Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 1 Apr 2008 13:55:47 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "Synopsis: Moderate: cups security update Issue date: 2008-04-01 CVE Names: CVE-2008-0047 CVE-2008-0053 CVE-2008-1373 CVE-2008-1374 SL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the "lp" user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047) Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373) SL 3 & 4 Only: It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not completely resolve the integer overflow in the "pdftops" filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1374) SL 3.0.x SRPMS: cups-1.1.17-13.3.52.src.rpm i386: cups-1.1.17-13.3.52.i386.rpm cups-devel-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.i386.rpm x86_64: cups-1.1.17-13.3.52.x86_64.rpm cups-devel-1.1.17-13.3.52.x86_64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.x86_64.rpm SL 4.x SRPMS: cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm SL 5.x SRPMS: cups-1.2.4-11.14.el5_1.6.src.rpm i386: cups-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm x86_64: cups-1.2.4-11.14.el5_1.6.x86_64.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm -Connie Sieh -Troy Dawson