- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: cups security update
Advisory ID:       RHSA-2005:571-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:571.html
Issue date:        2005-07-14
Updated on:        2005-07-14
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-2154
- ---------------------------------------------------------------------1. Summary:

Updated CUPS packages that fix a security issue are now available for Red
Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for
UNIX(R) operating systems.

When processing a request, the CUPS scheduler would use case-sensitive
matching on the queue name to decide which authorization policy should be
used.  However, queue names are not case-sensitive.  An unauthorized user
could print to a password-protected queue without needing a password.  The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-2154 to this issue.

Please note that the version of CUPS included in Red Hat Enterprise Linux 4
is not vulnerable to this issue.

All users of CUPS should upgrade to these erratum packages which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

162405 - CAN-2004-2154  directive is case-sensitive in cupsd.conf but should not


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
81c72be8ece7d629a9a73ffa32916c41  cups-1.1.17-13.3.29.src.rpm

i386:
36bdfb6c6aa5eb58d5fe41b457ac7361  cups-1.1.17-13.3.29.i386.rpm
72307b7ee7bba211a5546a28362ac2a6  cups-devel-1.1.17-13.3.29.i386.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm

ia64:
36d374d2e1abacc34ce965750541626b  cups-1.1.17-13.3.29.ia64.rpm
7f3441b9e9879be1087bcd0607b1ab66  cups-devel-1.1.17-13.3.29.ia64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
a96ac4679c8b522d5433f23fade03f07  cups-libs-1.1.17-13.3.29.ia64.rpm

ppc:
86f8571af07d8d5fa479ed729a13af37  cups-1.1.17-13.3.29.ppc.rpm
ff62e1f6ae117e1db87a4299a4bd33a9  cups-devel-1.1.17-13.3.29.ppc.rpm
6e334775b2dbb8c09c25e011cb69cba4  cups-libs-1.1.17-13.3.29.ppc.rpm
9f23a140336a37a76bf6a9dbcbcdb9ff  cups-libs-1.1.17-13.3.29.ppc64.rpm

s390:
54d08a23a20b825b5c0c1e59ea0fe54b  cups-1.1.17-13.3.29.s390.rpm
eb62a6ea4f287a6eab9a0157f909e9e4  cups-devel-1.1.17-13.3.29.s390.rpm
e067385a2f2e9ab235bd9f98943626c7  cups-libs-1.1.17-13.3.29.s390.rpm

s390x:
d400e53066c2c831ae85155c9b8b0de0  cups-1.1.17-13.3.29.s390x.rpm
e3c00601315da00de3b8980a2c93aec8  cups-devel-1.1.17-13.3.29.s390x.rpm
e067385a2f2e9ab235bd9f98943626c7  cups-libs-1.1.17-13.3.29.s390.rpm
f6bb5b5be02c4acd32561a7a857c7eae  cups-libs-1.1.17-13.3.29.s390x.rpm

x86_64:
a692e1999e3ee1a95f3053d894675100  cups-1.1.17-13.3.29.x86_64.rpm
7f56302afb665afafcf61577a31bb1d6  cups-devel-1.1.17-13.3.29.x86_64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
56379591a637d0085b0838e0d97f0111  cups-libs-1.1.17-13.3.29.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
81c72be8ece7d629a9a73ffa32916c41  cups-1.1.17-13.3.29.src.rpm

i386:
36bdfb6c6aa5eb58d5fe41b457ac7361  cups-1.1.17-13.3.29.i386.rpm
72307b7ee7bba211a5546a28362ac2a6  cups-devel-1.1.17-13.3.29.i386.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm

x86_64:
a692e1999e3ee1a95f3053d894675100  cups-1.1.17-13.3.29.x86_64.rpm
7f56302afb665afafcf61577a31bb1d6  cups-devel-1.1.17-13.3.29.x86_64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
56379591a637d0085b0838e0d97f0111  cups-libs-1.1.17-13.3.29.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
81c72be8ece7d629a9a73ffa32916c41  cups-1.1.17-13.3.29.src.rpm

i386:
36bdfb6c6aa5eb58d5fe41b457ac7361  cups-1.1.17-13.3.29.i386.rpm
72307b7ee7bba211a5546a28362ac2a6  cups-devel-1.1.17-13.3.29.i386.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm

ia64:
36d374d2e1abacc34ce965750541626b  cups-1.1.17-13.3.29.ia64.rpm
7f3441b9e9879be1087bcd0607b1ab66  cups-devel-1.1.17-13.3.29.ia64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
a96ac4679c8b522d5433f23fade03f07  cups-libs-1.1.17-13.3.29.ia64.rpm

x86_64:
a692e1999e3ee1a95f3053d894675100  cups-1.1.17-13.3.29.x86_64.rpm
7f56302afb665afafcf61577a31bb1d6  cups-devel-1.1.17-13.3.29.x86_64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
56379591a637d0085b0838e0d97f0111  cups-libs-1.1.17-13.3.29.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
81c72be8ece7d629a9a73ffa32916c41  cups-1.1.17-13.3.29.src.rpm

i386:
36bdfb6c6aa5eb58d5fe41b457ac7361  cups-1.1.17-13.3.29.i386.rpm
72307b7ee7bba211a5546a28362ac2a6  cups-devel-1.1.17-13.3.29.i386.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm

ia64:
36d374d2e1abacc34ce965750541626b  cups-1.1.17-13.3.29.ia64.rpm
7f3441b9e9879be1087bcd0607b1ab66  cups-devel-1.1.17-13.3.29.ia64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
a96ac4679c8b522d5433f23fade03f07  cups-libs-1.1.17-13.3.29.ia64.rpm

x86_64:
a692e1999e3ee1a95f3053d894675100  cups-1.1.17-13.3.29.x86_64.rpm
7f56302afb665afafcf61577a31bb1d6  cups-devel-1.1.17-13.3.29.x86_64.rpm
5dc46b9df27b30286b6604c6a1e6ee98  cups-libs-1.1.17-13.3.29.i386.rpm
56379591a637d0085b0838e0d97f0111  cups-libs-1.1.17-13.3.29.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: cups security update

Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Secu...

Summary



Summary

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
162405 - CAN-2004-2154 directive is case-sensitive in cupsd.conf but should not

6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: 81c72be8ece7d629a9a73ffa32916c41 cups-1.1.17-13.3.29.src.rpm
i386: 36bdfb6c6aa5eb58d5fe41b457ac7361 cups-1.1.17-13.3.29.i386.rpm 72307b7ee7bba211a5546a28362ac2a6 cups-devel-1.1.17-13.3.29.i386.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm
ia64: 36d374d2e1abacc34ce965750541626b cups-1.1.17-13.3.29.ia64.rpm 7f3441b9e9879be1087bcd0607b1ab66 cups-devel-1.1.17-13.3.29.ia64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm a96ac4679c8b522d5433f23fade03f07 cups-libs-1.1.17-13.3.29.ia64.rpm
ppc: 86f8571af07d8d5fa479ed729a13af37 cups-1.1.17-13.3.29.ppc.rpm ff62e1f6ae117e1db87a4299a4bd33a9 cups-devel-1.1.17-13.3.29.ppc.rpm 6e334775b2dbb8c09c25e011cb69cba4 cups-libs-1.1.17-13.3.29.ppc.rpm 9f23a140336a37a76bf6a9dbcbcdb9ff cups-libs-1.1.17-13.3.29.ppc64.rpm
s390: 54d08a23a20b825b5c0c1e59ea0fe54b cups-1.1.17-13.3.29.s390.rpm eb62a6ea4f287a6eab9a0157f909e9e4 cups-devel-1.1.17-13.3.29.s390.rpm e067385a2f2e9ab235bd9f98943626c7 cups-libs-1.1.17-13.3.29.s390.rpm
s390x: d400e53066c2c831ae85155c9b8b0de0 cups-1.1.17-13.3.29.s390x.rpm e3c00601315da00de3b8980a2c93aec8 cups-devel-1.1.17-13.3.29.s390x.rpm e067385a2f2e9ab235bd9f98943626c7 cups-libs-1.1.17-13.3.29.s390.rpm f6bb5b5be02c4acd32561a7a857c7eae cups-libs-1.1.17-13.3.29.s390x.rpm
x86_64: a692e1999e3ee1a95f3053d894675100 cups-1.1.17-13.3.29.x86_64.rpm 7f56302afb665afafcf61577a31bb1d6 cups-devel-1.1.17-13.3.29.x86_64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm 56379591a637d0085b0838e0d97f0111 cups-libs-1.1.17-13.3.29.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: 81c72be8ece7d629a9a73ffa32916c41 cups-1.1.17-13.3.29.src.rpm
i386: 36bdfb6c6aa5eb58d5fe41b457ac7361 cups-1.1.17-13.3.29.i386.rpm 72307b7ee7bba211a5546a28362ac2a6 cups-devel-1.1.17-13.3.29.i386.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm
x86_64: a692e1999e3ee1a95f3053d894675100 cups-1.1.17-13.3.29.x86_64.rpm 7f56302afb665afafcf61577a31bb1d6 cups-devel-1.1.17-13.3.29.x86_64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm 56379591a637d0085b0838e0d97f0111 cups-libs-1.1.17-13.3.29.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: 81c72be8ece7d629a9a73ffa32916c41 cups-1.1.17-13.3.29.src.rpm
i386: 36bdfb6c6aa5eb58d5fe41b457ac7361 cups-1.1.17-13.3.29.i386.rpm 72307b7ee7bba211a5546a28362ac2a6 cups-devel-1.1.17-13.3.29.i386.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm
ia64: 36d374d2e1abacc34ce965750541626b cups-1.1.17-13.3.29.ia64.rpm 7f3441b9e9879be1087bcd0607b1ab66 cups-devel-1.1.17-13.3.29.ia64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm a96ac4679c8b522d5433f23fade03f07 cups-libs-1.1.17-13.3.29.ia64.rpm
x86_64: a692e1999e3ee1a95f3053d894675100 cups-1.1.17-13.3.29.x86_64.rpm 7f56302afb665afafcf61577a31bb1d6 cups-devel-1.1.17-13.3.29.x86_64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm 56379591a637d0085b0838e0d97f0111 cups-libs-1.1.17-13.3.29.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: 81c72be8ece7d629a9a73ffa32916c41 cups-1.1.17-13.3.29.src.rpm
i386: 36bdfb6c6aa5eb58d5fe41b457ac7361 cups-1.1.17-13.3.29.i386.rpm 72307b7ee7bba211a5546a28362ac2a6 cups-devel-1.1.17-13.3.29.i386.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm
ia64: 36d374d2e1abacc34ce965750541626b cups-1.1.17-13.3.29.ia64.rpm 7f3441b9e9879be1087bcd0607b1ab66 cups-devel-1.1.17-13.3.29.ia64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm a96ac4679c8b522d5433f23fade03f07 cups-libs-1.1.17-13.3.29.ia64.rpm
x86_64: a692e1999e3ee1a95f3053d894675100 cups-1.1.17-13.3.29.x86_64.rpm 7f56302afb665afafcf61577a31bb1d6 cups-devel-1.1.17-13.3.29.x86_64.rpm 5dc46b9df27b30286b6604c6a1e6ee98 cups-libs-1.1.17-13.3.29.i386.rpm 56379591a637d0085b0838e0d97f0111 cups-libs-1.1.17-13.3.29.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154

Package List


Severity
Advisory ID: RHSA-2005:571-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:571.html
Issued Date: : 2005-07-14
Updated on: 2005-07-14
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-2154 Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved