Fedora Legacy Test Update Notification: cups

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Feb 4 22:30:11 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2127
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2127
2005-02-04
---------------------------------------------------------------------

Name        : cups
Versions    : rh7.3: cups-1.1.14-15.4.4.legacy
Versions    : rh9: cups-1.1.17-13.3.0.13.legacy
Versions    : fc1: cups-1.1.19-13.8.legacy
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems. It has been developed by Easy Software
Products to promote a standard printing solution for all UNIX vendors
and users.
CUPS provides the System V and Berkeley command-line interfaces.

---------------------------------------------------------------------
Update Information:

Updated CUPS packages that fix several security issues are now
available.

The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code
used for parsing PDF files and is therefore affected by these bugs. An
attacker who has the ability to send a malicious PDF file to a printer
could cause CUPS to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would
authenticate with that shared printer using a username and password. By
default, the username and password used to connect to the Samba share is
written into the error log file. A local user who is able to read the
error log file could collect these usernames and passwords. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0923 to this issue.

A buffer overflow was found in the CUPS pdftops filter, which uses code
from the Xpdf package. An attacker who has the ability to send a
malicious PDF file to a printer could possibly execute arbitrary code as
the "lp" user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow was found in the ParseCommand function in the hpgltops
program. An attacker who has the ability to send a malicious HPGL file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1267 to this issue.

The lppasswd utility ignores write errors when modifying the CUPS passwd
file. A local user who is able to fill the associated file system could
corrupt the CUPS password file or prevent future uses of lppasswd. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.

The lppasswd utility does not verify that the passwd.new file is
different from STDERR, which could allow local users to control output
to passwd.new via certain user input that triggers an error message. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1270 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects the CUPS pdftops filter due to a shared
codebase. An attacker who has the ability to send a malicious PDF file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

All users of cups should upgrade to these updated packages, which
resolve these issues.

---------------------------------------------------------------------
7.3 changelog:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1.1.14-15.4.4.legacy
- xpdf patch CAN-2005-0064
- fix small regression in STR #1023 (FL bug #2127 comment 16)

* Wed Dec 22 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.1.14-15.4.3.legacy
- xpdf security fix CAN-2004-1125
- Fixed STR #1023 (FL bug #2127 comment 11)
- Fixed STR #1024 (FL bug #2127 comment 10)

* Wed Nov 17 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.1.14-15.4.2.legacy
- remove CAN-2004-0889 from patch filename, since the xpdf used here
   is < 3.0 and CAN-2004-0889 does not apply

* Tue Oct 26 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.1.14-15.4.1.legacy
- Apply patch for UDP packet DoS CAN-2004-0558 UDP DoS (FL #2072)
- Apply patch for information disclosure in logfile CAN-2004-0923 (FL #2127)
- Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH 
#135378)
- add BuildPrereq: pam-devel openssl-devel autoconf zlib-devel libjpeg-devel
   libtiff-devel libpng-devel
- to build in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
   (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi

9 changelog:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.13.legacy
- xpdf patch CAN-2005-0064
- fix small regression in STR #1023 (FL bug #2127 comment 16)

* Wed Dec 22 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.12.legacy
- xpdf security fix CAN-2004-1125
- Fixed STR #1023 (FL bug #2127 comment 11)
- Fixed STR #1024 (FL bug #2127 comment 10)

* Wed Nov 17 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.11.legacy
- remove CAN-2004-0889 from patch filename, since the xpdf used here
   is < 3.0 and CAN-2004-0889 does not apply

* Thu Oct 28 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.10.legacy
- include updated patch with "anti-optimizer" changes

* Tue Oct 26 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.9.legacy
- in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
   (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi
- group, organize, rename Fedora Legacy security update patches
- fix wrong CAN number in changelog (Oct 6 2004)
- rebuild

* Mon Oct 25 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1.1.17-13.3.0.8.legacy
- Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH 
#135378)

* Wed Oct 06 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.1.17-13.3.0.7.legacy
- Apply backported patch to fix CAN-2004-0923
- Apply patch to add cups_strcpy from cups 1.1.20

fc1 changelog:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1:1.1.19-13.8.legacy
- xpdf patch CAN-2005-0064
- fix small regression in STR #1023 (FL bug #2127 comment 16)

* Wed Dec 22 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1:1.1.19-13.7.legacy
- xpdf security fix CAN-2004-1125
- Fixed STR #1023 (FL bug #2127 comment 11)
- Fixed STR #1024 (FL bug #2127 comment 10)

* Wed Nov 17 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1:1.1.19-13.6.legacy
- remove CAN-2004-0889 from patch filename, since the xpdf used here
   is < 3.0 and CAN-2004-0889 does not apply

* Thu Oct 28 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1:1.1.19-13.5.legacy
- include updated patch with "anti-optimizer" changes

* Tue Oct 26 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1:1.1.19-13.4.legacy
- Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH 
#135378)
- group, organize, rename Fedora Legacy security update patches
- fix wrong CAN number in changelog (Oct 5 2004)
- to build in mach i had to:  if [ ! -x /usr/lib/libtiff.so.3 ]; then
   (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi

* Tue Oct 05 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
1:1.1.19-13.3.legacy
- Apply patch to fix CAN-2004-0923 (rh bug #130646).
- Apply patch to add cups_strcpy from cups 1.1.20

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

0db34c2e38a4041f73d2a78a9b2915f75a66c24a 
redhat/7.3/updates-testing/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5 
redhat/7.3/updates-testing/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
7274fee7375ae5daf0824091ae394544a45fbe1a 
redhat/7.3/updates-testing/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
c069522837c744b29cb67ea52e00023110400e70 
redhat/7.3/updates-testing/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm
c6fdf900397f732b510fbfa21a5fa977e984c2cb 
redhat/9/updates-testing/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
a18781d8f285db684790d32b9a8eca4ca4504124 
redhat/9/updates-testing/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
01741a487d1a9ffdede42fbe0e80f1bfa09250f7 
redhat/9/updates-testing/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb 
redhat/9/updates-testing/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm
9637c0555edd133c1fb8ef7c7818c3e794408e04 
fedora/1/updates-testing/i386/cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427 
fedora/1/updates-testing/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f 
fedora/1/updates-testing/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm
132ca29e094556c2f575f811cad907efd3a6cdad 
fedora/1/updates-testing/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050204/a3e25431/attachment.sig>

More information about the fedora-legacy-list mailing list