[RHSA-2006:0163-01] Important: cups security update

bugzilla at redhat.com bugzilla at redhat.com
Wed Jan 11 19:16:49 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: cups security update
Advisory ID:       RHSA-2006:0163-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0163.html
Issue date:        2006-01-11
Updated on:        2006-01-11
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
- ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix multiple security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Chris Evans discovered several flaws in the way CUPS processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
CUPS to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

All users of CUPS should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176868 - CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

ppc:
5a4e94ee0635aeecde6fd5821756ee79  cups-1.1.17-13.3.36.ppc.rpm
226daa41eee9ffd08eeef0bf491a52ff  cups-devel-1.1.17-13.3.36.ppc.rpm
40c64baf0608675b09ea29f6d902ba2b  cups-libs-1.1.17-13.3.36.ppc.rpm
cd8b0bf11b8c124bfa2c0fc8b9cf0e9a  cups-libs-1.1.17-13.3.36.ppc64.rpm

s390:
e77aa4796c41a2c86bef1d72418966d4  cups-1.1.17-13.3.36.s390.rpm
7c0dbe644ee80a0633ee4948c8a50731  cups-devel-1.1.17-13.3.36.s390.rpm
e79f1d7c9f227abe7e169b9f36413649  cups-libs-1.1.17-13.3.36.s390.rpm

s390x:
45b8e2ce603684e47652b25c01b378b3  cups-1.1.17-13.3.36.s390x.rpm
0400366b7aba8e68492400615327d44e  cups-devel-1.1.17-13.3.36.s390x.rpm
e79f1d7c9f227abe7e169b9f36413649  cups-libs-1.1.17-13.3.36.s390.rpm
5186688847172a22a80299d2a3348743  cups-libs-1.1.17-13.3.36.s390x.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e  cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1  cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791  cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4  cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b  cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a  cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119  cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be  cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898  cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4  cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

ppc:
365cdc0fee7940dc64a11dd80b031732  cups-1.1.22-0.rc1.9.10.ppc.rpm
78af3544a09b2a0add718085564fd769  cups-devel-1.1.22-0.rc1.9.10.ppc.rpm
b7e4289ea25721a2da48e8c200583a7b  cups-libs-1.1.22-0.rc1.9.10.ppc.rpm
cb3943932ad20c8921d34bc4df25a13f  cups-libs-1.1.22-0.rc1.9.10.ppc64.rpm

s390:
fece6e3a8d35ea9fcc250e2aecca7751  cups-1.1.22-0.rc1.9.10.s390.rpm
e44f3f4a8e3711140370b4f642a09f51  cups-devel-1.1.22-0.rc1.9.10.s390.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2  cups-libs-1.1.22-0.rc1.9.10.s390.rpm

s390x:
82048dc33e6d779ef535d6ae04c609ff  cups-1.1.22-0.rc1.9.10.s390x.rpm
584b5c05dcbcd8ea846c9ade4a74deb9  cups-devel-1.1.22-0.rc1.9.10.s390x.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2  cups-libs-1.1.22-0.rc1.9.10.s390.rpm
ca920b2447143d360df069310a57c29d  cups-libs-1.1.22-0.rc1.9.10.s390x.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2  cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b  cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3  cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45  cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144  cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6  cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a  cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c  cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0  cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632  cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVl8XlSAg2UNWIIRAqn6AJ9mzY82lwnJFbcyasSfn7jnfVQIfACgh/CL
2eQCmPCOJSgLjrE3GIIfsHM=
=otbM
-----END PGP SIGNATURE-----





More information about the Enterprise-watch-list mailing list