-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-01
Last updated on: 2011-08-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-2697

Details

An updated foomatic package that fixes one security issue is now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in Perl.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the "lp" user. (CVE-2011-2697)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
foomatic-3.0.2-38.3.el5_7.1.src.rpm     MD5: c2612002c61a7e3d3eaf7f0ef59c0df5
SHA-256: 03eea664758cbc2acf857d5eb03c6e0e5c0b7529b66fe899fb04d6303e30a058
 
IA-32:
foomatic-3.0.2-38.3.el5_7.1.i386.rpm     MD5: d11f683d0b3e2cda51d4e5643586c9b4
SHA-256: d420bbb6cc032ba604866ccf0cc018dc7681c0479ca2a99240787912496ca465
 
IA-64:
foomatic-3.0.2-38.3.el5_7.1.ia64.rpm     MD5: 9b35f1c0d89ae05a25016aa61a7be352
SHA-256: cdf9ad502f694281672c36b3076864464a7d5cb56fcb6a6e5109e1fe02c83588
 
PPC:
foomatic-3.0.2-38.3.el5_7.1.ppc.rpm     MD5: ab89a54e4cc45b00936ee78da80a9f11
SHA-256: 976c17690817efcb276a3ff12c9388b17cc87d2ec8a8e2454e5e7e36abe33735
 
s390x:
foomatic-3.0.2-38.3.el5_7.1.s390x.rpm     MD5: 83ecce5cb91c6b6098271e9818d531bc
SHA-256: 49bac4ea1651c01579ede159bf4c944bd94a422030f3d6e285a86670d92fde10
 
x86_64:
foomatic-3.0.2-38.3.el5_7.1.x86_64.rpm     MD5: 1a1696306996dffce98cc48283ab5b93
SHA-256: 8c7bb2f6a071e45d7253a5c736fa5b7b968328174bedb90052d529fff7508bb4
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
IA-64:
foomatic-3.0.2-3.2.el4.ia64.rpm     MD5: 114db90ae74818cef88c4170586df6fb
SHA-256: 0345a597ba0114317540d91dc400f062a13714834a346a2d392981cacb3f7bfd
 
PPC:
foomatic-3.0.2-3.2.el4.ppc.rpm     MD5: 357ae5b85cf5c8863176858d182e839d
SHA-256: 2d266065483b8f359454fa1094901828994fb3c3bb165987ed5a7f5a3138c602
 
s390:
foomatic-3.0.2-3.2.el4.s390.rpm     MD5: 834810fa89cef3b75c7ea9183859e447
SHA-256: ac10a87825c1ae89ad6221ef8ef2ed1ae6dacf3b2a243c2aabb06a827ac1f610
 
s390x:
foomatic-3.0.2-3.2.el4.s390x.rpm     MD5: d77182188cddc0aa5d8c2540760b8b37
SHA-256: c9fc4f133ba22a2b9c0e0a7c5cea1ac6fc5f6e045cb6d0791b24f31a275b467c
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
IA-64:
foomatic-3.0.2-3.2.el4.ia64.rpm     MD5: 114db90ae74818cef88c4170586df6fb
SHA-256: 0345a597ba0114317540d91dc400f062a13714834a346a2d392981cacb3f7bfd
 
PPC:
foomatic-3.0.2-3.2.el4.ppc.rpm     MD5: 357ae5b85cf5c8863176858d182e839d
SHA-256: 2d266065483b8f359454fa1094901828994fb3c3bb165987ed5a7f5a3138c602
 
s390:
foomatic-3.0.2-3.2.el4.s390.rpm     MD5: 834810fa89cef3b75c7ea9183859e447
SHA-256: ac10a87825c1ae89ad6221ef8ef2ed1ae6dacf3b2a243c2aabb06a827ac1f610
 
s390x:
foomatic-3.0.2-3.2.el4.s390x.rpm     MD5: d77182188cddc0aa5d8c2540760b8b37
SHA-256: c9fc4f133ba22a2b9c0e0a7c5cea1ac6fc5f6e045cb6d0791b24f31a275b467c
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
foomatic-3.0.2-38.3.el5_7.1.src.rpm     MD5: c2612002c61a7e3d3eaf7f0ef59c0df5
SHA-256: 03eea664758cbc2acf857d5eb03c6e0e5c0b7529b66fe899fb04d6303e30a058
 
IA-32:
foomatic-3.0.2-38.3.el5_7.1.i386.rpm     MD5: d11f683d0b3e2cda51d4e5643586c9b4
SHA-256: d420bbb6cc032ba604866ccf0cc018dc7681c0479ca2a99240787912496ca465
 
x86_64:
foomatic-3.0.2-38.3.el5_7.1.x86_64.rpm     MD5: 1a1696306996dffce98cc48283ab5b93
SHA-256: 8c7bb2f6a071e45d7253a5c736fa5b7b968328174bedb90052d529fff7508bb4
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
IA-64:
foomatic-3.0.2-3.2.el4.ia64.rpm     MD5: 114db90ae74818cef88c4170586df6fb
SHA-256: 0345a597ba0114317540d91dc400f062a13714834a346a2d392981cacb3f7bfd
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
IA-64:
foomatic-3.0.2-3.2.el4.ia64.rpm     MD5: 114db90ae74818cef88c4170586df6fb
SHA-256: 0345a597ba0114317540d91dc400f062a13714834a346a2d392981cacb3f7bfd
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
foomatic-3.0.2-3.2.el4.src.rpm     MD5: 5eaacbbe9abfa7ec76252f4257fdee4d
SHA-256: e88982f54130a025c35edb01f68e86adf0bb1a8708c07352709813096a9bdda2
 
IA-32:
foomatic-3.0.2-3.2.el4.i386.rpm     MD5: a24b0311f05fd905da54e8f65f87d1d3
SHA-256: c6ee240abfbf746f73cc2c930ce03abe7b9bac19ae1a62d11591525353bf7a47
 
IA-64:
foomatic-3.0.2-3.2.el4.ia64.rpm     MD5: 114db90ae74818cef88c4170586df6fb
SHA-256: 0345a597ba0114317540d91dc400f062a13714834a346a2d392981cacb3f7bfd
 
x86_64:
foomatic-3.0.2-3.2.el4.x86_64.rpm     MD5: 31c4df0146daced25af210bb83a579da
SHA-256: 24fb1270dee13a494536a3387532e13045de854d739d288a6127f4cb4831a521
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

721001 - CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/