Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryupdateFedoraFedora 27: FEDORA-2018-f2e1c09437 Critical: cups-filters Issues
Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-f2e1c09437 2018-04-30 16:33:57.130928 --------------------------------------------------------------------------------Name : cups-filters Product : Fedora 27 Version : 1.16.1 Release : 5.fc27 URL : https://wiki.linuxfoundation.org/openprinting/cups-filters Summary : OpenPrinting CUPS filters and backends Description : Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting. --------------------------------------------------------------------------------Update Information: Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595. --------------------------------------------------------------------------------ChangeLog: * Wed Apr 18 2018 Zdenek Dohnal - 1.16.1-5 - rebuilt with qpdf-7.1.1 * Tue Jan 2 2018 Zdenek Dohnal - 1.16.1-4 - 1529680 - set CreateIPPPrintQueues to ALL and LocalRemoteCUPSQueueNaming to RemoteName * Mon Nov 20 2017 Zdenek Dohnal - 1.16.1-3 - fixing patch for upstream issue 1413 --------------------------------------------------------------------------------References: [ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-f2e1c09437' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 30, 2018
•Critical
Fedora
89
security advisorycriticalsoftware updateFedora 24 Boomaga Security Update 0.8.0-6.git97f52c1 Critical Issue
Update to 0.8.0-6.git97f52c1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-5d0871e3fd 2017-01-24 19:30:33.805468 -------------------------------------------------------------------------------- Name : boomaga Product : Fedora 24 Version : 0.8.0 Release : 6.git97f52c1.fc24 URL : http://www.boomaga.org Summary : A virtual printer for viewing a document before printing Description : Boomaga (BOOklet MAnager) is a virtual printer for viewing a document before printing it out using the physical printer. The program is very simple to work with. Running any program, click "print" and select "Boomaga" to see in several seconds (CUPS takes some time to respond) the Boomaga window open. If you print out one more document, it gets added to the previous one, and you can also print them out as one, and you can also print them out as one. Regardless of whether your printer supports duplex printing or not, you would be able to easily print on both sides of the sheet. If your printer does not support duplex printing, point this out in the settings, and Booklet would ask you to turn over the pages half way through printing your document. The program can also help you get your documents prepared a bit before printing. At this stage Boomaga makes it possible to: * Paste several documents together. * Print several pages on one sheet. * 1, 2, 4, 8 pages per sheet * Booklet. Folding the sheets in two, you'll get a book. -------------------------------------------------------------------------------- Update Information: Update to 0.8.0-6.git97f52c1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409115 - Incorrect permissons in the RPM package and boomaga requires the SELinux security policy https://bugzilla.redhat.com/show_bug.cgi?id=1409115 -------------------------------------------------------------------------------- This update can be installedwith the "dnf" update program. Use su -c 'dnf upgrade boomaga' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jan 25, 2017
•Critical
Fedora
98
security advisoryupdatered hatRed Hat Linux 7 RHSA-2015:1123-01 Important CUPS Security Update
Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2015:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1123.html Issue date: 2015-06-17 CVE Names: CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 ==================================================================== 1. Summary: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) -i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158) A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159) An integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679) Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow 1221641 - CVE-2015-1158 cups: incorrect string reference counting (VU#810572) 1221642 - CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572) 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-1.4.2-67.el6_6.1.ppc64.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-devel-1.4.2-67.el6_6.1.ppc.rpm cups-devel-1.4.2-67.el6_6.1.ppc64.rpm cups-libs-1.4.2-67.el6_6.1.ppc.rpm cups-libs-1.4.2-67.el6_6.1.ppc64.rpm cups-lpd-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-1.4.2-67.el6_6.1.s390x.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-devel-1.4.2-67.el6_6.1.s390.rpm cups-devel-1.4.2-67.el6_6.1.s390x.rpm cups-libs-1.4.2-67.el6_6.1.s390.rpm cups-libs-1.4.2-67.el6_6.1.s390x.rpm cups-lpd-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-php-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-php-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm ppc64: cups-1.6.3-17.el7_1.1.ppc64.rpm cups-client-1.6.3-17.el7_1.1.ppc64.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-devel-1.6.3-17.el7_1.1.ppc.rpm cups-devel-1.6.3-17.el7_1.1.ppc64.rpm cups-libs-1.6.3-17.el7_1.1.ppc.rpm cups-libs-1.6.3-17.el7_1.1.ppc64.rpm cups-lpd-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-1.6.3-17.el7_1.1.s390x.rpm cups-client-1.6.3-17.el7_1.1.s390x.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-devel-1.6.3-17.el7_1.1.s390.rpm cups-devel-1.6.3-17.el7_1.1.s390x.rpm cups-libs-1.6.3-17.el7_1.1.s390.rpm cups-libs-1.6.3-17.el7_1.1.s390x.rpm cups-lpd-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.ael7b_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.ael7b_1.1.noarch.rpm ppc64le: cups-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-client-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-devel-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-libs-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-lpd-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-ipptool-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-ipptool-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-ipptool-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9679 https://access.redhat.com/security/cve/CVE-2015-1158 https://access.redhat.com/security/cve/CVE-2015-1159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Crucial CUPS security enhancement for Red Hat Enterprise Linux tackling severe vulnerabilities in the printing service.. Red Hat Enterprise Linux,CUPS Security,Critical Update,Important Advisory,Security Issues. . Severity: Important. LinuxSecurity.com Team
Jun 17, 2015
•Important
Red Hat
98
security advisoryRed Hatprinting issueRed Hat Linux 7.2 RHSA-2001:138-10 Moderate: Omni Printing Security Update
A collection of security fixes, bug fixes, and functionality updates,including the Omni print drivers from IBM.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Comprehensive Printing Update Advisory ID: RHSA-2001:138-10 Issue date: 2001-10-22 Updated on: 2001-10-31 Product: Red Hat Linux Keywords: Omni printing ghostscript foomatic printconf Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: A collection of security fixes, bug fixes, and functionality updates, including the Omni print drivers from IBM. 2. Relevant releases/architectures: Red Hat Linux 7.2 - i386 3. Problem description: This update addresses the following issues: A printing security hole, whereby non-local users could print the contents of any file on the system which the 'lp' user was capable of reading. This was solved by giving Ghostscript a 'PARANOIDSAFER' mode, which will not open external files. A foomatic printing database bug, which caused all users of the 'stp' driver, including virtually all Epson printers, to fail to print as a result of miscalculated driver data. A filtration problem, which caused many PCL and PJL printers to produce garbage. This was solved by switching to the foomatic distributed 'lpdomatic' program for filtration. A few printconf crashers in the new printconf-tui programme. And in addition, this update adds the Omni print drivers from IBM, which support an additional 300 printers. