Red Hat Product Errata RHSA-2014:1388 - Security Advisory

Issued:: 2014-10-14
Updated:: 2014-10-14

RHSA-2014:1388 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: cups security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated cups packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

CUPS provides a portable printing layer for Linux, UNIX, and similar
operating systems.

A cross-site scripting (XSS) flaw was found in the CUPS web interface.
An attacker could use this flaw to perform a cross-site scripting attack
against users of the CUPS web interface. (CVE-2014-2856)

It was discovered that CUPS allowed certain users to create symbolic links
in certain directories under /var/cache/cups/. A local user with the 'lp'
group privileges could use this flaw to read the contents of arbitrary
files on the system or, potentially, escalate their privileges on the
system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)

The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat
Product Security.

These updated cups packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
changes.

All cups users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 978387 - Bad IPP responses with version 2.0 (collection handling bug)
BZ - 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide
BZ - 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release
BZ - 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation
BZ - 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537
BZ - 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack
BZ - 1128767 - CVE-2014-5031 cups: world-readable permissions

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
x86_64
cups-1.4.2-67.el6.x86_64.rpm	SHA-256: 357af7373d68681d346534f184bbf3db76cded79c34ecacfa5e67179d95d15cb
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-devel-1.4.2-67.el6.x86_64.rpm	SHA-256: d4561a318b8dab2345485258c6adcde83aece6a7ba7e36167e2b426b5ee7228f
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-libs-1.4.2-67.el6.x86_64.rpm	SHA-256: c7af2fd7e5c8a76de57c698f330b271c1962672cf58e2184cba8816ede8fac9d
cups-lpd-1.4.2-67.el6.x86_64.rpm	SHA-256: 97baa971e8ac1d74e9914691f444118c832a684b49570712baf42c806020c6c1
cups-php-1.4.2-67.el6.x86_64.rpm	SHA-256: a56eee29b04c51a60f36ecea821c32c0de4703e612d9a6b4eb40ba59e7d2fb16
i386
cups-1.4.2-67.el6.i686.rpm	SHA-256: 632fc6fbf632163249839b677d1afe14e8e60e08a70d02abaf95f376e24527ef
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-lpd-1.4.2-67.el6.i686.rpm	SHA-256: 854b57001e67a13af3c9c1c98c77b47df8eb54561e214e8fdd3a8705156a5bbc
cups-php-1.4.2-67.el6.i686.rpm	SHA-256: 4abaf04e93e832d0814251e809be37acc978e52d41c95dd6648c75486dd57061

Red Hat Enterprise Linux Workstation 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
x86_64
cups-1.4.2-67.el6.x86_64.rpm	SHA-256: 357af7373d68681d346534f184bbf3db76cded79c34ecacfa5e67179d95d15cb
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-devel-1.4.2-67.el6.x86_64.rpm	SHA-256: d4561a318b8dab2345485258c6adcde83aece6a7ba7e36167e2b426b5ee7228f
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-libs-1.4.2-67.el6.x86_64.rpm	SHA-256: c7af2fd7e5c8a76de57c698f330b271c1962672cf58e2184cba8816ede8fac9d
cups-lpd-1.4.2-67.el6.x86_64.rpm	SHA-256: 97baa971e8ac1d74e9914691f444118c832a684b49570712baf42c806020c6c1
cups-php-1.4.2-67.el6.x86_64.rpm	SHA-256: a56eee29b04c51a60f36ecea821c32c0de4703e612d9a6b4eb40ba59e7d2fb16
i386
cups-1.4.2-67.el6.i686.rpm	SHA-256: 632fc6fbf632163249839b677d1afe14e8e60e08a70d02abaf95f376e24527ef
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-lpd-1.4.2-67.el6.i686.rpm	SHA-256: 854b57001e67a13af3c9c1c98c77b47df8eb54561e214e8fdd3a8705156a5bbc
cups-php-1.4.2-67.el6.i686.rpm	SHA-256: 4abaf04e93e832d0814251e809be37acc978e52d41c95dd6648c75486dd57061

