----------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated CUPS packages fix security vulnerabilities Advisory ID: FLSA:2127 Issue date: 2005-03-02 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2127 CVE Names: CAN-2004-0888 CAN-2004-0923 CAN-2004-1125 CAN-2004-1267 CAN-2004-1268 CAN-2004-1269 CAN-2004-1270 CAN-2005-0064 -----------------------------------------------------------------------
----------------------------------------------------------------------- 1. Topic:
Updated CUPS packages that fix several security issues are now available.
The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386
3. Problem description:
During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.
When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923 to this issue.
A buffer overflow was found in the CUPS pdftops filter, which uses code from the Xpdf package. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.
A buffer overflow was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1267 to this issue.
The lppasswd utility ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.
The lppasswd utility does not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1270 to this issue.
A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue.
All users of cups should upgrade to these updated packages, which resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
http://bugzilla.fedora.us - 2127 - multiple cups vulns
6. RPMs required:
Red Hat Linux 7.3:
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name ---------------------------------------------------------------------------
0db34c2e38a4041f73d2a78a9b2915f75a66c24a redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5 redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
7274fee7375ae5daf0824091ae394544a45fbe1a redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
c069522837c744b29cb67ea52e00023110400e70 redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm
c6fdf900397f732b510fbfa21a5fa977e984c2cb redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
a18781d8f285db684790d32b9a8eca4ca4504124 redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
01741a487d1a9ffdede42fbe0e80f1bfa09250f7 redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm
9637c0555edd133c1fb8ef7c7818c3e794408e04 fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427 fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm
132ca29e094556c2f575f811cad907efd3a6cdad fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
9. Contact:
The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
-- Fedora-legacy-announce mailing list Fedora-legacy-announce@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-announce