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. After updating the rpms, you will need to restart your print server, by running: /sbin/service lpd restart Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 7.2: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- b5fb0f362d02b7603a6457f9f22c7805 7.2/en/os/SRPMS/Omni-0.5.0-4.src.rpm c5d165452bbfe1a0012f056312894c11 7.2/en/os/SRPMS/foomatic-1.1-0.20011018.3.src.rpm 835ebff65ba009ca2fe357d85d1a32bf 7.2/en/os/SRPMS/ghostscript-6.51-16.src.rpm 080116d5dd7f3808a0b480ec08ad3f75 7.2/en/os/SRPMS/printconf-0.3.52-1.src.rpm cfed0e7eb8816db262b2d7fdc8ea6c65 7.2/en/os/i386/Omni-0.5.0-4.i386.rpm 93f6ffeb3997ee63ccc8edb60c1d3b4c 7.2/en/os/i386/Omni-foomatic-0.5.0-4.i386.rpm 36dabdc01cae9f01f6b31ebc9d3c786e 7.2/en/os/i386/foomatic-1.1-0.20011018.3.i386.rpm 9ee8a1d12bbbe8e571262583bceb1dfa 7.2/en/os/i386/ghostscript-6.51-16.i386.rpm 66f6a934d31cd78ac7b51c3b2dc5e168 7.2/en/os/i386/printconf-0.3.52-1.i386.rpm 36562b52000f29159ac5f46f9afc1d80 7.2/en/os/i386/printconf-gui-0.3.52-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Copyright(c) 2000, 2001 Red Hat, Inc. `. Thorough analysis of Red Hat printingframeworks targeting various security flaws and operational improvements.. Red Hat Linux, Printing Drivers, Security Issues, Bug Fixes, Omni Print. . LinuxSecurity.com Team
Oct 31, 2001
Red Hat
98
security advisoryRed Hat LinuxcriticalRed Hat RHSA-2001:112-07 Critical: Ghostscript File Access Risk
Ghostscript, apostscript interpreter, can read arbitrary system files with the samepermissions as the print spooler, potentially exposing the system to aninformation compromise.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Printing exposes system files to reading. Advisory ID: RHSA-2001:112-07 Issue date: 2001-09-24 Updated on: 2001-10-25 Product: Red Hat Linux Keywords: Ghostscript lpr LPRng printing Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: When used in a spooling environment, it is inappropriate to allow programs to read arbitrary files as a result of print requests. Ghostscript, a postscript interpreter, can read arbitrary system files with the same permissions as the print spooler, potentially exposing the system to an information compromise. 2. Relevant releases/architectures: Red Hat Linux 5.2 - alpha, i386, noarch, sparc Red Hat Linux 6.2 - alpha, i386, noarch, sparc Red Hat Linux 6.2J - i386, noarch Red Hat Linux 7.0 - alpha, i386, noarch Red Hat Linux 7.0J - i386, noarch Red Hat Linux 7.1 - alpha, i386, ia64 3. Problem description: Ghostscript, a postscript interpreter, possess various 'file', 'run', etc., commands internally. It also provides a -dSAFER flag to restrict the use of the commands. However, the -dSAFER flag is meant to protect a user from malicious postscript, not to protect a system from inappropriate snooping by a user, and so it is still possible to _read_ files in the SAFER mode. In a print spooling context, even reading arbitrary files is dangerous, and so this needs to be disabled in that context. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs youwish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. After updating the packages, the spool filter will have to be repaired to use the -dPARANOIDSAFER mode, IF and only IF you have modified the spools from what printtool provided. If this is the case, delete the spool queue, and simply re-add it. Custom filters and processes can make use of this mode by setting and exporting the GS_OPTIONS environment variable to contain -dPARANOIDSAFER, or by adding -dPARANOIDSAFER to the command line call to ghostscript. