[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] [FLSA-2005:2127] Updated CUPS packages fix security vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] [FLSA-2005:2127] Updated CUPS packages fix security vulnerabilities
From: Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
Date: Wed, 02 Mar 2005 08:04:07 -0500

-----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated CUPS packages fix security vulnerabilities
Advisory ID:       FLSA:2127
Issue date:        2005-03-02
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=2127
CVE Names:         CAN-2004-0888 CAN-2004-0923 CAN-2004-1125
                   CAN-2004-1267 CAN-2004-1268 CAN-2004-1269
                   CAN-2004-1270 CAN-2005-0064
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated CUPS packages that fix several security issues are now
available.

The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code
used for parsing PDF files and is therefore affected by these bugs. An
attacker who has the ability to send a malicious PDF file to a printer
could cause CUPS to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would
authenticate with that shared printer using a username and password. By
default, the username and password used to connect to the Samba share is
written into the error log file. A local user who is able to read the
error log file could collect these usernames and passwords. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0923 to this issue.

A buffer overflow was found in the CUPS pdftops filter, which uses code
from the Xpdf package. An attacker who has the ability to send a
malicious PDF file to a printer could possibly execute arbitrary code as
the "lp" user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow was found in the ParseCommand function in the hpgltops
program. An attacker who has the ability to send a malicious HPGL file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1267 to this issue.

The lppasswd utility ignores write errors when modifying the CUPS passwd
file. A local user who is able to fill the associated file system could
corrupt the CUPS password file or prevent future uses of lppasswd. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.

The lppasswd utility does not verify that the passwd.new file is
different from STDERR, which could allow local users to control output
to passwd.new via certain user input that triggers an error message. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1270 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects the CUPS pdftops filter due to a shared
codebase. An attacker who has the ability to send a malicious PDF file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

All users of cups should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 2127 - multiple cups vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------------

0db34c2e38a4041f73d2a78a9b2915f75a66c24a redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5 redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm 7274fee7375ae5daf0824091ae394544a45fbe1a redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm c069522837c744b29cb67ea52e00023110400e70 redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm c6fdf900397f732b510fbfa21a5fa977e984c2cb redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm a18781d8f285db684790d32b9a8eca4ca4504124 redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm 01741a487d1a9ffdede42fbe0e80f1bfa09250f7 redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm 2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm 9637c0555edd133c1fb8ef7c7818c3e794408e04 fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm bc4b60d13ac3cae0a047149b9f8350a4ca8bb427 fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm 3a1fea385f2fc5302e9529ed64cb36c17d64ed3f fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm 132ca29e094556c2f575f811cad907efd3a6cdad fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] client - server
Next by Date: Re: [Full-Disclosure] Things that make you go "Hmmm"
Previous by thread: [Full-disclosure] (no subject)
Next by thread: [Full-Disclosure] New virus?
Index(es):
- Date
- Thread