Red Hat Product Errata RHSA-2009:1082 - Security Advisory
Issued:
2009-06-03
Updated:
2009-06-03

RHSA-2009:1082 - Security Advisory

Synopsis

Important: cups security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated cups packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The Common UNIX(r) Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The Internet Printing Protocol (IPP) allows
users to print and manage printing-related tasks over a network.

A NULL pointer dereference flaw was found in the CUPS IPP routine, used for
processing incoming IPP requests for the CUPS scheduler. An attacker could
use this flaw to send specially-crafted IPP requests that would crash the
cupsd daemon. (CVE-2009-0949)

Red Hat would like to thank Anibal Sacco from Core Security Technologies
for reporting this issue.

Users of cups are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the cupsd daemon will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 500972 - CVE-2009-0949 cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS

Red Hat Enterprise Linux Server 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
x86_64
cups-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 3390ead14038ebc60ecf3c84d7d411e881894a4f8a362101b6c2fa7d0cf63279
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-devel-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 0b2ef155a0fde9ca94b6bd52c4b8f6878971fd66219bf7384685d3122a64c870
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: f0da97391eb88413e41f9167cee02268e47f0d1468afb21a0bf2d62425618c4a
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 8cf207a125089ce766db935014740233538200408f293181c6e3b3470ac4a5d3
ia64
cups-1.3.7-8.el5_3.6.ia64.rpm SHA-256: 4e736e4260292ca0bef260b36da2fddd9aaeae2d1d51635c36caa50fc8573058
cups-devel-1.3.7-8.el5_3.6.ia64.rpm SHA-256: 5ca1e8d87de928a44481d85fb38f0edda2a6690639bb5832c933c8b09dc7e34b
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-libs-1.3.7-8.el5_3.6.ia64.rpm SHA-256: 0dd889e0572a69d0af7fef30df1ef4d54bb70fb6fb97e71d5ddda8b93036c8a7
cups-lpd-1.3.7-8.el5_3.6.ia64.rpm SHA-256: bd1c41cc55391a9a7b4c3b59a9b82425bf9ea4ce7f0fca0f98de727fef6a02b8
i386
cups-1.3.7-8.el5_3.6.i386.rpm SHA-256: acffa794aa4e6f9ad415c2b93ee442aac2c7f068f30bb2d6e122eae67329ceb8
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-lpd-1.3.7-8.el5_3.6.i386.rpm SHA-256: 1fc6d00e9c6fe42d2269a4e0da26db70ed7c03a6ff846a38db51144db6228c7a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
x86_64
cups-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 3390ead14038ebc60ecf3c84d7d411e881894a4f8a362101b6c2fa7d0cf63279
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-devel-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 0b2ef155a0fde9ca94b6bd52c4b8f6878971fd66219bf7384685d3122a64c870
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: f0da97391eb88413e41f9167cee02268e47f0d1468afb21a0bf2d62425618c4a
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 8cf207a125089ce766db935014740233538200408f293181c6e3b3470ac4a5d3
i386
cups-1.3.7-8.el5_3.6.i386.rpm SHA-256: acffa794aa4e6f9ad415c2b93ee442aac2c7f068f30bb2d6e122eae67329ceb8
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-lpd-1.3.7-8.el5_3.6.i386.rpm SHA-256: 1fc6d00e9c6fe42d2269a4e0da26db70ed7c03a6ff846a38db51144db6228c7a

Red Hat Enterprise Linux Desktop 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
x86_64
cups-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 3390ead14038ebc60ecf3c84d7d411e881894a4f8a362101b6c2fa7d0cf63279
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: f0da97391eb88413e41f9167cee02268e47f0d1468afb21a0bf2d62425618c4a
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 8cf207a125089ce766db935014740233538200408f293181c6e3b3470ac4a5d3
i386
cups-1.3.7-8.el5_3.6.i386.rpm SHA-256: acffa794aa4e6f9ad415c2b93ee442aac2c7f068f30bb2d6e122eae67329ceb8
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-lpd-1.3.7-8.el5_3.6.i386.rpm SHA-256: 1fc6d00e9c6fe42d2269a4e0da26db70ed7c03a6ff846a38db51144db6228c7a