Red Hat Enterprise Linux Desktop 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
x86_64
cups-1.4.2-67.el6.x86_64.rpm	SHA-256: 357af7373d68681d346534f184bbf3db76cded79c34ecacfa5e67179d95d15cb
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-devel-1.4.2-67.el6.x86_64.rpm	SHA-256: d4561a318b8dab2345485258c6adcde83aece6a7ba7e36167e2b426b5ee7228f
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-libs-1.4.2-67.el6.x86_64.rpm	SHA-256: c7af2fd7e5c8a76de57c698f330b271c1962672cf58e2184cba8816ede8fac9d
cups-lpd-1.4.2-67.el6.x86_64.rpm	SHA-256: 97baa971e8ac1d74e9914691f444118c832a684b49570712baf42c806020c6c1
cups-php-1.4.2-67.el6.x86_64.rpm	SHA-256: a56eee29b04c51a60f36ecea821c32c0de4703e612d9a6b4eb40ba59e7d2fb16
i386
cups-1.4.2-67.el6.i686.rpm	SHA-256: 632fc6fbf632163249839b677d1afe14e8e60e08a70d02abaf95f376e24527ef
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-lpd-1.4.2-67.el6.i686.rpm	SHA-256: 854b57001e67a13af3c9c1c98c77b47df8eb54561e214e8fdd3a8705156a5bbc
cups-php-1.4.2-67.el6.i686.rpm	SHA-256: 4abaf04e93e832d0814251e809be37acc978e52d41c95dd6648c75486dd57061

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
s390x
cups-1.4.2-67.el6.s390x.rpm	SHA-256: e9bb4a1315eec29b284a43a674e027d425f804fbdb877da29ad32da0b87b0e97
cups-debuginfo-1.4.2-67.el6.s390.rpm	SHA-256: 140b832ff4971d6528ffbc5b600935f838f3fcc70248f5c8ff815a8c20c8961a
cups-debuginfo-1.4.2-67.el6.s390x.rpm	SHA-256: 2a2bc2c42e642e21d98c3744f6ed9b6cde1e6dc12b6de6a2ac21307225256a74
cups-debuginfo-1.4.2-67.el6.s390x.rpm	SHA-256: 2a2bc2c42e642e21d98c3744f6ed9b6cde1e6dc12b6de6a2ac21307225256a74
cups-devel-1.4.2-67.el6.s390.rpm	SHA-256: 9699270a523806ab24f54c6e6dd8bd80935ddcd667e51bd37773d0264d5413a2
cups-devel-1.4.2-67.el6.s390x.rpm	SHA-256: bc2ac27a5521b5218e2f65ff4b3fccfe92915fe629633ea2eacd44083647251a
cups-libs-1.4.2-67.el6.s390.rpm	SHA-256: a9608e58e73965c8ce8b42329a3d6a8433ffe1e279c3c930b90540c1592ab5eb
cups-libs-1.4.2-67.el6.s390x.rpm	SHA-256: 33fe707afa40039d4d120a1090cce0ef569c2e711530fb1b3284269da7917d6e
cups-lpd-1.4.2-67.el6.s390x.rpm	SHA-256: c0d706b9a3891039a908d787cbbb3872be4f480ee4e0223704ef4385c50302ef
cups-php-1.4.2-67.el6.s390x.rpm	SHA-256: 88fab93e020c9dca91a38d5ff68197060e8a5666b09e7b7fd5016bda3d0a33a7

Red Hat Enterprise Linux for Power, big endian 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
ppc64
cups-1.4.2-67.el6.ppc64.rpm	SHA-256: 4948ef79ad63d57b8d25fa4836036452718fb3640bb9c9c2adc97f755f12e9d7
cups-debuginfo-1.4.2-67.el6.ppc.rpm	SHA-256: 80f7dd8bbb7c5503b909191982a2fe4110eb6374055c3120a71e33701801a5fc
cups-debuginfo-1.4.2-67.el6.ppc64.rpm	SHA-256: f2297b36dca2a49890819b45d9e187b58873d62ec299d7e5c5b7ee6fdc4a63d3
cups-debuginfo-1.4.2-67.el6.ppc64.rpm	SHA-256: f2297b36dca2a49890819b45d9e187b58873d62ec299d7e5c5b7ee6fdc4a63d3
cups-devel-1.4.2-67.el6.ppc.rpm	SHA-256: dd171393bf289f2d9cc56ee121150ed4866c6cd4fbc749115abd509b62e0da9e
cups-devel-1.4.2-67.el6.ppc64.rpm	SHA-256: 3977fe7cfa47245f3ee3f6efa4601af283d7680b5913769843bfb3ed745baa39
cups-libs-1.4.2-67.el6.ppc.rpm	SHA-256: 07c0dcca0b21b89ad22d95b9dc512ca74a21ba9b3e1b274b532b16eb57487cfd
cups-libs-1.4.2-67.el6.ppc64.rpm	SHA-256: 69bcce270bc94fa63b705f818aff020bc8888ecda9b281f91c451fd40e233802
cups-lpd-1.4.2-67.el6.ppc64.rpm	SHA-256: 283e25a39936bc66db6eaa4387adf838baed7ce3a9352fdbd56cdf46f499586f
cups-php-1.4.2-67.el6.ppc64.rpm	SHA-256: d5d108542fabd48a25a2497b231780617be7c8cb0015c2f3294be6522f1ddc31