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 5.2: SRPMS: alpha: i386: noarch: sparc: Red Hat Linux 6.2: SRPMS: alpha: i386: noarch: sparc: Red Hat Linux 6.2J: SRPMS: i386: noarch: Red Hat Linux 7.0: SRPMS: alpha: i386: noarch: Red Hat Linux 7.0J: SRPMS: i386: noarch: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 1e2e4ac0ea5e8dd82b2e1d36b79c34f2 5.2/en/os/SRPMS/ghostscript-4.03-4.src.rpm 9909205f309ddb5e065be9c1320dd8b1 5.2/en/os/SRPMS/printtool-3.29-4.src.rpm 4e81383b18e4a8a20f073ab0f9e05503 5.2/en/os/SRPMS/rhs-printfilters-1.46-5.src.rpm e5b9efa88914c71b24295af6211b3efd5.2/en/os/alpha/ghostscript-4.03-4.alpha.rpm 028d6a97fe5df29c997590f54f52be44 5.2/en/os/alpha/rhs-printfilters-1.46-5.alpha.rpm 0ab69b43209d09741f6d044746eb241e 5.2/en/os/i386/ghostscript-4.03-4.i386.rpm ed616c9006187c81fa97cab003848c44 5.2/en/os/i386/rhs-printfilters-1.46-5.i386.rpm ae34fdede9dec34e147773083d6044bc 5.2/en/os/noarch/printtool-3.29-4.noarch.rpm 10d6eea0b77c170d52a45b891f2359e0 5.2/en/os/sparc/ghostscript-4.03-4.sparc.rpm 31d64375dc91fd7454c03314440e359b 5.2/en/os/sparc/rhs-printfilters-1.46-5.sparc.rpm 248661d383b62af3d3208ef430bbb523 6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2.src.rpm 3938d1c2b436e06990b4853cd721da4f 6.2/en/os/SRPMS/printtool-3.44-2.src.rpm e6023c6d823bf32d6abfa2e7d0b0fe45 6.2/en/os/SRPMS/rhs-printfilters-1.63-2.rh6.2.src.rpm e631891fce4cec7e2dc0121b68d3f738 6.2/en/os/alpha/ghostscript-5.50-19.rh6.2.alpha.rpm 43ad46318ba1d69eeecd214657b18a30 6.2/en/os/alpha/rhs-printfilters-1.63-2.rh6.2.alpha.rpm d4272031c27f633bc34dd4b451381ab8 6.2/en/os/i386/ghostscript-5.50-19.rh6.2.i386.rpm cc108d061650e5cce2ded7439f408f18 6.2/en/os/i386/rhs-printfilters-1.63-2.rh6.2.i386.rpm 94a95c0be1a72b173b6d51f8096b8e58 6.2/en/os/noarch/printtool-3.44-2.noarch.rpm 9fbaaee462404c30775cd2e9bc0adbd5 6.2/en/os/sparc/ghostscript-5.50-19.rh6.2.sparc.rpm 26ccc02bef27497bd967dd28c74c01f2 6.2/en/os/sparc/rhs-printfilters-1.63-2.rh6.2.sparc.rpm 8f8714585f711b8b8bc1c2cd783472a1 6.2J/ja/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm e191a1a78b5bdf916bcacb5c21419471 6.2J/ja/os/SRPMS/printtool-3.42-4.src.rpm a67f631e55af86b229a1d731df3bf3d6 6.2J/ja/os/SRPMS/rhs-printfilters-1.63-2.rh6.2j.src.rpm 2cbad9d8965365ba8704ff728e32b2ca 6.2J/ja/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm 4c929d275733e10b5b17b34916eb2e85 6.2J/ja/os/i386/rhs-printfilters-1.63-2.rh6.2j.i386.rpm c5c8e9ff4171a3eb69b9e17724015345 6.2J/ja/os/noarch/printtool-3.42-4.noarch.rpm 5db34e8b133397de814eb9aac4b9eb49 7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.0.src.rpm b74adc24a474d17db984da3ddc3eb3b17.0/en/os/SRPMS/printtool-3.54-2.src.rpm 2824a0c17f97c758ef503c97d55839c7 7.0/en/os/SRPMS/rhs-printfilters-1.81-2.rh7.0.src.rpm 85ded059428a30beec706275906aaad4 7.0/en/os/alpha/ghostscript-5.50-19.rh7.0.alpha.rpm 7fc94c195c1bdb9548aa44413ee8a46b 7.0/en/os/alpha/rhs-printfilters-1.81-2.rh7.0.alpha.rpm 4853a8a763df075ab5fdfee5121855fe 7.0/en/os/i386/ghostscript-5.50-19.rh7.0.i386.rpm e21256ce9c79052b97aee1a3f24bb53b 7.0/en/os/i386/rhs-printfilters-1.81-2.rh7.0.i386.rpm ea13fc93f0346f87f70763a7cf2dd645 7.0/en/os/noarch/printtool-3.54-2.noarch.rpm 2571c3d15b6bc025ea5faa5a84c7417f 7.0J/ja/os/SRPMS/printtool-3.54-2j.src.rpm 2c40f9f8934e3925671f09d69c33874f 7.0J/ja/os/SRPMS/rhs-printfilters-1.81-2.rh7.0j.src.rpm 1265517c73da2aae204cdc207b03443a 7.0J/ja/os/i386/rhs-printfilters-1.81-2.rh7.0j.i386.rpm afb8db5574e0f668675565b994d9a69a 7.0J/ja/os/noarch/printtool-3.54-2j.noarch.rpm 166bdd66ca50f93a339511f3f3e9d2e6 7.1/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm 3d2ec6dc7e1479eff9c1850d13b0306e 7.1/en/os/SRPMS/printconf-0.2.15-2.src.rpm ebb20c363cbf63112f515af2153d2e59 7.1/en/os/alpha/ghostscript-5.50-19.rh7.1.alpha.rpm a0dfc995d0648230e1648f616010904b 7.1/en/os/alpha/printconf-0.2.15-2.alpha.rpm c5f127f4ab3a2964d8d4fa990c8a5d66 7.1/en/os/alpha/printconf-gui-0.2.15-2.alpha.rpm aab6f7a301909bb2eae04d5ab7b87d5d 7.1/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm a2b7f27e31b71218703cb68f95355e24 7.1/en/os/i386/printconf-0.2.15-2.i386.rpm b20e1817f9b81ba5503c9864588e2f92 7.1/en/os/i386/printconf-gui-0.2.15-2.i386.rpm 591db681b2312d5101e3a97e4ad26b6d 7.1/en/os/ia64/ghostscript-5.50-19.rh7.1.ia64.rpm 274bbba826571dccae6dbda1f6a73d37 7.1/en/os/ia64/printconf-0.2.15-2.ia64.rpm 19aeb3b64f695b6f0343661173fff3d5 7.1/en/os/ia64/printconf-gui-0.2.15-2.ia64.