
             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                              Cups Security Update
                          [Red Hat  RHSA-2008:0157-5]

February 25, 2008 21:00 GMT                                       Number S-196
[REVISED 28 Mar 2007]
______________________________________________________________________________
PROBLEM:       A flaw was found in the way CUPS handles the addition and 
               removal of remote shared printers via IPP. 
PLATFORM:      RHEL Desktop Workstation (v. 5 client) 
               Red Hat Enterprise Linux (v. 5 server) 
			   Red Hat Enterprise Linux Desktop (v. 5 client) 
			   Debian GNU/Linux 4.0 (etch)
DAMAGE:        DoS. 
SOLUTION:      Upgrade to the appropriate version. 
______________________________________________________________________________
VULNERABILITY  The risk is LOW. A remote attacker could send malicious UDP IPP 
ASSESSMENT:    packets causing the CUPS daemon to crash. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/s-196.shtml 
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2008-0157.html 
 ADDITIONAL LINK:    http://www.debian.org/security/2008/dsa-1530
 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= 
                     CVE-2008-0882 
______________________________________________________________________________
REVISION HISTORY:
03/28/2008 - revised S-196 to add a link to Debian Security Advisory DSA-1530-1 for Debian
             GNU/Linux 4.0 (etch).


[***** Start Red Hat  RHSA-2008:0157-5 *****]

Important: cups security update
Advisory: RHSA-2008:0157-5 
Type: Security Advisory 
Severity: Important 
Issued on: 2008-02-21 
Last updated on: 2008-02-21 
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client) 
OVAL: com.redhat.rhsa-20080157.xml 
CVEs (cve.mitre.org): CVE-2008-0882
 


Details
Updated cups packages that fix a security issue are now available for Red 
Hat Enterprise Linux 5. 

This update has been rated as having important security impact by the Red 
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer 
for UNIX(R) operating systems. The Internet Printing Protocol (IPP) is a 
standard network protocol for remote printing, as well as managing print 
jobs. 

A flaw was found in the way CUPS handles the addition and removal of remote 
shared printers via IPP. A remote attacker could send malicious UDP IPP 
packets causing the CUPS daemon to crash. (CVE-2008-0882) 

Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will 
only accept requests of this type from the local subnet. This issue did not 
affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 
4. 

All cups users are advised to upgrade to these updated packages, which 
contain a backported patch to resolve this issue.



Solution
Before applying this update, make sure that all previously-released 
errata relevant to your system have been applied. 

This update is available via Red Hat Network. Details on how to use 
the Red Hat Network to apply this update are available at 
http://kbase.redhat.com/faq/FAQ_58_10188


Updated packages
RHEL Desktop Workstation (v. 5 client) 

--------------------------------------------------------------------------------
 
IA-32: 
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867 
  
x86_64: 
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867 
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm     9ac3e7460492e6bf57a542feb66c5123 
  
Red Hat Enterprise Linux (v. 5 server) 

--------------------------------------------------------------------------------
 
SRPMS: 
cups-1.2.4-11.14.el5_1.4.src.rpm     906d5a6a95b03a62a8af39c825b5aed5 
  
IA-32: 
cups-1.2.4-11.14.el5_1.4.i386.rpm     cb158daeec9eeca33ed24a722175ceff 
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867 
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090 
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm     e1d57506c2e474f5d6b41829f212ad84 
  
IA-64: 
cups-1.2.4-11.14.el5_1.4.ia64.rpm     4a7edca6c4ae2c590e21789aa4169bb6 
cups-devel-1.2.4-11.14.el5_1.4.ia64.rpm     f1b77ef88fc8c6458d256735e63bdda7 
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090 
cups-libs-1.2.4-11.14.el5_1.4.ia64.rpm     669c5e2c28ab235e0164a3c1098d67e6 
cups-lpd-1.2.4-11.14.el5_1.4.ia64.rpm     b3ab3107bf53fba9cbc68393a6e8b71f 
  
