LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: cups security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: cups security update
Advisory ID:       RHSA-2007:1022-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1022.html
Issue date:        2007-11-07
Updated on:        2007-11-07
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4045 CVE-2007-4351 CVE-2007-4352 
                   CVE-2007-5392 CVE-2007-5393 
- ---------------------------------------------------------------------

1. Summary:

Updated cups packages that fix several security issues are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags.
A remote attacker who is able to connect to the IPP TCP port could send a
malicious request causing the CUPS daemon to crash. (CVE-2007-4351)

A flaw was found in the way CUPS handled SSL negotiation. A remote attacker
capable of connecting to the CUPS daemon could cause CUPS to crash.
(CVE-2007-4045)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

250161 - CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service
345091 - CVE-2007-4351 cups boundary error
345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm
87d4f1fd6ca6b148140870504f0257b2  cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386:
0b2dd80ca58b7fcc5ad84f8e1ecd0e81  cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
5c00544011bb0dacb4e41e79104d0f0e  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64:
d16b549b7db56a64bcfb1b84d93a4c05  cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
3c974d7e4ad72415a93b6e4f663e8982  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
8509e970c0d5775aeed6b63052d2b236  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
0a90a78354eaabe482197beee1252b65  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

ppc:
0d960f2f76cbf3cbf66cb8ba709a6cdc  cups-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm
9e4663850f766c1eb7436a481ec35e27  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm
db85f6fc99d3c8e0664886b806bc3831  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ppc64.rpm
db613329c8d17b9768fb036d823a02e9  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm
2156b4fa59f3707f3109f0459486cd81  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm
8c37e553d1f4ec9eef4deb92c48247ac  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ppc64.rpm

s390:
591d99417d2ca16cdc119bca9389800b  cups-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm
37a5965ac05d2cddbd779e200810c7ae  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm
0ba3a1ca70208f3c0659e2439a0a3d67  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm
aa7ac1b0d5cde56f20aacec0cf1d5d3c  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm

s390x:
dbc10680046467c823e05ac2724fae50  cups-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm
37a5965ac05d2cddbd779e200810c7ae  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm
4eabb8e617b4b7f40b1ea9957f048c25  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm
a02e3c07a980aa7d59efa690c2dd798d  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm
aa7ac1b0d5cde56f20aacec0cf1d5d3c  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm
ff9d62f4e7b4b3065498ca63f084f71c  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm

x86_64:
d4c61974402d4a95ad77bf1eb837350f  cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
7f21cd350f2242a960c0736ddff82517  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
7bff3f38344be659b135fae842303ae0  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
d328339cf064b6c33a12077ed94c506d  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm
87d4f1fd6ca6b148140870504f0257b2  cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386:
0b2dd80ca58b7fcc5ad84f8e1ecd0e81  cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
5c00544011bb0dacb4e41e79104d0f0e  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

x86_64:
d4c61974402d4a95ad77bf1eb837350f  cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
7f21cd350f2242a960c0736ddff82517  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
7bff3f38344be659b135fae842303ae0  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
d328339cf064b6c33a12077ed94c506d  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm
87d4f1fd6ca6b148140870504f0257b2  cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386:
0b2dd80ca58b7fcc5ad84f8e1ecd0e81  cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
5c00544011bb0dacb4e41e79104d0f0e  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64:
d16b549b7db56a64bcfb1b84d93a4c05  cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
3c974d7e4ad72415a93b6e4f663e8982  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
8509e970c0d5775aeed6b63052d2b236  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
0a90a78354eaabe482197beee1252b65  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

x86_64:
d4c61974402d4a95ad77bf1eb837350f  cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
7f21cd350f2242a960c0736ddff82517  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
7bff3f38344be659b135fae842303ae0  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
d328339cf064b6c33a12077ed94c506d  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm
87d4f1fd6ca6b148140870504f0257b2  cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386:
0b2dd80ca58b7fcc5ad84f8e1ecd0e81  cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
5c00544011bb0dacb4e41e79104d0f0e  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64:
d16b549b7db56a64bcfb1b84d93a4c05  cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
3c974d7e4ad72415a93b6e4f663e8982  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
8509e970c0d5775aeed6b63052d2b236  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
0a90a78354eaabe482197beee1252b65  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

x86_64:
d4c61974402d4a95ad77bf1eb837350f  cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
a0144131175798c92f8f35465f37e115  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
7f21cd350f2242a960c0736ddff82517  cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
7bff3f38344be659b135fae842303ae0  cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
fced80c7c01ff6db29cbd090bc516b4f  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
d328339cf064b6c33a12077ed94c506d  cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.