---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated CUPS packages fix security issues
Advisory ID:       RHSA-2004:543-01
Issue date:        2004-10-22
Updated on:        2004-10-22
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2004:449
CVE Names:         CAN-2004-0888 CAN-2004-0923
---------------------------------------------------------------------

1. Summary:

Updated cups packages that fix denial of service issues, a security
information leak, as well as other various bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) is a print spooler.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf.  CUPS contains a copy of the xpdf code used
for parsing PDF files and is therefore affected by these bugs.  An attacker
who has the ability to send a malicious PDF file to a printer could cause
CUPS to crash or possibly execute arbitrary code.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would authenticate
with that shared printer using a username and password.  By default, the
username and password used to connect to the Samba share is written
into the error log file.  A local user who is able to read the error log
file could collect these usernames and passwords.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0923 to this issue.

These updated packages also include a fix that prevents some CUPS
configuration files from being accidentally replaced.

All users of CUPS should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

99461 - cups configuration
132034 - mime.types was updated - not copied to mime.types.rpmnew
134599 - CAN-2004-0923 Log file information disclosure
135378 - CAN-2004-0888 xpdf issues affect cups

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 

5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm
15cc19fff26090f2ac2a3ae9fe8edade  cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm
e6eac12d4a04cc3f2f78d5bcf04b3225  cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ppc:
e6c4b39d457d9b9877fe95b6fe1dbec4  cups-1.1.17-13.3.16.ppc.rpm
d7a9f13c7cc6c53322c66548ad8c76de  cups-devel-1.1.17-13.3.16.ppc.rpm
1c0013991559da5dcdff753e0fa29fed  cups-libs-1.1.17-13.3.16.ppc.rpm

ppc64:
2d58c7b4af3581b720c315d4acc88caa  cups-libs-1.1.17-13.3.16.ppc64.rpm

s390:
3f8e4d1f0acb1e63cacb04a31d33be7e  cups-1.1.17-13.3.16.s390.rpm
9f65609293cab71c27bab23b4766e376  cups-devel-1.1.17-13.3.16.s390.rpm
9b3323c103753b3c97ac6543f73113f1  cups-libs-1.1.17-13.3.16.s390.rpm

s390x:
9276fbed4537149de825126e43165244  cups-1.1.17-13.3.16.s390x.rpm
276335bb8d2b6b204ce69c478d708f85  cups-devel-1.1.17-13.3.16.s390x.rpm
56bedea0c9cbabdc50d2f4a1fdf63389  cups-libs-1.1.17-13.3.16.s390x.rpm
9b3323c103753b3c97ac6543f73113f1  cups-libs-1.1.17-13.3.16.s390.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm
351a15fe066f9650c293d91d5edca0d8  cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Desktop version 3:

SRPMS: 

5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm
15cc19fff26090f2ac2a3ae9fe8edade  cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm
351a15fe066f9650c293d91d5edca0d8  cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm
15cc19fff26090f2ac2a3ae9fe8edade  cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm
e6eac12d4a04cc3f2f78d5bcf04b3225  cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm
351a15fe066f9650c293d91d5edca0d8  cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm
15cc19fff26090f2ac2a3ae9fe8edade  cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm
e6eac12d4a04cc3f2f78d5bcf04b3225  cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm
351a15fe066f9650c293d91d5edca0d8  cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

7. References:
 
CVE -CVE-2004-0888 
CVE -CVE-2004-0923

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: CUPS security issues fix

Updated cups packages that fix denial of service issues, a security information leak, as well as other various bugs are now available.

Summary



Summary

The Common UNIX Printing System (CUPS) is a print spooler.During a source code audit, Chris Evans discovered a number of integeroverflow bugs that affect xpdf. CUPS contains a copy of the xpdf code usedfor parsing PDF files and is therefore affected by these bugs. An attackerwho has the ability to send a malicious PDF file to a printer could causeCUPS to crash or possibly execute arbitrary code. The CommonVulnerabilities and Exposures project (cve.mitre.org) has assigned the nameCAN-2004-0888 to this issue.When set up to print to a shared printer via Samba, CUPS would authenticatewith that shared printer using a username and password. By default, theusername and password used to connect to the Samba share is writteninto the error log file. A local user who is able to read the error logfile could collect these usernames and passwords. The CommonVulnerabilities and Exposures project (cve.mitre.org) has assigned the nameCAN-2004-0923 to this issue.These updated packages also include a fix that prevents some CUPSconfiguration files from being accidentally replaced.All users of CUPS should upgrade to these updated packages, whichresolve these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
99461 - cups configuration 132034 - mime.types was updated - not copied to mime.types.rpmnew 134599 - CAN-2004-0923 Log file information disclosure 135378 - CAN-2004-0888 xpdf issues affect cups
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm
i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
ppc: e6c4b39d457d9b9877fe95b6fe1dbec4 cups-1.1.17-13.3.16.ppc.rpm d7a9f13c7cc6c53322c66548ad8c76de cups-devel-1.1.17-13.3.16.ppc.rpm 1c0013991559da5dcdff753e0fa29fed cups-libs-1.1.17-13.3.16.ppc.rpm
ppc64: 2d58c7b4af3581b720c315d4acc88caa cups-libs-1.1.17-13.3.16.ppc64.rpm
s390: 3f8e4d1f0acb1e63cacb04a31d33be7e cups-1.1.17-13.3.16.s390.rpm 9f65609293cab71c27bab23b4766e376 cups-devel-1.1.17-13.3.16.s390.rpm 9b3323c103753b3c97ac6543f73113f1 cups-libs-1.1.17-13.3.16.s390.rpm
s390x: 9276fbed4537149de825126e43165244 cups-1.1.17-13.3.16.s390x.rpm 276335bb8d2b6b204ce69c478d708f85 cups-devel-1.1.17-13.3.16.s390x.rpm 56bedea0c9cbabdc50d2f4a1fdf63389 cups-libs-1.1.17-13.3.16.s390x.rpm 9b3323c103753b3c97ac6543f73113f1 cups-libs-1.1.17-13.3.16.s390.rpm
x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
Red Hat Desktop version 3:
SRPMS:
5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm
i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm
i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm
i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

CVE -CVE-2004-0888 CVE -CVE-2004-0923

Package List


Severity
Advisory ID: RHSA-2004:543-01
Issued Date: : 2004-10-22
Updated on: 2004-10-22
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:449
CVE Names: CAN-2004-0888 CAN-2004-0923

Topic

Updated cups packages that fix denial of service issues, a securityinformation leak, as well as other various bugs are now available.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved