lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: marcdeslauriers at videotron.ca (Marc Deslauriers)
Subject: [FLSA-2005:2127] Updated CUPS packages fix
	security vulnerabilities

-----------------------------------------------------------------------
                Fedora Legacy Update Advisory

Synopsis:          Updated CUPS packages fix security vulnerabilities
Advisory ID:       FLSA:2127
Issue date:        2005-03-02
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=2127
CVE Names:         CAN-2004-0888 CAN-2004-0923 CAN-2004-1125
                    CAN-2004-1267 CAN-2004-1268 CAN-2004-1269
                    CAN-2004-1270 CAN-2005-0064
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated CUPS packages that fix several security issues are now
available.

The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code
used for parsing PDF files and is therefore affected by these bugs. An
attacker who has the ability to send a malicious PDF file to a printer
could cause CUPS to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would
authenticate with that shared printer using a username and password. By
default, the username and password used to connect to the Samba share is
written into the error log file. A local user who is able to read the
error log file could collect these usernames and passwords. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0923 to this issue.

A buffer overflow was found in the CUPS pdftops filter, which uses code
from the Xpdf package. An attacker who has the ability to send a
malicious PDF file to a printer could possibly execute arbitrary code as
the "lp" user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

A buffer overflow was found in the ParseCommand function in the hpgltops
program. An attacker who has the ability to send a malicious HPGL file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1267 to this issue.

The lppasswd utility ignores write errors when modifying the CUPS passwd
file. A local user who is able to fill the associated file system could
corrupt the CUPS password file or prevent future uses of lppasswd. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.

The lppasswd utility does not verify that the passwd.new file is
different from STDERR, which could allow local users to control output
to passwd.new via certain user input that triggers an error message. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1270 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf which also affects the CUPS pdftops filter due to a shared
codebase. An attacker who has the ability to send a malicious PDF file
to a printer could possibly execute arbitrary code as the "lp" user. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

All users of cups should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 2127 - multiple cups vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------------

0db34c2e38a4041f73d2a78a9b2915f75a66c24a 
redhat/7.3/updates/i386/cups-1.1.14-15.4.4.legacy.i386.rpm
daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5 
redhat/7.3/updates/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm
7274fee7375ae5daf0824091ae394544a45fbe1a 
redhat/7.3/updates/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm
c069522837c744b29cb67ea52e00023110400e70 
redhat/7.3/updates/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm
c6fdf900397f732b510fbfa21a5fa977e984c2cb 
redhat/9/updates/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm
a18781d8f285db684790d32b9a8eca4ca4504124 
redhat/9/updates/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm
01741a487d1a9ffdede42fbe0e80f1bfa09250f7 
redhat/9/updates/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm
2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb 
redhat/9/updates/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm
9637c0555edd133c1fb8ef7c7818c3e794408e04 
fedora/1/updates/i386/cups-1.1.19-13.8.legacy.i386.rpm
bc4b60d13ac3cae0a047149b9f8350a4ca8bb427 
fedora/1/updates/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm
3a1fea385f2fc5302e9529ed64cb36c17d64ed3f 
fedora/1/updates/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm
132ca29e094556c2f575f811cad907efd3a6cdad 
fedora/1/updates/SRPMS/cups-1.1.19-13.8.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

     rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

     sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

9. Contact:

The Fedora Legacy security contact is <secnotice@...oralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050302/fc1df7dc/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