LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: cups security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: cups security update
Advisory ID:       RHSA-2007:1021-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1021.html
Issue date:        2007-11-07
Updated on:        2007-11-07
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 
- ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed. 
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219  cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
0d1bc137688d648c1a6bb6d723d02131  cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b  cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84  cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc  cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd  cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b  cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff  cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27  cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219  cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c  cups-devel-1.2.4-11.14.el5_1.3.i386.rpm

x86_64:
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd  cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c  cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9  cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219  cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
0d1bc137688d648c1a6bb6d723d02131  cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c  cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b  cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84  cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

ia64:
6d6d5b2c9bb192c0221fab51ca406e54  cups-1.2.4-11.14.el5_1.3.ia64.rpm
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1fd9e56a67d23a794bfe4d6f92eb74ac  cups-debuginfo-1.2.4-11.14.el5_1.3.ia64.rpm
f8993c91631e1cb221053970359a15c3  cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b  cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
b563493fa5c9938711246df30849740e  cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm
fbeff7413bedcb74acd9691ffd34ec16  cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm

ppc:
568c33780523d8934fd44cb8b38572f7  cups-1.2.4-11.14.el5_1.3.ppc.rpm
89302dadc2de2e1fd067c1468244d9d4  cups-debuginfo-1.2.4-11.14.el5_1.3.ppc.rpm
b6eba796dede6c33f28887f142ec197b  cups-debuginfo-1.2.4-11.14.el5_1.3.ppc64.rpm
8f47bde999fd4a20fdd95df19aa4d348  cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm
904299c55e793be74463ed447d4c7912  cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm
e510688e304707cdc2e69fbb690c105a  cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm
a46a28e1dd83f550a8f90f76dd5de253  cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm
22240ec5fb56b681652830c602f6d3ac  cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm

s390x:
0600130d9ffbc51fefefe5363161f809  cups-1.2.4-11.14.el5_1.3.s390x.rpm
747bc08e1347512b1250f2065f33ec82  cups-debuginfo-1.2.4-11.14.el5_1.3.s390.rpm
3e9253116a2fc0990fd7fb8df3330c0e  cups-debuginfo-1.2.4-11.14.el5_1.3.s390x.rpm
205945b86014307d0351d958a3045bfd  cups-devel-1.2.4-11.14.el5_1.3.s390.rpm
4494cce4dc572b50d825343ec9b2cfc1  cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm
f58cff49807950fe15a0431d9c0eb0a4  cups-libs-1.2.4-11.14.el5_1.3.s390.rpm
5b1a7f99fb9a376ac9dd6001bfc2400e  cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm
8f41c8e4ad65b647974012e97e559050  cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm

x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc  cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba  cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd  cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c  cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9  cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b  cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff  cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27  cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.