RHSA-2007:1021-01 Important: cups security update
Posted on: 11/07/2007 09:00 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: cups security update
Advisory ID: RHSA-2007:1021-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1021.html
Issue date: 2007-11-07
Updated on: 2007-11-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
- ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm

x86_64:
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.3.src.rpm
0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386:
0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

ia64:
6d6d5b2c9bb192c0221fab51ca406e54 cups-1.2.4-11.14.el5_1.3.ia64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1fd9e56a67d23a794bfe4d6f92eb74ac cups-debuginfo-1.2.4-11.14.el5_1.3.ia64.rpm
f8993c91631e1cb221053970359a15c3 cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
b563493fa5c9938711246df30849740e cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm
fbeff7413bedcb74acd9691ffd34ec16 cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm

ppc:
568c33780523d8934fd44cb8b38572f7 cups-1.2.4-11.14.el5_1.3.ppc.rpm
89302dadc2de2e1fd067c1468244d9d4 cups-debuginfo-1.2.4-11.14.el5_1.3.ppc.rpm
b6eba796dede6c33f28887f142ec197b cups-debuginfo-1.2.4-11.14.el5_1.3.ppc64.rpm
8f47bde999fd4a20fdd95df19aa4d348 cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm
904299c55e793be74463ed447d4c7912 cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm
e510688e304707cdc2e69fbb690c105a cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm
a46a28e1dd83f550a8f90f76dd5de253 cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm
22240ec5fb56b681652830c602f6d3ac cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm

s390x:
0600130d9ffbc51fefefe5363161f809 cups-1.2.4-11.14.el5_1.3.s390x.rpm
747bc08e1347512b1250f2065f33ec82 cups-debuginfo-1.2.4-11.14.el5_1.3.s390.rpm
3e9253116a2fc0990fd7fb8df3330c0e cups-debuginfo-1.2.4-11.14.el5_1.3.s390x.rpm
205945b86014307d0351d958a3045bfd cups-devel-1.2.4-11.14.el5_1.3.s390.rpm
4494cce4dc572b50d825343ec9b2cfc1 cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm
f58cff49807950fe15a0431d9c0eb0a4 cups-libs-1.2.4-11.14.el5_1.3.s390.rpm
5b1a7f99fb9a376ac9dd6001bfc2400e cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm
8f41c8e4ad65b647974012e97e559050 cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm

x86_64:
8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm
e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm
1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm
ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm
d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm
9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm
e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm
f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHMfoZXlSAg2UNWIIRArocAJ4qfSAilKdPu6YvnbCb1h/QuxFdZACdFmeI
ypqsscJDPG7VSjjYrOsOTf8=
=lc2f
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20071021_01_important_cups_security_update.html)