__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Cups Security Update [Red Hat RHSA-2008:0161-3] February 25, 2008 22:00 GMT Number S-202 [REVISED 27 Feb 2008] ______________________________________________________________________________ PROBLEM: Flaws were found in the way CUPS handled the addition and removal of remote shared printers via IPP. PLATFORM: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 4) DAMAGE: DoS. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. A remote attacker could send malicious UDP IPP ASSESSMENT: packets causing the CUPS daemon to attempt to dereference already freed memory and crash. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-202.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0161.html ADDITIONAL LINK: http://www.securityfocus.com/bid/27988/discuss CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2008-0596 CVE-2008-0597 ______________________________________________________________________________ REVISION HISTORY: 02/27/2008 - revised S-202 to add a link to Security Focus 27988 for CUPS 1.1.17 and 1.1.22. [***** Start Red Hat RHSA-2008:0161-3 *****] Important: cups security update Advisory: RHSA-2008:0161-3 Type: Security Advisory Severity: Important Issued on: 2008-02-25 Last updated on: 2008-02-25 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20080161.xml CVEs (cve.mitre.org): CVE-2008-0596 CVE-2008-0597 Details Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43 IA-32: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43 IA-32: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df IA-64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2 PPC: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm e44c4426cffb46214578af4b7bf3355f cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm 7408a507942ccf45063d2712701bc820 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm ec9c615f9a4fb7cee321f6cdf6f0aec7 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm 95065ef884476ffc80a5f3af10633da2 s390: cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm 2f4714e2e43e762dba541ad75711ae38 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm 2456e5c5bf1211dd703896762afecbe2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm c709e0497732e17cb629032d20aadb0c s390x: cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm 29e76d263e08daa2ef20610b35426ba2 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm 2c7b6e1c00374cde9c20de0237e3e59b cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm c709e0497732e17cb629032d20aadb0c cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm d8596765717c7bfd24de39bda5f228e5 x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43 IA-32: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df IA-64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2 x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm 4c1fb77c7a60cb8f29163f42cfc5aa43 IA-32: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 8ce0097c396de4279e1cf4f4ed53b571 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 59ce844545dfe423581deec8886184f2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df IA-64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 1981a5374adb0d325c2c3b431cb59d02 cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm 37fbb5581b26f0ea1e570f800596b1e2 cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm e8464c29009338639445a7d7c4ef6fa2 x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm f8c1cb49cc7157e23f76d4fdc57e937a cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 2d5e34cb6b33b461a54f8812f0f10ada cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm 4df0803e7d2a9255cba1a8c69aaaf6df cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm 6539694c82709951ea448146d6003183 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests 433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2008:0161-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-192: Kerio MailServer Vulnerabilities S-193: WordPress Vulnerability S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability S-195: Novell iPrint Client 'ienipp.ocx' ActiveX Vulnerability S-197: VMWare Products Shared Folders "MultiByteToWideChar()' Variant Vulnerability S-198: OpenCA Vulnerability S-199: OpenLDAP Vulnerability S-196: Cups Security Update S-200: splitvt Vulnerability S-201: PCRE3 Vulnerability