PPC: 
cups-1.2.4-11.14.el5_1.4.ppc.rpm     a64c0cd55dc4a0167fe1db40b4a2b525 
cups-devel-1.2.4-11.14.el5_1.4.ppc.rpm     00f402da5be086f24f82991ef1101335 
cups-devel-1.2.4-11.14.el5_1.4.ppc64.rpm     7a1f605f658a12b696be196ebea8f78d 
cups-libs-1.2.4-11.14.el5_1.4.ppc.rpm     53fc94eaf8b0e41591100982f81b1b47 
cups-libs-1.2.4-11.14.el5_1.4.ppc64.rpm     4d7e7b0e81d9e50e28a460c3cb8db8f2 
cups-lpd-1.2.4-11.14.el5_1.4.ppc.rpm     5820b1269630c7388c65a145210f7b20 
  
s390x: 
cups-1.2.4-11.14.el5_1.4.s390x.rpm     56949b02960052134341ea4966e8876c 
cups-devel-1.2.4-11.14.el5_1.4.s390.rpm     ed4a43d66863754dc0b0fc1faa926cd7 
cups-devel-1.2.4-11.14.el5_1.4.s390x.rpm     688b9e0f47d8457b0ea66c23471464c5 
cups-libs-1.2.4-11.14.el5_1.4.s390.rpm     be7387fbb378bc78cbfb084a198ad344 
cups-libs-1.2.4-11.14.el5_1.4.s390x.rpm     cdd5e3a36bf0f1381aea4142db7e0c2e 
cups-lpd-1.2.4-11.14.el5_1.4.s390x.rpm     fce53915f86473bf506bd35fef42b093 
  
x86_64: 
cups-1.2.4-11.14.el5_1.4.x86_64.rpm     c4b23829ad62d4de40ebcbba5cebe389 
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867 
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm     9ac3e7460492e6bf57a542feb66c5123 
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090 
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm     04280894c25a526b737e03e34a338c13 
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm     a8bb32c0d59ef5e78ed851e90992b0f5 
  
Red Hat Enterprise Linux Desktop (v. 5 client) 

--------------------------------------------------------------------------------
 
SRPMS: 
cups-1.2.4-11.14.el5_1.4.src.rpm     906d5a6a95b03a62a8af39c825b5aed5 
  
IA-32: 
cups-1.2.4-11.14.el5_1.4.i386.rpm     cb158daeec9eeca33ed24a722175ceff 
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090 
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm     e1d57506c2e474f5d6b41829f212ad84 
  
x86_64: 
cups-1.2.4-11.14.el5_1.4.x86_64.rpm     c4b23829ad62d4de40ebcbba5cebe389 
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090 
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm     04280894c25a526b737e03e34a338c13 
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm     a8bb32c0d59ef5e78ed851e90992b0f5 
  
(The unlinked packages above are only available from the Red Hat Network)
 


Bugs fixed (see bugzilla for more information)
433758 - CVE-2008-0882 cups: double free vulnerability in process_browse_data()



References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
http://www.redhat.com/security/updates/classification/#important 


--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on 
how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package 

The Red Hat security contact is secalert@redhat.com. More contact details at 
http://www.redhat.com/security/team/contact/



[***** End Red Hat  RHSA-2008:0157-5 *****]
_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Red Hat for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

S-189: SQL Injectionin Cisco Unified Communications Manager
S-190: Nagios Vulnerabilities
S-191: Apache mod_jk2 Host Vulnerability
S-192: Kerio MailServer Vulnerabilities
S-193: WordPress Vulnerability
S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability
S-195: Novell iPrint Client 'ienipp.ocx' ActiveX Vulnerability
S-197: VMWare Products Shared Folders "MultiByteToWideChar()' Variant Vulnerability
S-198: OpenCA Vulnerability
S-199: OpenLDAP Vulnerability