Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0617 -- RHSA-2005:706-01 Important: cups security update 10 August 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cups Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Enterprise Linux Desktop 4 Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Desktop 3 UNIX variants Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2005-2097 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-706.html Comment: This advisory references vulnerabilities in products which run on platforms other than RedHat. It is recommended that administrators running CUPS check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2005:706-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-706.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user "lp") to crash. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2097 to this issue. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 164510 - CAN-2005-2097 pdf flaw 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm ppc: 2ef8571cde9f6fc0ba6ffa7cf4bcffcf cups-1.1.17-13.3.31.ppc.rpm ea06586a5d0edece302f465cc06655b9 cups-devel-1.1.17-13.3.31.ppc.rpm d5864d0bc6ffafb60e5512b72cd1deee cups-libs-1.1.17-13.3.31.ppc.rpm 070c52a8fff483d5b2977f41af8c2d48 cups-libs-1.1.17-13.3.31.ppc64.rpm s390: e8a3333a4f41f4d286e30d2ba6dac182 cups-1.1.17-13.3.31.s390.rpm 64b0004da2a22335600116c4fd62655a cups-devel-1.1.17-13.3.31.s390.rpm 73fd8d9b5532dfcb6512af45e2e0bb4c cups-libs-1.1.17-13.3.31.s390.rpm s390x: 930e0db46c1e076b8e79d6bf712a5996 cups-1.1.17-13.3.31.s390x.rpm 624a554a09a737def3b20b19a65755e0 cups-devel-1.1.17-13.3.31.s390x.rpm 73fd8d9b5532dfcb6512af45e2e0bb4c cups-libs-1.1.17-13.3.31.s390.rpm d56b117031bccc86a8c827e9d0cf7ade cups-libs-1.1.17-13.3.31.s390x.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm ppc: aeee85359fb8d62f7cadfdbd70389018 cups-1.1.22-0.rc1.9.7.ppc.rpm e40bc2adb4e988b6cfc6a6f76ab3d361 cups-devel-1.1.22-0.rc1.9.7.ppc.rpm 18c43f70e182dd5fc45af75678f47e92 cups-libs-1.1.22-0.rc1.9.7.ppc.rpm 44fc714c998b6c4a6ae88ffade39b55c cups-libs-1.1.22-0.rc1.9.7.ppc64.rpm s390: 017e4f6095f827dcd84351b1555ac841 cups-1.1.22-0.rc1.9.7.s390.rpm 3b66ab340809a2638405e34b02811e9a cups-devel-1.1.22-0.rc1.9.7.s390.rpm 75e83909b63136a6ba8ab2913d790e06 cups-libs-1.1.22-0.rc1.9.7.s390.rpm s390x: 7e7dc1aa097cadb6add6c1c9276632f3 cups-1.1.22-0.rc1.9.7.s390x.rpm f871a5bfcc2b6a8d29a5809a9fef438d cups-devel-1.1.22-0.rc1.9.7.s390x.rpm 75e83909b63136a6ba8ab2913d790e06 cups-libs-1.1.22-0.rc1.9.7.s390.rpm ca9e6f369441b2e9049a5ee86cd330dc cups-libs-1.1.22-0.rc1.9.7.s390x.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OCBXlSAg2UNWIIRAihEAJ48NUJqFiPrQ6Zxra/u51LBfdWaYQCcCs/R EHn1qTjgim7AYTJZnpOLwuo= =cUmo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQvlS1Ch9+71yA2DNAQK1ZgQAlHfjZhNvKCR4TNLKud7TK8C2tAD3PZix sEkaU9w89kuteQVzpD3jqAdyFRjxnhD+zZI+X1fe8GsJsKS0opDoT1+qUu7z4x2W oRGA2GvjQ2xhFR+Jtl3I2TaojRCZkeYcY7C8UM+PTTDXhvW8Kc6WtvVUqTVgxSY/ bbEzTzQ5Brs= =BjZv -----END PGP SIGNATURE-----