Red Hat 9038 Published by

Updated CUPS packages are available for Red Hat Linux 7.3, 9, and Fedora Core 1

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated CUPS packages fix security vulnerabilities
Advisory ID: FLSA:2127
Issue date: 2005-03-02
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2127
CVE Names: CAN-2004-0888 CAN-2004-0923 CAN-2004-1125
CAN-2004-1267 CAN-2004-1268 CAN-2004-1269
CAN-2004-1270 CAN-2005-0064
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated CUPS packages that fix several security issues are now available.

The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386



3. Problem description:

During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923 to this issue.

A buffer overflow was found in the CUPS pdftops filter, which uses code from the Xpdf package. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1267 to this issue.

The lppasswd utility ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.

The lppasswd utility does not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1270 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.

All users of cups should upgrade to these updated packages, which resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 2127 - multiple cups vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------------

0db34c2e38a4041f73d2a78a9b2915f75a66c24a
redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5
redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
7274fee7375ae5daf0824091ae394544a45fbe1a
redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
c069522837c744b29cb67ea52e00023110400e70
redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm
c6fdf900397f732b510fbfa21a5fa977e984c2cb
redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
a18781d8f285db684790d32b9a8eca4ca4504124
redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
01741a487d1a9ffdede42fbe0e80f1bfa09250f7
redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb
redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm
9637c0555edd133c1fb8ef7c7818c3e794408e04
fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427
fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f
fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm
132ca29e094556c2f575f811cad907efd3a6cdad
fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org