1.29. cups
1.29.1. RHBA-2009:1360: bug fix update
Updated cups packages that fix several bugs are now available.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX and Unix-like operating systems.
These updated packages address the following bugs:
- the libcups library's HTTP state machine could get into a busy loop when a connection was closed at an unexpected point. (BZ#474323)
- web interface template files and translated template files were not marked as configuration files so local modifications to them would be lost when applying updates. This update will also cause local modifications to those files to be lost, but will prevent the same situation occurring with future updates. (BZ#474769)
- the "compression" job option was encoded with the wrong IPP tag, preventing the "document-format" job option from overriding automatic MIME type detection of compressed job files . (BZ#474814)
- the "mailto" CUPS notifier used the wrong line ending when transferring messages to an SMTP server, causing it not to send any notifications. (BZ#474920)
- automatic MIME type detection would fail when the document name was required by the relevant rule but only one file was present in the job. MIME detection would also fail with some rules using "+" (e.g. application/x-shell). (BZ#479635)
- incorrect web interface URLs would be given when the server's domain name resolved to a local loopback address on the server. (BZ#479809)
- the CUPS configuration file directive "Satisfy Any" was not correctly implemented, causing access to be restricted in situations where it should not have been. (BZ#481303)
- an optimization in the libcups library for fetching details of a print queue when its name is known caused problems with obtaining the name of the default printer when "lpoptions" files listed a non-existent queue as the default. (BZ#481481)
- RPM verification would fail on configuration files even though content changes were expected. (BZ#487161)
- the CUPS scheduler requires an updated version of the krb5 package in order to function correctly but this was not an RPM dependency. (BZ#489714)
- the text-only filter would not send form-feed characters correctly. (BZ#491190)
- incorrect IPP-Get-Jobs requests, accepted by CUPS in current versions of Red Hat Enterprise Linux but rejected in newer versions of the upstream package, were generated by the cupsGetJobs2() API function and by the lpstat and lpq commands. (BZ#497529)
All cups users should upgrade to these updated packages, which resolve these issues.
1.29.2. RHSA-2009:1082: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1082
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network.
A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially-crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949)
Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue.
Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
1.29.3. RHSA-2009:0429: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0429
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems.
Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0147, CVE-2009-1179)
Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0146, CVE-2009-1182)
Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180)
Multiple input validation flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0800)
An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious TIFF file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0163)
Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws.
Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.