Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat 5: RHSA-2007:1021-01 Important: CUPS PDF Exploit

red hat
Calendar Grey November 7, 2007
Dist Redhat Esm H88
Recent CUPS updates for Red Hat address critical security vulnerabilities associated with PDF handling and possible code execution threats.
Updated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit() 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset() 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS: 0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386: 0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm 9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm 725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

x86_64: 8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm 1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm 9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS: 0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386: e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm

x86_64: e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm 1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS: 0e674156c66a85f4befb25b61ac11219 cups-1.2.4-11.14.el5_1.3.src.rpm

i386: 0d1bc137688d648c1a6bb6d723d02131 cups-1.2.4-11.14.el5_1.3.i386.rpm e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm 9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm 725da2778499f0ef3d177ae5de2eac84 cups-lpd-1.2.4-11.14.el5_1.3.i386.rpm

ia64: 6d6d5b2c9bb192c0221fab51ca406e54 cups-1.2.4-11.14.el5_1.3.ia64.rpm e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm 1fd9e56a67d23a794bfe4d6f92eb74ac cups-debuginfo-1.2.4-11.14.el5_1.3.ia64.rpm f8993c91631e1cb221053970359a15c3 cups-devel-1.2.4-11.14.el5_1.3.ia64.rpm 9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm b563493fa5c9938711246df30849740e cups-libs-1.2.4-11.14.el5_1.3.ia64.rpm fbeff7413bedcb74acd9691ffd34ec16 cups-lpd-1.2.4-11.14.el5_1.3.ia64.rpm

ppc: 568c33780523d8934fd44cb8b38572f7 cups-1.2.4-11.14.el5_1.3.ppc.rpm 89302dadc2de2e1fd067c1468244d9d4 cups-debuginfo-1.2.4-11.14.el5_1.3.ppc.rpm b6eba796dede6c33f28887f142ec197b cups-debuginfo-1.2.4-11.14.el5_1.3.ppc64.rpm 8f47bde999fd4a20fdd95df19aa4d348 cups-devel-1.2.4-11.14.el5_1.3.ppc.rpm 904299c55e793be74463ed447d4c7912 cups-devel-1.2.4-11.14.el5_1.3.ppc64.rpm e510688e304707cdc2e69fbb690c105a cups-libs-1.2.4-11.14.el5_1.3.ppc.rpm a46a28e1dd83f550a8f90f76dd5de253 cups-libs-1.2.4-11.14.el5_1.3.ppc64.rpm 22240ec5fb56b681652830c602f6d3ac cups-lpd-1.2.4-11.14.el5_1.3.ppc.rpm

s390x: 0600130d9ffbc51fefefe5363161f809 cups-1.2.4-11.14.el5_1.3.s390x.rpm 747bc08e1347512b1250f2065f33ec82 cups-debuginfo-1.2.4-11.14.el5_1.3.s390.rpm 3e9253116a2fc0990fd7fb8df3330c0e cups-debuginfo-1.2.4-11.14.el5_1.3.s390x.rpm 205945b86014307d0351d958a3045bfd cups-devel-1.2.4-11.14.el5_1.3.s390.rpm 4494cce4dc572b50d825343ec9b2cfc1 cups-devel-1.2.4-11.14.el5_1.3.s390x.rpm f58cff49807950fe15a0431d9c0eb0a4 cups-libs-1.2.4-11.14.el5_1.3.s390.rpm 5b1a7f99fb9a376ac9dd6001bfc2400e cups-libs-1.2.4-11.14.el5_1.3.s390x.rpm 8f41c8e4ad65b647974012e97e559050 cups-lpd-1.2.4-11.14.el5_1.3.s390x.rpm

x86_64: 8a80ca4d3fb94684b6a157fd0fc03ffc cups-1.2.4-11.14.el5_1.3.x86_64.rpm e4e6204901c1baab713b6e9cd47bf3ba cups-debuginfo-1.2.4-11.14.el5_1.3.i386.rpm 1685646d0d294c5096cb749d994b0ccd cups-debuginfo-1.2.4-11.14.el5_1.3.x86_64.rpm ed50e67e5ac81816025b7044a60ff05c cups-devel-1.2.4-11.14.el5_1.3.i386.rpm d6e9593b5bd3da21bfd5a722fd9153a9 cups-devel-1.2.4-11.14.el5_1.3.x86_64.rpm 9bf17e649f5c0f6c67344279a7dc4d1b cups-libs-1.2.4-11.14.el5_1.3.i386.rpm e7122321cb07e24fdea833aeb99fceff cups-libs-1.2.4-11.14.el5_1.3.x86_64.rpm f1d2584267c494a0df96afb0f95cda27 cups-lpd-1.2.4-11.14.el5_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-4352 https://www.cve.org/CVERecord?id=CVE-2007-5392 https://www.cve.org/CVERecord?id=CVE-2007-5393 https://access.redhat.com/security/updates/classification#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2007:1021-01
Issue date: 2007-11-07
Updated on: 2007-11-07
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here