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
s390x
cups-1.3.7-8.el5_3.6.s390x.rpm SHA-256: ccbc7c75ab22722cdbc0bb48ce2808e586c79e9e8e5690f9ee27b07dde6bb258
cups-devel-1.3.7-8.el5_3.6.s390.rpm SHA-256: b6658bc61c8116624af4e5caac1c57f9b1b65d3ee9778f15819be91a7e5997ff
cups-devel-1.3.7-8.el5_3.6.s390x.rpm SHA-256: 3cd034f275b6718a319d456c2905573a20b0ad7985feb5d381cd473ddb393079
cups-libs-1.3.7-8.el5_3.6.s390.rpm SHA-256: eda9ba168c759d418a95eea1e867b7822c8d49ee4707437c776d08d98e97ad9e
cups-libs-1.3.7-8.el5_3.6.s390x.rpm SHA-256: b17098836019826fb133a8057e0c906f23401c5faf1a7d52216082f2fad78601
cups-lpd-1.3.7-8.el5_3.6.s390x.rpm SHA-256: 25813f7149869db4fec609099af6f6779ee0f40fe0b044b1d4f05eea1616bfcc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
ppc
cups-1.3.7-8.el5_3.6.ppc.rpm SHA-256: af16fe6619326413183fa1fe4d0f2998befd2d7c3ad0311ad04c64163e81b14f
cups-devel-1.3.7-8.el5_3.6.ppc.rpm SHA-256: efde1a7dbfb99972a278930a11c8b6a6ed8e48d0b8989fc36860d7e1ebda1d65
cups-devel-1.3.7-8.el5_3.6.ppc64.rpm SHA-256: 12398b77117cf287f3ac6b3f2fb2264bbb5585674dc5409f2084fadb38c82674
cups-libs-1.3.7-8.el5_3.6.ppc.rpm SHA-256: 4868990c1b6f6dffb1f3f64cd3f5c78cf585a0ba1f3f044feecf8e730d091ed4
cups-libs-1.3.7-8.el5_3.6.ppc64.rpm SHA-256: 0b18afb53b64ecae26b25430df87745c37d01a16be46ef09a11a0ad042eb0b82
cups-lpd-1.3.7-8.el5_3.6.ppc.rpm SHA-256: 9485e1d6c3e62722c33ceb177a3d472f21f5701058b8a6b9212feb92dc2e1a9b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
cups-1.3.7-8.el5_3.6.src.rpm SHA-256: 9845fdc5b9e3812f834174347b054d56c201b5b251ff3fafaa3624c08de38308
x86_64
cups-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 3390ead14038ebc60ecf3c84d7d411e881894a4f8a362101b6c2fa7d0cf63279
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-devel-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 0b2ef155a0fde9ca94b6bd52c4b8f6878971fd66219bf7384685d3122a64c870
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: f0da97391eb88413e41f9167cee02268e47f0d1468afb21a0bf2d62425618c4a
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm SHA-256: 8cf207a125089ce766db935014740233538200408f293181c6e3b3470ac4a5d3
i386
cups-1.3.7-8.el5_3.6.i386.rpm SHA-256: acffa794aa4e6f9ad415c2b93ee442aac2c7f068f30bb2d6e122eae67329ceb8
cups-devel-1.3.7-8.el5_3.6.i386.rpm SHA-256: a37ef8895485fe40e5f4e6936c5ade2421174485621985d6bea87f00b143dff1
cups-libs-1.3.7-8.el5_3.6.i386.rpm SHA-256: bd0123cd00f24ce2e344ed2df715d98ee7db116d532da6ae373bbd59fb830d2f
cups-lpd-1.3.7-8.el5_3.6.i386.rpm SHA-256: 1fc6d00e9c6fe42d2269a4e0da26db70ed7c03a6ff846a38db51144db6228c7a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.