Skip to navigation

Security Advisory Low: cups security and bug fix update

Advisory: RHSA-2012:0302-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-2896

Details

Updated cups packages that fix one security issue and various bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for Linux, UNIX, and similar operating systems.

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)
decompression algorithm implementation used by the CUPS GIF image format
reader. An attacker could create a malicious GIF image file that, when
printed, could possibly cause CUPS to crash or, potentially, execute
arbitrary code with the privileges of the "lp" user. (CVE-2011-2896)

This update also fixes the following bugs:

* Prior to this update, the "Show Completed Jobs," "Show All Jobs," and
"Show Active Jobs" buttons returned results globally across all printers
and not the results for the specified printer. With this update, jobs from
only the selected printer are shown. (BZ#625900)

* Prior to this update, the code of the serial backend contained a wrong
condition. As a consequence, print jobs on the raw print queue could not be
canceled. This update modifies the condition in the serial backend code.
Now, the user can cancel these print jobs. (BZ#625955)

* Prior to this update, the textonly filter did not work if used as a pipe,
for example when the command line did not specify the filename and the
number of copies was always 1. This update modifies the condition in the
textonly filter. Now, the data are sent to the printer regardless of the
number of copies specified. (BZ#660518)

* Prior to this update, the file descriptor count increased until it ran
out of resources when the cups daemon was running with enabled
Security-Enhanced Linux (SELinux) features. With this update, all resources
are allocated only once. (BZ#668009)

* Prior to this update, CUPS incorrectly handled the en_US.ASCII value for
the LANG environment variable. As a consequence, the lpadmin, lpstat, and
lpinfo binaries failed to write to standard output if using LANG with the
value. This update fixes the handling of the en_US.ASCII value and the
binaries now write to standard output properly. (BZ#759081)

All users of cups are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the cupsd daemon will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
cups-1.3.7-30.el5.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 562e9af262c3c6bf54f0437cd137bca7
SHA-256: 5b16443150c81fcaa1636b402d4b8d607d8e822eda403c7da9b247f4ef23b538
 
IA-32:
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-devel-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1d8cfb8212395fa0681be9d269e9fe94
SHA-256: 0a6683450fa775d93872826afbbd75478a232fbbf617645d9e7e38b1b77b850d
 
x86_64:
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 85c1f979c51011ecbef7c43a03160be0
SHA-256: 869049dfc494c839532ad94486c9eaaa248df4b28474b5aa7ff10c898c2c431d
cups-devel-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1d8cfb8212395fa0681be9d269e9fe94
SHA-256: 0a6683450fa775d93872826afbbd75478a232fbbf617645d9e7e38b1b77b850d
cups-devel-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: fc51d7d3c252b4c41d14bf87fdb4cada
SHA-256: 8838b5fa582bf606a2287be73057c45bbecfe0cc0aed6630f77a9c48bc74dd64
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cups-1.3.7-30.el5.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 562e9af262c3c6bf54f0437cd137bca7
SHA-256: 5b16443150c81fcaa1636b402d4b8d607d8e822eda403c7da9b247f4ef23b538
 
IA-32:
cups-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: f25c9f9582b992087852e41c103f3c06
SHA-256: 8132f3fd956f508e38e6ba52bff2ecbd5df68fd8607997cc9b9da7f068df2580
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-devel-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1d8cfb8212395fa0681be9d269e9fe94
SHA-256: 0a6683450fa775d93872826afbbd75478a232fbbf617645d9e7e38b1b77b850d
cups-libs-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4451a6f2e492e2c35dbbecb148160af7
SHA-256: 73a6ab1544aa2e72bb172196e3fc13f8283cbfd0b0c9f5000da7d8383c400cb1
cups-lpd-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 9981cd88cbb391b9e8151f627409551c
SHA-256: c71d482d8d209155db3a77c7a4aa386241086cdefce4eee6c47c652b0c2068d3
 
