-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2005.0617 -- RHSA-2005:706-01
                      Important: cups security update
                              10 August 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           cups
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Enterprise Linux Desktop 4
                   Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Desktop 3
                   UNIX variants
Impact:            Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-2097

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-706.html

Comment: This advisory references vulnerabilities in products which run on
         platforms other than RedHat. It is recommended that administrators
         running CUPS check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: cups security update
Advisory ID:       RHSA-2005:706-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-706.html
Issue date:        2005-08-09
Updated on:        2005-08-09
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2097
- - ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix a security issue are now available for Red
Hat Enterprise Linux.

This update has been rated as having important security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for
UNIX(R) operating systems.

When processing a PDF file, bounds checking was not correctly performed on
some fields.  This could cause the pdftops filter (running as user "lp") to
crash.  The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2097 to this issue.

All users of CUPS should upgrade to these erratum packages, which contain a
patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

164510 - CAN-2005-2097 pdf flaw


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm
6fdfeda1620e95a6ed9141398adb88be  cups-1.1.17-13.3.31.src.rpm

i386:
6f53077afd334ef360da78265a1d3015  cups-1.1.17-13.3.31.i386.rpm
313336568455c6bf53c465b6b9ddfe6b  cups-devel-1.1.17-13.3.31.i386.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm

ia64:
0e3c6790b045e27c30c8546ef147a6b6  cups-1.1.17-13.3.31.ia64.rpm
da9e2d61e6ea694b691d43015d044648  cups-devel-1.1.17-13.3.31.ia64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
42bbd422f83eae3bd94a67709aabc9b6  cups-libs-1.1.17-13.3.31.ia64.rpm

ppc:
2ef8571cde9f6fc0ba6ffa7cf4bcffcf  cups-1.1.17-13.3.31.ppc.rpm
ea06586a5d0edece302f465cc06655b9  cups-devel-1.1.17-13.3.31.ppc.rpm
d5864d0bc6ffafb60e5512b72cd1deee  cups-libs-1.1.17-13.3.31.ppc.rpm
070c52a8fff483d5b2977f41af8c2d48  cups-libs-1.1.17-13.3.31.ppc64.rpm

s390:
e8a3333a4f41f4d286e30d2ba6dac182  cups-1.1.17-13.3.31.s390.rpm
64b0004da2a22335600116c4fd62655a  cups-devel-1.1.17-13.3.31.s390.rpm
73fd8d9b5532dfcb6512af45e2e0bb4c  cups-libs-1.1.17-13.3.31.s390.rpm

s390x:
930e0db46c1e076b8e79d6bf712a5996  cups-1.1.17-13.3.31.s390x.rpm
624a554a09a737def3b20b19a65755e0  cups-devel-1.1.17-13.3.31.s390x.rpm
73fd8d9b5532dfcb6512af45e2e0bb4c  cups-libs-1.1.17-13.3.31.s390.rpm
d56b117031bccc86a8c827e9d0cf7ade  cups-libs-1.1.17-13.3.31.s390x.rpm

x86_64:
d737dd5cb793f4ad445d93d33b48e082  cups-1.1.17-13.3.31.x86_64.rpm
75ad39e7ec8114ceb2dd1653df48f6c9  cups-devel-1.1.17-13.3.31.x86_64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
7a874e6ac4f4b128041f150cc08a90bb  cups-libs-1.1.17-13.3.31.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm
6fdfeda1620e95a6ed9141398adb88be  cups-1.1.17-13.3.31.src.rpm

i386:
6f53077afd334ef360da78265a1d3015  cups-1.1.17-13.3.31.i386.rpm
313336568455c6bf53c465b6b9ddfe6b  cups-devel-1.1.17-13.3.31.i386.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm

x86_64:
d737dd5cb793f4ad445d93d33b48e082  cups-1.1.17-13.3.31.x86_64.rpm
75ad39e7ec8114ceb2dd1653df48f6c9  cups-devel-1.1.17-13.3.31.x86_64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
7a874e6ac4f4b128041f150cc08a90bb  cups-libs-1.1.17-13.3.31.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm
6fdfeda1620e95a6ed9141398adb88be  cups-1.1.17-13.3.31.src.rpm

