MDVSA-2008:050

Package name

cups

Date

2008-02-26

Advisory ID

MDVSA-2008:050

Affected versions

CS3.0 i586 , CS3.0 x86_64

Problem description

Dave Camp at Critical Path Software discovered a buffer overflow
in CUPS 1.1.23 and earlier could allow local admin users to execute
arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848).

The Red Hat Security Team also found two flaws in CUPS 1.1.x where
a malicious user on the local subnet could send a set of carefully
crafted IPP packets to the UDP port in such a way as to cause CUPS
to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash
(CVE-2008-0596).

Finally, another flaw was found in how CUPS handled the addition and
removal of remote printers via IPP that could allow a remote attacker
to send a malicious IPP packet to the UDP port causing CUPS to crash
(CVE-2008-0882).

The updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 71c1bd1c9099440da3e9afcfe4636525  corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm
 a73fba38dbcf62fd4c64590e5d754126  corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm
 60b6e82788d5b0c51f68b0db44e31240  corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm
 419d078e2df1396531c23cbbf2f2785d  corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm
 064e5b42b27c90602bf8e7c47200bef8  corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm 
 5c363b9a8573a4ae3da5e654da34bae5  corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm

CS3.0 x86_64

 c33aff1c5bab9bce22f7a018f2fbfe7d  corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm
 ba1cba41b479e332e8d43652af86756d  corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm
 211561645f6743343a0a9189ecd8e24e  corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm
 d1cb2198f9b73cfb5d2ae3d69bacf12c  corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm
 104350956cda23c2e2f5bb05a22df9c7  corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm 
 5c363b9a8573a4ae3da5e654da34bae5  corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848