IA-64:
cups-1.3.7-30.el5.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 33b968335a4bbd4367a1c13404907d05
SHA-256: e04aaa696e4e63afe20f6db4184f72720250c52b8eabdfc4f4ea6fe3bcae5b70
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-debuginfo-1.3.7-30.el5.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 0a212b949c8bf0f09de6eb0a71974219
SHA-256: c60aae12316bfd6901b0fd751d8d26b9b4ac68cf43101ff5b44ae4e2c0955b1d
cups-devel-1.3.7-30.el5.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 186ea6aa666b851e21ccfabe7c75c232
SHA-256: 18e9da36e9b23a58a203c5001441ddad1c1bedad00059f3cda812f638eaeb64d
cups-libs-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4451a6f2e492e2c35dbbecb148160af7
SHA-256: 73a6ab1544aa2e72bb172196e3fc13f8283cbfd0b0c9f5000da7d8383c400cb1
cups-libs-1.3.7-30.el5.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: adf63ad6dba30d2e4ccced659ced8aa3
SHA-256: 1cc2732f4ad680f92a4ba0fed2caa4f29ae203a959edfdbb905f7234767d6a31
cups-lpd-1.3.7-30.el5.ia64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4deda07afb28e83fff7d6b3b5ca6c326
SHA-256: acdae663e66e8ec16c71f435ad9b6ef0aed36064c49c8102541e95a67505cb41
 
PPC:
cups-1.3.7-30.el5.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1109697faf186774d33e6ca0932b7272
SHA-256: 2daf35738807ccf00e33881e936a0944f163cf7cafbd1bc9d4c5a8d5803ced2f
cups-debuginfo-1.3.7-30.el5.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 103e5fd013527a77e5af47882d9312a9
SHA-256: 09c7fa1c13e6c16a3b07a159c154f6176c62f472b9480726af2b8ef92948f1c5
cups-debuginfo-1.3.7-30.el5.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 62dadeaeb38e88ce9156f4245e198a6f
SHA-256: 13a24c3ef9dfde9eb6f098bf7adccb842c0d8c436afb92521c25a704e7f263f2
cups-devel-1.3.7-30.el5.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: e77c5b675be7661705a58c04d60186e6
SHA-256: 9f93e3cd2cdf90c8c6bfb54628e022a14474513140edeece44945e75491eecc8
cups-devel-1.3.7-30.el5.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: f683ecf0b9cf0f10d6b88e1130fb9e36
SHA-256: 7e9a0a9cafe0e8b590542c97b4ad4c9fa0e57d094c203655e420c97c477ddc38
cups-libs-1.3.7-30.el5.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 2fb8e9a0b370730e9ff86b91eb75fb4c
SHA-256: 36330f727bf85e03bba393f57c4ba2493d1d3400323a43e5ef7a194f855d6aad
cups-libs-1.3.7-30.el5.ppc64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 5a21c3fee9311d2f3257986f1f6fa24b
SHA-256: e9f99a3dd6f697ffdaa56304616ee8cae45c9e18e68d9ecdc28236c3faf85751
cups-lpd-1.3.7-30.el5.ppc.rpm
File outdated by:  RHSA-2013:0580
    MD5: 2a238d1fb0fa2e08b9dd56f877f47380
SHA-256: c23a079d98d8dba1c6756c285a6d238bd81695bb5a92dea090f2a78318b4b57c
 
s390x:
cups-1.3.7-30.el5.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 9ebee057c9c13a6d36e25b000e5cd649
SHA-256: 78d9eaca8bd36c3c915c661ae9823ef02cbee57cf09a6908b2686059c658e6d3
cups-debuginfo-1.3.7-30.el5.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: 5ffd9dd4cafc48318dcbdac332b45dd2
SHA-256: 3b4432eb2caddf9b65cb6cf43136c5e04ce6293ac9117e78b0ac36b834024192
cups-debuginfo-1.3.7-30.el5.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 8249a0efe2f2a0b039b07b5d13699abb
SHA-256: 88e1100cd640ef8bafd6ba21fa91a37c9c6505030d11c607f5dc53adf75f1864
cups-devel-1.3.7-30.el5.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: 085750af77d163667a9d130658e20525
SHA-256: 77f4105872d5aad8cf9d79789966ef756d2bc10cec34b5436bac4a987dd2d7e9
cups-devel-1.3.7-30.el5.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 2f1496c51c275a47c3926e555cdbc6ef
SHA-256: 530ad485c5c864b67ec968b8a8d5e2592b373e8d25f460cee0f5daf21e52235c
cups-libs-1.3.7-30.el5.s390.rpm
File outdated by:  RHSA-2013:0580
    MD5: d2b8af24011913f65cadb2ccde306a7a
SHA-256: d434ba5bd656e6afb2b2f94623de3ea26586ffb6940cc2ed93e02c21e579baae
cups-libs-1.3.7-30.el5.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 21ab4fe321e1c43d1f8eb0498f152509
SHA-256: b4266fbf1c0d1d57e3c83085748ba046f3e9f5e86d7937287234188311c8ef25
cups-lpd-1.3.7-30.el5.s390x.rpm
File outdated by:  RHSA-2013:0580
    MD5: 212254338778d838d6ca821415acfa97
SHA-256: c4ef26b06d3377c2011016f2e5773b9266dcb56e1f8b6fdff057a47f1e03342a
 
