Red Hat Product Errata RHSA-2008:0206 - Security Advisory

Issued:: 2008-04-01
Updated:: 2008-04-01

RHSA-2008:0206 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: cups security update

Type/Severity

Security Advisory: Moderate

Topic

Updated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly execute
arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)

A buffer overflow flaw was discovered in the GIF decoding routines used by
CUPS image converting filters "imagetops" and "imagetoraster". An attacker
could create a malicious GIF file that could possibly execute arbitrary
code as the "lp" user if the file was printed. (CVE-2008-1373)

It was discovered that the patch used to address CVE-2004-0888 in CUPS
packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the
integer overflow in the "pdftops" filter on 64-bit platforms. An attacker
could create a malicious PDF file that could possibly execute arbitrary
code as the "lp" user if the file was printed. (CVE-2008-1374)

All cups users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc

Fixes

BZ - 438117 - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter
BZ - 438303 - CVE-2008-1373 cups: overflow in gif image filter
BZ - 438336 - CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
x86_64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
ia64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: da6fbdd343a3187a66d1295e995b1ca1aa61e28aef5b58b19852286e744a001b
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: da6fbdd343a3187a66d1295e995b1ca1aa61e28aef5b58b19852286e744a001b
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: 03d52b867138221dff94496b3e7ff143d9d0f84a8bfc66959d8edaafa4c1a09c
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: 03d52b867138221dff94496b3e7ff143d9d0f84a8bfc66959d8edaafa4c1a09c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: d471d49501938653aad7e636665fef960088784d40f29260237827f0670ded9a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: d471d49501938653aad7e636665fef960088784d40f29260237827f0670ded9a
i386
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9

Red Hat Enterprise Linux Server - Extended Update Support 4.6

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
x86_64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
ia64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: da6fbdd343a3187a66d1295e995b1ca1aa61e28aef5b58b19852286e744a001b
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: da6fbdd343a3187a66d1295e995b1ca1aa61e28aef5b58b19852286e744a001b
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: 03d52b867138221dff94496b3e7ff143d9d0f84a8bfc66959d8edaafa4c1a09c
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: 03d52b867138221dff94496b3e7ff143d9d0f84a8bfc66959d8edaafa4c1a09c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: d471d49501938653aad7e636665fef960088784d40f29260237827f0670ded9a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: d471d49501938653aad7e636665fef960088784d40f29260237827f0670ded9a
i386
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9

Red Hat Enterprise Linux Workstation 4

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
x86_64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
ia64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: da6fbdd343a3187a66d1295e995b1ca1aa61e28aef5b58b19852286e744a001b
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: 03d52b867138221dff94496b3e7ff143d9d0f84a8bfc66959d8edaafa4c1a09c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm	SHA-256: d471d49501938653aad7e636665fef960088784d40f29260237827f0670ded9a
i386
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9

Red Hat Enterprise Linux Desktop 4

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
x86_64
cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bc0ce87400dd920d06139e1b9bc2db1b9d66f635c90141bffd47631bd842a8f3
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: bfcb5459fe9c4f5e93acfef074c66e16062b1ada3540fc234116a0429de1e38a
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm	SHA-256: fdd0e8e5de6e76347f7b6643ef99fd2594c972452ed2ec29480c6708517d0f22
i386
cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: 3e2d64966f3558f6f94abc0087e5c6422e627fdf720d896ed009117eaf37ba2f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: b2e37d6978318358a6549b02e0469da99b427d450b2231e329f81e1767fbd4c0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm	SHA-256: d7344a2d1c0d6558851812b93f64afb8e090adaffd603ec0b50df6e5c97be6f9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
s390x
cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: 65d5b221186bb67089d0c8f473d5496f2f038d73c7faff39744140d9c199e5b0
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: 70f364dfe8a84d88362152318962488682707b5ed27d0bb3cd64b39fd2b4d200
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: cf5bba579e7dd135dcf1b941a956107b8f82481ae7b812ed3cbe1340b7ea0eb0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: fe17e40fc94ffd3c7484a9f004cb2abe1c45866b184c8bb7db7afdc17c5a04b6
s390
cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: d4dae59481341975b75b9ce6e0e85ac1d16a334791a2dda0f1bcc1f415ef1942
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: 165cb0eba13c4adb644f453124b3fbaa14b281d60c01c6f12f43c3dbd4150d19
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: cf5bba579e7dd135dcf1b941a956107b8f82481ae7b812ed3cbe1340b7ea0eb0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
s390x
cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: 65d5b221186bb67089d0c8f473d5496f2f038d73c7faff39744140d9c199e5b0
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: 70f364dfe8a84d88362152318962488682707b5ed27d0bb3cd64b39fd2b4d200
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: cf5bba579e7dd135dcf1b941a956107b8f82481ae7b812ed3cbe1340b7ea0eb0
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm	SHA-256: fe17e40fc94ffd3c7484a9f004cb2abe1c45866b184c8bb7db7afdc17c5a04b6
s390
cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: d4dae59481341975b75b9ce6e0e85ac1d16a334791a2dda0f1bcc1f415ef1942
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: 165cb0eba13c4adb644f453124b3fbaa14b281d60c01c6f12f43c3dbd4150d19
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm	SHA-256: cf5bba579e7dd135dcf1b941a956107b8f82481ae7b812ed3cbe1340b7ea0eb0

Red Hat Enterprise Linux for Power, big endian 4

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
ppc
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: 094fbd468bfa452010466acf1f0854a5b489e465232c74ca92e34ac90b9efe16
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: d0390c1aedf0f9d43b884bd3c7587c370ea3ea4fd5a7c2c36ba353107444245d
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: 08bf9ab891f85d68f07a43c7dc05637056f0158de3d36a6e16802f7bc064b398
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc64.rpm	SHA-256: a570f005ef60b94323a67582d4586b04d4a90a2cd01bd08350a1dcd32c111411

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm	SHA-256: e2ce80ba2dbe48a13c4e33be3154a20233776dad5b1ae64379ffc73a4a6e4cce
ppc
cups-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: 094fbd468bfa452010466acf1f0854a5b489e465232c74ca92e34ac90b9efe16
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: d0390c1aedf0f9d43b884bd3c7587c370ea3ea4fd5a7c2c36ba353107444245d
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm	SHA-256: 08bf9ab891f85d68f07a43c7dc05637056f0158de3d36a6e16802f7bc064b398
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc64.rpm	SHA-256: a570f005ef60b94323a67582d4586b04d4a90a2cd01bd08350a1dcd32c111411

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories