Operating System:

[UNIX/Linux][RedHat]

Published:

12 January 2006

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2006.0031 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2006.0031 -- [UNIX/Linux][RedHat]
                      Important: cups security update
                              12 January 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           CUPS
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Enterprise Linux Desktop 4
                   Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Desktop 3
                   UNIX variants (UNIX, Linux, OSX)
Impact:            Execute Arbitrary Code/Commands
                   Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CVE-2005-3627 CVE-2005-3626 CVE-2005-3625
                   CVE-2005-3624

Ref:               ESB-2006.0013

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0163.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: cups security update
Advisory ID:       RHSA-2006:0163-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0163.html
Issue date:        2006-01-11
Updated on:        2006-01-11
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
- - ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix multiple security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Chris Evans discovered several flaws in the way CUPS processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
CUPS to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

All users of CUPS should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176868 - CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

ppc:
5a4e94ee0635aeecde6fd5821756ee79  cups-1.1.17-13.3.36.ppc.rpm
226daa41eee9ffd08eeef0bf491a52ff  cups-devel-1.1.17-13.3.36.ppc.rpm
40c64baf0608675b09ea29f6d902ba2b  cups-libs-1.1.17-13.3.36.ppc.rpm
cd8b0bf11b8c124bfa2c0fc8b9cf0e9a  cups-libs-1.1.17-13.3.36.ppc64.rpm

s390:
e77aa4796c41a2c86bef1d72418966d4  cups-1.1.17-13.3.36.s390.rpm
7c0dbe644ee80a0633ee4948c8a50731  cups-devel-1.1.17-13.3.36.s390.rpm
e79f1d7c9f227abe7e169b9f36413649  cups-libs-1.1.17-13.3.36.s390.rpm

s390x:
45b8e2ce603684e47652b25c01b378b3  cups-1.1.17-13.3.36.s390x.rpm
0400366b7aba8e68492400615327d44e  cups-devel-1.1.17-13.3.36.s390x.rpm
e79f1d7c9f227abe7e169b9f36413649  cups-libs-1.1.17-13.3.36.s390.rpm
5186688847172a22a80299d2a3348743  cups-libs-1.1.17-13.3.36.s390x.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

ppc:
365cdc0fee7940dc64a11dd80b031732  cups-1.1.22-0.rc1.9.10.ppc.rpm
78af3544a09b2a0add718085564fd769  cups-devel-1.1.22-0.rc1.9.10.ppc.rpm
b7e4289ea25721a2da48e8c200583a7b  cups-libs-1.1.22-0.rc1.9.10.ppc.rpm
cb3943932ad20c8921d34bc4df25a13f  cups-libs-1.1.22-0.rc1.9.10.ppc64.rpm

s390:
fece6e3a8d35ea9fcc250e2aecca7751  cups-1.1.22-0.rc1.9.10.s390.rpm
e44f3f4a8e3711140370b4f642a09f51  cups-devel-1.1.22-0.rc1.9.10.s390.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2  cups-libs-1.1.22-0.rc1.9.10.s390.rpm

s390x:
82048dc33e6d779ef535d6ae04c609ff  cups-1.1.22-0.rc1.9.10.s390x.rpm
584b5c05dcbcd8ea846c9ade4a74deb9  cups-devel-1.1.22-0.rc1.9.10.s390x.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2  cups-libs-1.1.22-0.rc1.9.10.s390.rpm
ca920b2447143d360df069310a57c29d  cups-libs-1.1.22-0.rc1.9.10.s390x.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVl8XlSAg2UNWIIRAqn6AJ9mzY82lwnJFbcyasSfn7jnfVQIfACgh/CL
2eQCmPCOJSgLjrE3GIIfsHM=
=otbM
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ8WnyCh9+71yA2DNAQJi7wQAnQnpmq1NSnUmyG0OxVrDlCy0FwhOPDd+
IdfpyAFj76U0Jpd/eWfJjUF1yehscwg2EdVr15DpVDk5cfuDex1UfOIwR5fuC0wr
qdzJXw84w5XaNJ7eAxx4W5tcUf7cLduCvhHkqetNCzaLpD7oToUUTayWoGwG4/HG
NtAX7l8LnhI=
=t+Vm
-----END PGP SIGNATURE-----