x86_64:
cups-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 3c750184c1a22cdf7ae2a7a8a299bcd2
SHA-256: 3103be27734878fb6e22ef0816e2966c4e0dcd5acb650e838056c9afd5368da8
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 85c1f979c51011ecbef7c43a03160be0
SHA-256: 869049dfc494c839532ad94486c9eaaa248df4b28474b5aa7ff10c898c2c431d
cups-devel-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1d8cfb8212395fa0681be9d269e9fe94
SHA-256: 0a6683450fa775d93872826afbbd75478a232fbbf617645d9e7e38b1b77b850d
cups-devel-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: fc51d7d3c252b4c41d14bf87fdb4cada
SHA-256: 8838b5fa582bf606a2287be73057c45bbecfe0cc0aed6630f77a9c48bc74dd64
cups-libs-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4451a6f2e492e2c35dbbecb148160af7
SHA-256: 73a6ab1544aa2e72bb172196e3fc13f8283cbfd0b0c9f5000da7d8383c400cb1
cups-libs-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 007c34faf5b30963f95c80b2468e535b
SHA-256: c52181bae7dcbccc922cd6fd5ab3085294c8623c2d7a6cbcbe27be6fc6154a96
cups-lpd-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1a9c29acca4c2802a7879aefe891a863
SHA-256: 680b8dedefff24eecd094f6cb6bb885f6e5b2e7b82b3321faad7381f1c4fc9f5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
cups-1.3.7-30.el5.src.rpm
File outdated by:  RHSA-2013:0580
    MD5: 562e9af262c3c6bf54f0437cd137bca7
SHA-256: 5b16443150c81fcaa1636b402d4b8d607d8e822eda403c7da9b247f4ef23b538
 
IA-32:
cups-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: f25c9f9582b992087852e41c103f3c06
SHA-256: 8132f3fd956f508e38e6ba52bff2ecbd5df68fd8607997cc9b9da7f068df2580
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-libs-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4451a6f2e492e2c35dbbecb148160af7
SHA-256: 73a6ab1544aa2e72bb172196e3fc13f8283cbfd0b0c9f5000da7d8383c400cb1
cups-lpd-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 9981cd88cbb391b9e8151f627409551c
SHA-256: c71d482d8d209155db3a77c7a4aa386241086cdefce4eee6c47c652b0c2068d3
 
x86_64:
cups-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 3c750184c1a22cdf7ae2a7a8a299bcd2
SHA-256: 3103be27734878fb6e22ef0816e2966c4e0dcd5acb650e838056c9afd5368da8
cups-debuginfo-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: c3375a89b16a232ff7af42f198dfaa5d
SHA-256: bb7cbc64e5962c430210dbbd5507c9a2d984ff6f840d2fc0fcbd489622233c5b
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 85c1f979c51011ecbef7c43a03160be0
SHA-256: 869049dfc494c839532ad94486c9eaaa248df4b28474b5aa7ff10c898c2c431d
cups-libs-1.3.7-30.el5.i386.rpm
File outdated by:  RHSA-2013:0580
    MD5: 4451a6f2e492e2c35dbbecb148160af7
SHA-256: 73a6ab1544aa2e72bb172196e3fc13f8283cbfd0b0c9f5000da7d8383c400cb1
cups-libs-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 007c34faf5b30963f95c80b2468e535b
SHA-256: c52181bae7dcbccc922cd6fd5ab3085294c8623c2d7a6cbcbe27be6fc6154a96
cups-lpd-1.3.7-30.el5.x86_64.rpm
File outdated by:  RHSA-2013:0580
    MD5: 1a9c29acca4c2802a7879aefe891a863
SHA-256: 680b8dedefff24eecd094f6cb6bb885f6e5b2e7b82b3321faad7381f1c4fc9f5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

625900 - STR #3436: Jobs buttons not working correctly when viewing a specific printer
625955 - Serial back end has inverted SIGTERM block
660518 - textonly filter won't work as a pipe with copies=1
668009 - avc calls leak file descriptors
727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/