i386:
6f53077afd334ef360da78265a1d3015  cups-1.1.17-13.3.31.i386.rpm
313336568455c6bf53c465b6b9ddfe6b  cups-devel-1.1.17-13.3.31.i386.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm

ia64:
0e3c6790b045e27c30c8546ef147a6b6  cups-1.1.17-13.3.31.ia64.rpm
da9e2d61e6ea694b691d43015d044648  cups-devel-1.1.17-13.3.31.ia64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
42bbd422f83eae3bd94a67709aabc9b6  cups-libs-1.1.17-13.3.31.ia64.rpm

x86_64:
d737dd5cb793f4ad445d93d33b48e082  cups-1.1.17-13.3.31.x86_64.rpm
75ad39e7ec8114ceb2dd1653df48f6c9  cups-devel-1.1.17-13.3.31.x86_64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
7a874e6ac4f4b128041f150cc08a90bb  cups-libs-1.1.17-13.3.31.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm
6fdfeda1620e95a6ed9141398adb88be  cups-1.1.17-13.3.31.src.rpm

i386:
6f53077afd334ef360da78265a1d3015  cups-1.1.17-13.3.31.i386.rpm
313336568455c6bf53c465b6b9ddfe6b  cups-devel-1.1.17-13.3.31.i386.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm

ia64:
0e3c6790b045e27c30c8546ef147a6b6  cups-1.1.17-13.3.31.ia64.rpm
da9e2d61e6ea694b691d43015d044648  cups-devel-1.1.17-13.3.31.ia64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
42bbd422f83eae3bd94a67709aabc9b6  cups-libs-1.1.17-13.3.31.ia64.rpm

x86_64:
d737dd5cb793f4ad445d93d33b48e082  cups-1.1.17-13.3.31.x86_64.rpm
75ad39e7ec8114ceb2dd1653df48f6c9  cups-devel-1.1.17-13.3.31.x86_64.rpm
f38c9a11506ae85d5de4ddf721dfd1a0  cups-libs-1.1.17-13.3.31.i386.rpm
7a874e6ac4f4b128041f150cc08a90bb  cups-libs-1.1.17-13.3.31.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm
9b035487b0771701ede6d2127d250127  cups-1.1.22-0.rc1.9.7.src.rpm

i386:
4c7c20b95e38b497aa610332ce2d0551  cups-1.1.22-0.rc1.9.7.i386.rpm
b8863c846afdf0fce99de34e2ad0ee27  cups-devel-1.1.22-0.rc1.9.7.i386.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm

ia64:
3ff6481aeaeef012e63a7effe7aad71b  cups-1.1.22-0.rc1.9.7.ia64.rpm
133970e22eb1094d10c431809374e897  cups-devel-1.1.22-0.rc1.9.7.ia64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
9b1edfb8aef5edfe2a77e717dd0908cd  cups-libs-1.1.22-0.rc1.9.7.ia64.rpm

ppc:
aeee85359fb8d62f7cadfdbd70389018  cups-1.1.22-0.rc1.9.7.ppc.rpm
e40bc2adb4e988b6cfc6a6f76ab3d361  cups-devel-1.1.22-0.rc1.9.7.ppc.rpm
18c43f70e182dd5fc45af75678f47e92  cups-libs-1.1.22-0.rc1.9.7.ppc.rpm
44fc714c998b6c4a6ae88ffade39b55c  cups-libs-1.1.22-0.rc1.9.7.ppc64.rpm

s390:
017e4f6095f827dcd84351b1555ac841  cups-1.1.22-0.rc1.9.7.s390.rpm
3b66ab340809a2638405e34b02811e9a  cups-devel-1.1.22-0.rc1.9.7.s390.rpm
75e83909b63136a6ba8ab2913d790e06  cups-libs-1.1.22-0.rc1.9.7.s390.rpm

s390x:
7e7dc1aa097cadb6add6c1c9276632f3  cups-1.1.22-0.rc1.9.7.s390x.rpm
f871a5bfcc2b6a8d29a5809a9fef438d  cups-devel-1.1.22-0.rc1.9.7.s390x.rpm
75e83909b63136a6ba8ab2913d790e06  cups-libs-1.1.22-0.rc1.9.7.s390.rpm
ca9e6f369441b2e9049a5ee86cd330dc  cups-libs-1.1.22-0.rc1.9.7.s390x.rpm

