enterprise-watch-list November 2007 archive
Main Archive Page > Month Archives  > enterprise-watch-list archives
enterprise-watch-list: [RHSA-2007:1022-01] Important: cups secur

[RHSA-2007:1022-01] Important: cups security update

From: <bugzilla_at_nospam>
Date: Wed Nov 07 2007 - 18:00:19 GMT
To: enterprise-watch-list@redhat.com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

  • --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Important: cups security update Advisory ID: RHSA-2007:1022-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1022.html Issue date: 2007-11-07 Updated on: 2007-11-07 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4045 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 - ---------------------------------------------------------------------
  1. Summary:

Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.

Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351)

A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/): 250161 - CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service 345091 - CVE-2007-4351 cups boundary error 345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit() 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset() 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm 87d4f1fd6ca6b148140870504f0257b2 cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386: 0b2dd80ca58b7fcc5ad84f8e1ecd0e81 cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 5c00544011bb0dacb4e41e79104d0f0e cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64: d16b549b7db56a64bcfb1b84d93a4c05 cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 3c974d7e4ad72415a93b6e4f663e8982 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm 8509e970c0d5775aeed6b63052d2b236 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 0a90a78354eaabe482197beee1252b65 cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

ppc: 0d960f2f76cbf3cbf66cb8ba709a6cdc cups-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm 9e4663850f766c1eb7436a481ec35e27 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm db85f6fc99d3c8e0664886b806bc3831 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ppc64.rpm db613329c8d17b9768fb036d823a02e9 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm 2156b4fa59f3707f3109f0459486cd81 cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ppc.rpm 8c37e553d1f4ec9eef4deb92c48247ac cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ppc64.rpm

s390: 591d99417d2ca16cdc119bca9389800b cups-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm 37a5965ac05d2cddbd779e200810c7ae cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm 0ba3a1ca70208f3c0659e2439a0a3d67 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm aa7ac1b0d5cde56f20aacec0cf1d5d3c cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm

s390x: dbc10680046467c823e05ac2724fae50 cups-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm 37a5965ac05d2cddbd779e200810c7ae cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm 4eabb8e617b4b7f40b1ea9957f048c25 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm a02e3c07a980aa7d59efa690c2dd798d cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm aa7ac1b0d5cde56f20aacec0cf1d5d3c cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390.rpm ff9d62f4e7b4b3065498ca63f084f71c cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.s390x.rpm

x86_64: d4c61974402d4a95ad77bf1eb837350f cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 7f21cd350f2242a960c0736ddff82517 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm 7bff3f38344be659b135fae842303ae0 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm d328339cf064b6c33a12077ed94c506d cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm 87d4f1fd6ca6b148140870504f0257b2 cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386: 0b2dd80ca58b7fcc5ad84f8e1ecd0e81 cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 5c00544011bb0dacb4e41e79104d0f0e cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

x86_64: d4c61974402d4a95ad77bf1eb837350f cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 7f21cd350f2242a960c0736ddff82517 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm 7bff3f38344be659b135fae842303ae0 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm d328339cf064b6c33a12077ed94c506d cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm 87d4f1fd6ca6b148140870504f0257b2 cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386: 0b2dd80ca58b7fcc5ad84f8e1ecd0e81 cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 5c00544011bb0dacb4e41e79104d0f0e cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64: d16b549b7db56a64bcfb1b84d93a4c05 cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 3c974d7e4ad72415a93b6e4f663e8982 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm 8509e970c0d5775aeed6b63052d2b236 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 0a90a78354eaabe482197beee1252b65 cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

x86_64: d4c61974402d4a95ad77bf1eb837350f cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 7f21cd350f2242a960c0736ddff82517 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm 7bff3f38344be659b135fae842303ae0 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm d328339cf064b6c33a12077ed94c506d cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm 87d4f1fd6ca6b148140870504f0257b2 cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm

i386: 0b2dd80ca58b7fcc5ad84f8e1ecd0e81 cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 5c00544011bb0dacb4e41e79104d0f0e cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm

ia64: d16b549b7db56a64bcfb1b84d93a4c05 cups-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 3c974d7e4ad72415a93b6e4f663e8982 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm 8509e970c0d5775aeed6b63052d2b236 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 0a90a78354eaabe482197beee1252b65 cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.ia64.rpm

x86_64: d4c61974402d4a95ad77bf1eb837350f cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm a0144131175798c92f8f35465f37e115 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm 7f21cd350f2242a960c0736ddff82517 cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm 7bff3f38344be659b135fae842303ae0 cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm fced80c7c01ff6db29cbd090bc516b4f cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm d328339cf064b6c33a12077ed94c506d cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHMf0jXlSAg2UNWIIRAumHAKCBw82krEPk1iVE1I+dWCkDXyAJ1ACgmzuz I8ScorYcJDyTIdhHoaVFmgs=
=g+wQ
-----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list