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine onlythe md5sum with the following command: rpm --checksig --nogpg 8. References: Copyright(c) 2000, 2001 Red Hat, Inc. `. Red Hat alerts users to critical Ghostscript risks allowing unauthorized access to system files. Solutions detailed inside.. Red Hat Security, Ghostscript Risk, Printing Advisory. . Severity: Critical. LinuxSecurity.com Team
Oct 26, 2001
•Critical
Red Hat
98
security advisoryRed HatlprRed Hat: RHSA-1999:041-03 Moderate: Lpr File Access Problem
There are potential problems with file access checking in the lpr and lpd programs. These could allow users to potentially print files they do not have access to. Also, there are bugs in remote printing in the lpd that shipped with Red Hat Linux 6.1. . Red Hat, Inc. Security Advisory Package lpr Synopsis File access problems in lpr/lpd Advisory ID RHSA-1999:041-03 Issue Date 1999-10-17 Updated on 1999-10-25 Keywords lpr lpd permissions Cross references N/A Revision History: 1999-10-25: New packages, to fix problems introduced by the security fix. 1999-10-19: New packages, to fix a remote printing bug. Add note about local printing fix for Red Hat Linux 6.1. 1. Topic: There are potential problems with file access checking in the lpr and lpd programs. These could allow users to potentially print files they do not have access to. Also, there are bugs in remote printing in the lpd that shipped with Red Hat Linux 6.1. 2. Problem description: There are two problems in the lpr and lpd programs. By exploiting a race between the access check and the actual file opening, it is potentially possible to have lpr read a file as root that the user does not have access to. Also, the lpd program would blindly open queue files as root; by use of the '-s' flag to lpr, it was possible to have lpd print files that the user could not access. Thanks go to Tymm Twillman for pointing out these vulnerabilities. (1999-10-19) Another problem with remote printing was fixed in lpr-0.44. If you are experiencing problems with remote printing in the previous errata update, it is recommended that you upgrade. There are no known security issues with the previous errata packages. If you are experiencing problems with local printingin Red Hat Linux 6.1, make sure that you have: alias parport_lowlevel parport_pc in your /etc/conf.modules file. (1999-10-25) The original security patch broke some aspects of printing. New errata RPMs are available which should fix the problem. 3. Bug IDs fixed: (see bugzilla for more information) 5122 5540 5697 5832 5835 5903 5949 4. Relevant releases/architectures: Red Hat Linux 6.1, all architectures 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: lpr-0.46- 1.i386.rpm Alpha: lpr-0.46- 1.alpha.rpm SPARC: lpr-0.46- 1.sparc.rpm Source: lpr-0.46- 1.src.rpm Architecture neutral: 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- 03c996550636cbe4ca0a9fc853f969b6 lpr-0.46-1.src.rpm 30089f82ecf8e8a89565c5bba361697d lpr-0.46-1.alpha.rpm a01c0b9278c2c9ffb4bb6450703fc124 lpr-0.46-1.i386.rpm 41a1ef221a15446ed46b54092d7c14ca lpr-0.46-1.sparc.rpm These packages are GPG signed by Red Hat Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename 10. References: . Concerns regarding file accessibility in lpr/lpd highlighted by Red Hat, crucial for safeguarding print functionalities. Bulletin RHSA-1999:041-03.. Red Hat Advisory, Lpr Security, File Access Issues, Remote Printing Flaws. . LinuxSecurity.com Team
Dec 07, 1999
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!