x86_64:
f8cdf81a6645b4b7c4955a36a35d0f2f  cups-1.1.22-0.rc1.9.7.x86_64.rpm
e6d59fe158d842f92594c3fc0f12a04a  cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
723689c347475e508dd2adf82d6c8a0c  cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm
9b035487b0771701ede6d2127d250127  cups-1.1.22-0.rc1.9.7.src.rpm

i386:
4c7c20b95e38b497aa610332ce2d0551  cups-1.1.22-0.rc1.9.7.i386.rpm
b8863c846afdf0fce99de34e2ad0ee27  cups-devel-1.1.22-0.rc1.9.7.i386.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm

x86_64:
f8cdf81a6645b4b7c4955a36a35d0f2f  cups-1.1.22-0.rc1.9.7.x86_64.rpm
e6d59fe158d842f92594c3fc0f12a04a  cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
723689c347475e508dd2adf82d6c8a0c  cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm
9b035487b0771701ede6d2127d250127  cups-1.1.22-0.rc1.9.7.src.rpm

i386:
4c7c20b95e38b497aa610332ce2d0551  cups-1.1.22-0.rc1.9.7.i386.rpm
b8863c846afdf0fce99de34e2ad0ee27  cups-devel-1.1.22-0.rc1.9.7.i386.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm

ia64:
3ff6481aeaeef012e63a7effe7aad71b  cups-1.1.22-0.rc1.9.7.ia64.rpm
133970e22eb1094d10c431809374e897  cups-devel-1.1.22-0.rc1.9.7.ia64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
9b1edfb8aef5edfe2a77e717dd0908cd  cups-libs-1.1.22-0.rc1.9.7.ia64.rpm

x86_64:
f8cdf81a6645b4b7c4955a36a35d0f2f  cups-1.1.22-0.rc1.9.7.x86_64.rpm
e6d59fe158d842f92594c3fc0f12a04a  cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
723689c347475e508dd2adf82d6c8a0c  cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm
9b035487b0771701ede6d2127d250127  cups-1.1.22-0.rc1.9.7.src.rpm

i386:
4c7c20b95e38b497aa610332ce2d0551  cups-1.1.22-0.rc1.9.7.i386.rpm
b8863c846afdf0fce99de34e2ad0ee27  cups-devel-1.1.22-0.rc1.9.7.i386.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm

ia64:
3ff6481aeaeef012e63a7effe7aad71b  cups-1.1.22-0.rc1.9.7.ia64.rpm
133970e22eb1094d10c431809374e897  cups-devel-1.1.22-0.rc1.9.7.ia64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
9b1edfb8aef5edfe2a77e717dd0908cd  cups-libs-1.1.22-0.rc1.9.7.ia64.rpm

x86_64:
f8cdf81a6645b4b7c4955a36a35d0f2f  cups-1.1.22-0.rc1.9.7.x86_64.rpm
e6d59fe158d842f92594c3fc0f12a04a  cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm
83c915a577bb1e14ff7b41971c37088d  cups-libs-1.1.22-0.rc1.9.7.i386.rpm
723689c347475e508dd2adf82d6c8a0c  cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC+OCBXlSAg2UNWIIRAihEAJ48NUJqFiPrQ6Zxra/u51LBfdWaYQCcCs/R
EHn1qTjgim7AYTJZnpOLwuo=
=cUmo
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQvlS1Ch9+71yA2DNAQK1ZgQAlHfjZhNvKCR4TNLKud7TK8C2tAD3PZix
sEkaU9w89kuteQVzpD3jqAdyFRjxnhD+zZI+X1fe8GsJsKS0opDoT1+qUu7z4x2W
oRGA2GvjQ2xhFR+Jtl3I2TaojRCZkeYcY7C8UM+PTTDXhvW8Kc6WtvVUqTVgxSY/
bbEzTzQ5Brs=
=BjZv
-----END PGP SIGNATURE-----