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
x86_64
cups-1.4.2-67.el6.x86_64.rpm	SHA-256: 357af7373d68681d346534f184bbf3db76cded79c34ecacfa5e67179d95d15cb
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-devel-1.4.2-67.el6.x86_64.rpm	SHA-256: d4561a318b8dab2345485258c6adcde83aece6a7ba7e36167e2b426b5ee7228f
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-libs-1.4.2-67.el6.x86_64.rpm	SHA-256: c7af2fd7e5c8a76de57c698f330b271c1962672cf58e2184cba8816ede8fac9d
cups-lpd-1.4.2-67.el6.x86_64.rpm	SHA-256: 97baa971e8ac1d74e9914691f444118c832a684b49570712baf42c806020c6c1
cups-php-1.4.2-67.el6.x86_64.rpm	SHA-256: a56eee29b04c51a60f36ecea821c32c0de4703e612d9a6b4eb40ba59e7d2fb16

Red Hat Enterprise Linux Server from RHUI 6

SRPM
cups-1.4.2-67.el6.src.rpm	SHA-256: e71bd5dd38202eb02f5d0eb89b50c7b4796716a3aea21a63b7745c6349be93c4
x86_64
cups-1.4.2-67.el6.x86_64.rpm	SHA-256: 357af7373d68681d346534f184bbf3db76cded79c34ecacfa5e67179d95d15cb
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-debuginfo-1.4.2-67.el6.x86_64.rpm	SHA-256: 96e022afe45b44f2c6d06c8d4e62eab66ac4941bef038c3134a35250f5e5ae57
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-devel-1.4.2-67.el6.x86_64.rpm	SHA-256: d4561a318b8dab2345485258c6adcde83aece6a7ba7e36167e2b426b5ee7228f
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-libs-1.4.2-67.el6.x86_64.rpm	SHA-256: c7af2fd7e5c8a76de57c698f330b271c1962672cf58e2184cba8816ede8fac9d
cups-lpd-1.4.2-67.el6.x86_64.rpm	SHA-256: 97baa971e8ac1d74e9914691f444118c832a684b49570712baf42c806020c6c1
cups-php-1.4.2-67.el6.x86_64.rpm	SHA-256: a56eee29b04c51a60f36ecea821c32c0de4703e612d9a6b4eb40ba59e7d2fb16
i386
cups-1.4.2-67.el6.i686.rpm	SHA-256: 632fc6fbf632163249839b677d1afe14e8e60e08a70d02abaf95f376e24527ef
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-debuginfo-1.4.2-67.el6.i686.rpm	SHA-256: 89df6cfade92d6188d8b692f71c22df4bdb6b3fdd6fc2e773b56f7732c1de3c2
cups-devel-1.4.2-67.el6.i686.rpm	SHA-256: fd59c36edda36fd3b14079f24ad6d787dee76f0c8b2b31a8f75738bf73dbb120
cups-libs-1.4.2-67.el6.i686.rpm	SHA-256: a82640faf75216bb9c68ecb40955e9986515e24a6f3d1b143f5d421057467b16
cups-lpd-1.4.2-67.el6.i686.rpm	SHA-256: 854b57001e67a13af3c9c1c98c77b47df8eb54561e214e8fdd3a8705156a5bbc
cups-php-1.4.2-67.el6.i686.rpm	SHA-256: 4abaf04e93e832d0814251e809be37acc978e52d41c95dd6648c75486dd57061

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories