Issued:
2007-10-31
Updated:
2007-10-31

RHSA-2007:1020 - Security Advisory

Synopsis

Important: cups security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated CUPS packages that fix a security issue in the Internet Printing
Protocol (IPP) handling and correct some bugs are now available for Red Hat
Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A flaw was found in the way CUPS handles certain Internet Printing Protocol
(IPP) tags. A remote attacker who is able to connect to the IPP TCP port
could send a malicious request causing the CUPS daemon to crash, or
potentially execute arbitrary code. Please note that the default CUPS
configuration does not allow remote hosts to connect to the IPP TCP port.
(CVE-2007-4351)

Red Hat would like to thank Alin Rad Pop for reporting this issue.

All CUPS users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

In addition, the following bugs were fixed:

  • the CUPS service has been changed to start after sshd, to avoid causing
    delays when logging in when the system is booted.
  • the logrotate settings have been adjusted so they do not cause CUPS to
    reload its configuration. This is to avoid re-printing the current job,
    which could occur when it was a long-running job.
  • a bug has been fixed in the handling of the If-Modified-Since: HTTP
    header.
  • in the LSPP configuration, labels for labeled jobs did not line-wrap.
    This has been fixed.
  • an access check in the LSPP configuration has been made more secure.
  • the cups-lpd service no longer ignores the "-odocument-format=..."
    option.
  • a memory allocation bug has been fixed in cupsd.
  • support for UNIX domain sockets authentication without passwords has been
    added.
  • in the LSPP configuration, a problem that could lead to cupsd crashing
    has been fixed.
  • the error handling in the initscript has been improved.
  • The job-originating-host-name attribute was not correctly set for jobs
    submitted via the cups-lpd service. This has been fixed.
  • a problem with parsing IPv6 addresses in the configuration file has been
    fixed.
  • a problem that could lead to cupsd crashing when it failed to open a
    "file:" URI has been fixed.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 213828 - Cups starts as S55cups, before sshd
  • BZ - 228107 - [LSPP] Labels for labeled printing don't linewrap
  • BZ - 229673 - [LSPP] cups is overriding mls when querying jobs with lpq -al
  • BZ - 230073 - cups-lpd : server-args has no effect
  • BZ - 230613 - [LSPP] cups is allowing users to delete other user's job
  • BZ - 231522 - [LSPP] cupsd crash
  • BZ - 237953 - Wrong init script
  • BZ - 240223 - cups-lpd doesn't set 'job-originating-host-name'
  • BZ - 241400 - IPV6 addresses not accepted in "Allow From" directives
  • BZ - 250415 - cupsd crashes when failing to open a file: URI
  • BZ - 345091 - CVE-2007-4351 cups boundary error

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
x86_64
cups-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 958e685b0abdfa418c46da14d2a61c5860074cee9724a92968b27024250c98a1
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 93fea7e58cdaddf396de20752f36a0993111e0e193fc785aa57a3fa3fe36e03f
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 3203d1fe5ba51ecf81cbf4d90fec8821670b4e6993707607bf60d6dc245a9b4c
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 0dddbd9219f7b37a1fad69d8b8dee7bc8046bd371c7f0faf4da5f33d515d4ec8
ia64
cups-1.2.4-11.14.el5_1.1.ia64.rpm SHA-256: 54d1fcf3aadaf8d9216127ecf9ce943dc791dffc8b5842c6051d39ce55374df0
cups-devel-1.2.4-11.14.el5_1.1.ia64.rpm SHA-256: 965da1f8bde3f23c12aa6e1f5bec77bc4d632fbe1c58a8f241c23416790e9862
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-libs-1.2.4-11.14.el5_1.1.ia64.rpm SHA-256: 96d107f859c7e9b4bb4d9ad82ed143c8813626472863b7e7a5e8dbc03d4c34d6
cups-lpd-1.2.4-11.14.el5_1.1.ia64.rpm SHA-256: 9425122f07d7af8477ea08e69ffe6b38ce3fd432a27708097594a9e6e9c74d0b
i386
cups-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: dc77e54bc7b60b058aa865f5697cc1909745a7f4a59a5c48c021856b93667806
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 85fcf7ec510c700903807dba790369f30f22b996d1caef2b7c9ee81148bb675f

Red Hat Enterprise Linux Workstation 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
x86_64
cups-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 958e685b0abdfa418c46da14d2a61c5860074cee9724a92968b27024250c98a1
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 93fea7e58cdaddf396de20752f36a0993111e0e193fc785aa57a3fa3fe36e03f
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 3203d1fe5ba51ecf81cbf4d90fec8821670b4e6993707607bf60d6dc245a9b4c
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 0dddbd9219f7b37a1fad69d8b8dee7bc8046bd371c7f0faf4da5f33d515d4ec8
i386
cups-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: dc77e54bc7b60b058aa865f5697cc1909745a7f4a59a5c48c021856b93667806
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 85fcf7ec510c700903807dba790369f30f22b996d1caef2b7c9ee81148bb675f

Red Hat Enterprise Linux Desktop 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
x86_64
cups-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 958e685b0abdfa418c46da14d2a61c5860074cee9724a92968b27024250c98a1
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 3203d1fe5ba51ecf81cbf4d90fec8821670b4e6993707607bf60d6dc245a9b4c
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 0dddbd9219f7b37a1fad69d8b8dee7bc8046bd371c7f0faf4da5f33d515d4ec8
i386
cups-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: dc77e54bc7b60b058aa865f5697cc1909745a7f4a59a5c48c021856b93667806
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 85fcf7ec510c700903807dba790369f30f22b996d1caef2b7c9ee81148bb675f

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
s390x
cups-1.2.4-11.14.el5_1.1.s390x.rpm SHA-256: 39748a6b328a7ad53b6eb015593b0644460d47100bdcf5ee121dc559739f56a0
cups-devel-1.2.4-11.14.el5_1.1.s390.rpm SHA-256: 3787290e9c51a4fbd0712f7416b878379cb6ae33155a3b1582eed00ffc7d4bd2
cups-devel-1.2.4-11.14.el5_1.1.s390x.rpm SHA-256: 019274f86f738bbab53b447737f876c4aa98d5bad8a9f45b4ddadc0531ed58f9
cups-libs-1.2.4-11.14.el5_1.1.s390.rpm SHA-256: e1c73aa3d62c7a8decac310c1d291ab22d5e24c28d51860e036cf2ea3ee47ebc
cups-libs-1.2.4-11.14.el5_1.1.s390x.rpm SHA-256: 22015b7c933be7d4705c9e99dc2f5584d10438408293a5317f8d38255a26bd8e
cups-lpd-1.2.4-11.14.el5_1.1.s390x.rpm SHA-256: 9bb3469051bf580164a24419c920c7208221fce87bb6e824a8bb27e9c97235bf

Red Hat Enterprise Linux for Power, big endian 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
ppc
cups-1.2.4-11.14.el5_1.1.ppc.rpm SHA-256: e81dc14b39d218b6a9b43e38debb96e7407a213e34d17501f0f017eb2daf38cd
cups-devel-1.2.4-11.14.el5_1.1.ppc.rpm SHA-256: 66363d4142e30658f831b05a8bee0cbde913d17a37b59a063e9bf5a44b30754f
cups-devel-1.2.4-11.14.el5_1.1.ppc64.rpm SHA-256: 8e801d826774a1dfa18b78320809751cfd1fcfd9b5f1173ed89d1ab508be3a83
cups-libs-1.2.4-11.14.el5_1.1.ppc.rpm SHA-256: bf21de2e35926a0675a2c8f0169844fc887abd1f7f37f17ee0027e404fdad223
cups-libs-1.2.4-11.14.el5_1.1.ppc64.rpm SHA-256: a77506c6cf9dc7b7c283d662c4752731162458654e4ed930d76c76b1d87e433e
cups-lpd-1.2.4-11.14.el5_1.1.ppc.rpm SHA-256: 249d6aaee8cc182fcedc38d22b08c0c6764a97b9196036493eb672a038fc113a

Red Hat Enterprise Linux Server from RHUI 5

SRPM
cups-1.2.4-11.14.el5_1.1.src.rpm SHA-256: c583394be7435e9255bf21747142f1fc111c5847bc521cc01895d4e760e43f72
x86_64
cups-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 958e685b0abdfa418c46da14d2a61c5860074cee9724a92968b27024250c98a1
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 93fea7e58cdaddf396de20752f36a0993111e0e193fc785aa57a3fa3fe36e03f
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 3203d1fe5ba51ecf81cbf4d90fec8821670b4e6993707607bf60d6dc245a9b4c
cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm SHA-256: 0dddbd9219f7b37a1fad69d8b8dee7bc8046bd371c7f0faf4da5f33d515d4ec8
i386
cups-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: dc77e54bc7b60b058aa865f5697cc1909745a7f4a59a5c48c021856b93667806
cups-devel-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 41f3965d5a09da9da3655a2d6c7cb093e2658596e5eadf52ad70a0fd11464bea
cups-libs-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 01e9f53955a8ed92ec02c138d48e3c9b611d52e4a477aaa1c23c4933f9c2aaab
cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm SHA-256: 85fcf7ec510c700903807dba790369f30f22b996d1caef2b7c9ee81148bb675f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.