__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Cups Security Update
[Red Hat RHSA-2008:0161-3]
February 25, 2008 22:00 GMT Number S-202
[REVISED 27 Feb 2008]
______________________________________________________________________________
PROBLEM: Flaws were found in the way CUPS handled the addition and
removal of remote shared printers via IPP.
PLATFORM: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 4)
DAMAGE: DoS.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is LOW. A remote attacker could send malicious UDP IPP
ASSESSMENT: packets causing the CUPS daemon to attempt to dereference
already freed memory and crash.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-202.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0161.html
ADDITIONAL LINK: http://www.securityfocus.com/bid/27988/discuss
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2008-0596 CVE-2008-0597
______________________________________________________________________________
REVISION HISTORY:
02/27/2008 - revised S-202 to add a link to Security Focus 27988 for CUPS 1.1.17 and
1.1.22.
[***** Start Red Hat RHSA-2008:0161-3 *****]
Important: cups security update
Advisory: RHSA-2008:0161-3
Type: Security Advisory
Severity: Important
Issued on: 2008-02-25
Last updated on: 2008-02-25
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080161.xml
CVEs (cve.mitre.org): CVE-2008-0596
CVE-2008-0597
Details
Updated cups packages that fix two security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.
A flaw was found in the way CUPS handled the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to attempt to dereference already freed
memory and crash. (CVE-2008-0597)
A memory management flaw was found in the way CUPS handled the addition and
removal of remote shared printers via IPP. When shared printer was
removed, allocated memory was not properly freed, leading to a memory leak
possibly causing CUPS daemon crash after exhausting available memory.
(CVE-2008-0596)
These issues were found during the investigation of CVE-2008-0882, which
did not affect Red Hat Enterprise Linux 4.
Note that the default configuration of CUPS on Red Hat Enterprise Linux
4 allow requests of this type only from the local subnet.
All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2
PPC:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm e44c4426cffb46214578af4b7bf3355f
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm 7408a507942ccf45063d2712701bc820
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm ec9c615f9a4fb7cee321f6cdf6f0aec7
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm 95065ef884476ffc80a5f3af10633da2
s390:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm 2f4714e2e43e762dba541ad75711ae38
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm 2456e5c5bf1211dd703896762afecbe2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm c709e0497732e17cb629032d20aadb0c
s390x:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm 29e76d263e08daa2ef20610b35426ba2
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm 2c7b6e1c00374cde9c20de0237e3e59b
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm c709e0497732e17cb629032d20aadb0c
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm d8596765717c7bfd24de39bda5f228e5
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43
IA-32:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
IA-64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests
433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597
http://www.redhat.com/security/updates/classification/#important
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2008:0161-3 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
S-192: Kerio MailServer Vulnerabilities
S-193: WordPress Vulnerability
S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability
S-195: Novell iPrint Client 'ienipp.ocx' ActiveX Vulnerability
S-197: VMWare Products Shared Folders "MultiByteToWideChar()' Variant Vulnerability
S-198: OpenCA Vulnerability
S-199: OpenLDAP Vulnerability
S-196: Cups Security Update
S-200: splitvt Vulnerability
S-201: PCRE3 Vulnerability