Skip to navigation

Security Advisory Moderate: foomatic security update

Advisory: RHSA-2011:1110-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-01
Last updated on: 2011-08-01
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2964

Details

An updated foomatic package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in C.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the "lp" user. (CVE-2011-2964)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
foomatic-4.0.4-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:1084
    MD5: 26166420ec50ad6e2c1e3b331243de2f
SHA-256: c0ae205e3f5883d0be979309e8482b37d384872de7ba8f436a64065f9c859f15
 
IA-32:
foomatic-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 5068c40de5586128a7268fc88200faf4
SHA-256: 3b314c7718400faebc0aafd379469ebb34c77d41529a6400b816be51928bb858
foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 9698cf56c2210af4903faaf59c74827b
SHA-256: 2e1897d2df4c565e4dd89d24402371b3e6dcf51d285498895ad80c1792febf12
 
x86_64:
foomatic-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 20d173ac91da03bf6890c7cb2cfebe1e
SHA-256: 886e6fffa6d262e0459a4fe4199726b829ca04f2d0af101f9b70aeac554654d2
foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: f97594c6842ca26c027b2e04c48bde2e
SHA-256: 07d9758e3bebe7868824d4a8e996aa804a9c1ea0fd945829f5c081eaec8c834f
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
foomatic-4.0.4-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:1084
    MD5: 26166420ec50ad6e2c1e3b331243de2f
SHA-256: c0ae205e3f5883d0be979309e8482b37d384872de7ba8f436a64065f9c859f15
 
x86_64:
foomatic-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 20d173ac91da03bf6890c7cb2cfebe1e
SHA-256: 886e6fffa6d262e0459a4fe4199726b829ca04f2d0af101f9b70aeac554654d2
foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: f97594c6842ca26c027b2e04c48bde2e
SHA-256: 07d9758e3bebe7868824d4a8e996aa804a9c1ea0fd945829f5c081eaec8c834f
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
foomatic-4.0.4-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:1084
    MD5: 26166420ec50ad6e2c1e3b331243de2f
SHA-256: c0ae205e3f5883d0be979309e8482b37d384872de7ba8f436a64065f9c859f15
 
IA-32:
foomatic-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 5068c40de5586128a7268fc88200faf4
SHA-256: 3b314c7718400faebc0aafd379469ebb34c77d41529a6400b816be51928bb858
foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 9698cf56c2210af4903faaf59c74827b
SHA-256: 2e1897d2df4c565e4dd89d24402371b3e6dcf51d285498895ad80c1792febf12
 
PPC:
foomatic-4.0.4-1.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 7f183944173c23aa220e29e6ca4df7a9
SHA-256: 010d90215bdf78b669fe811c23466844c5104b8064a07dca1492eba7571ab341
foomatic-debuginfo-4.0.4-1.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 4d9f751c7a7c5bee1a7c65c44f99badc
SHA-256: ddb6b70a9c4b4917e6af454dd379aa5bf1399746070055bb1ec80e48a972d4be
 
s390x:
foomatic-4.0.4-1.el6_1.1.s390x.rpm
File outdated by:  RHBA-2013:1084
    MD5: 3a829815ae930d63e01fb763a7f59c61
SHA-256: 8ab7c0a6122b2a42e22d37bf5722dc3dccb60775eff5663a3ba8ebf2f1dba70e
foomatic-debuginfo-4.0.4-1.el6_1.1.s390x.rpm
File outdated by:  RHBA-2013:1084
    MD5: 9d2442eb9bce1634dd8d055d3fc872f2
SHA-256: d6e01463a84169a4435cfc872755c5d4498c3d1ea0b8ec8e5ae133a4741962ac
 
x86_64:
foomatic-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 20d173ac91da03bf6890c7cb2cfebe1e
SHA-256: 886e6fffa6d262e0459a4fe4199726b829ca04f2d0af101f9b70aeac554654d2
foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: f97594c6842ca26c027b2e04c48bde2e
SHA-256: 07d9758e3bebe7868824d4a8e996aa804a9c1ea0fd945829f5c081eaec8c834f
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
foomatic-4.0.4-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:1084
    MD5: 26166420ec50ad6e2c1e3b331243de2f
SHA-256: c0ae205e3f5883d0be979309e8482b37d384872de7ba8f436a64065f9c859f15
 
IA-32:
foomatic-4.0.4-1.el6_1.1.i686.rpm     MD5: 5068c40de5586128a7268fc88200faf4
SHA-256: 3b314c7718400faebc0aafd379469ebb34c77d41529a6400b816be51928bb858
foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm     MD5: 9698cf56c2210af4903faaf59c74827b
SHA-256: 2e1897d2df4c565e4dd89d24402371b3e6dcf51d285498895ad80c1792febf12
 
PPC:
foomatic-4.0.4-1.el6_1.1.ppc64.rpm     MD5: 7f183944173c23aa220e29e6ca4df7a9
SHA-256: 010d90215bdf78b669fe811c23466844c5104b8064a07dca1492eba7571ab341
foomatic-debuginfo-4.0.4-1.el6_1.1.ppc64.rpm     MD5: 4d9f751c7a7c5bee1a7c65c44f99badc
SHA-256: ddb6b70a9c4b4917e6af454dd379aa5bf1399746070055bb1ec80e48a972d4be
 
s390x:
foomatic-4.0.4-1.el6_1.1.s390x.rpm     MD5: 3a829815ae930d63e01fb763a7f59c61
SHA-256: 8ab7c0a6122b2a42e22d37bf5722dc3dccb60775eff5663a3ba8ebf2f1dba70e
foomatic-debuginfo-4.0.4-1.el6_1.1.s390x.rpm     MD5: 9d2442eb9bce1634dd8d055d3fc872f2
SHA-256: d6e01463a84169a4435cfc872755c5d4498c3d1ea0b8ec8e5ae133a4741962ac
 
x86_64:
foomatic-4.0.4-1.el6_1.1.x86_64.rpm     MD5: 20d173ac91da03bf6890c7cb2cfebe1e
SHA-256: 886e6fffa6d262e0459a4fe4199726b829ca04f2d0af101f9b70aeac554654d2
foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm     MD5: f97594c6842ca26c027b2e04c48bde2e
SHA-256: 07d9758e3bebe7868824d4a8e996aa804a9c1ea0fd945829f5c081eaec8c834f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
foomatic-4.0.4-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:1084
    MD5: 26166420ec50ad6e2c1e3b331243de2f
SHA-256: c0ae205e3f5883d0be979309e8482b37d384872de7ba8f436a64065f9c859f15
 
IA-32:
foomatic-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 5068c40de5586128a7268fc88200faf4
SHA-256: 3b314c7718400faebc0aafd379469ebb34c77d41529a6400b816be51928bb858
foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:1084
    MD5: 9698cf56c2210af4903faaf59c74827b
SHA-256: 2e1897d2df4c565e4dd89d24402371b3e6dcf51d285498895ad80c1792febf12
 
x86_64:
foomatic-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: 20d173ac91da03bf6890c7cb2cfebe1e
SHA-256: 886e6fffa6d262e0459a4fe4199726b829ca04f2d0af101f9b70aeac554654d2
foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:1084
    MD5: f97594c6842ca26c027b2e04c48bde2e
SHA-256: 07d9758e3bebe7868824d4a8e996aa804a9c1ea0fd945829f5c081eaec8c834f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

727016 - CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/