Yellow Dog Linux Security Advisory: YDU-20030114-1

yellowdog-updates@lists.terrasoftsolutions.com yellowdog-updates@lists.terrasoftsolutions.com
Mon, 13 Jan 2003 13:51:31 -0700 (MST) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	cups
Issue Date: 	January 14, 2002	
Priority:	high	
Advisory ID: 	YDU-20030114-1


1. 	Topic:

	Updated cups packages are available.


2. 	Problem:

	"The Common UNIX Printing System (CUPS) provides a portable printing
	layer. A number of vulnerabilities have been discovered in CUPS.

	CUPS was distributed with [Yellow Dog Linux 2.3.]

	1. An integer overflow exists in the CUPS HTTP interface that allows
	a local attacker to gain the permissions of the 'lp' user. (CAN-2002-1383)

	2. A race condition exists in the creation of a pid file which allows
	an attacker who already has privileges of the 'lp' user (for example from
	utilizing a different exploit) to create or overwrite any file as
	root, leading to arbitrary code execution. (CAN-2002-1366)

	3. It is possible to remotely add a printer to CUPS by sending a
	specially crafted UDP packet. If an attacker utilizes this vulnerability,
	they could add a printer with a tainted name that if clicked on in the
	web administration interface could be used to exploit other
	vulnerabilities. (CAN-2002-1367)

	By utilizing this vulnerability, an attacker could take a number of steps
	to be able to get hold of the certificate used to access the administrative
	section of the CUPS server and potentially add a printer that will execute
	commands with root privileges.

	4. Problems with chunked encoding and negative content length handling
	in the CUPS HTTP interface can cause CUPS to crash. On [Yellow Dog] Linux
	platforms this can cause a denial of service (DoS) against CUPS.
	(CAN-2002-1368)

	5. A number of integer overflows exist in the image handling code of
	the filters in CUPS. In addition, CUPS does not properly check for
	zero width GIF images. These vulnerabilities allow an attacker who has
	the ability to print to run arbitrary code as the 'lp' user. (CAN-2002-1371)

	6. An integer overflow exists in the CUPS pdftops filter. This can be
	exploited by an attacker who is able to print sending a carefully
	crafted PDF file which can execute arbitrary commands as the 'lp' user.
	(CAN-2002-1384)

	7. A buffer overflow exists in setting up the job management options.
	When combined with other vulnerabilities, this could allow a local user
	to gain root privileges. This issue only affects the version of CUPS
	shipped with [Yellow Dog Linux 2.3]. (CAN-2002-1369)

	8. A bug in the select() call would allow an easy DoS attack which would
	cause CUPS to not recover once the DoS has stopped. (CAN-2002-1372)"
	(from Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install cups

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/cups-1.1.14-15.2a.ppc.rpm
			ppc/cups-devel-1.1.14-15.2a.ppc.rpm
			ppc/cups-libs-1.1.14-15.2a.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
ccc9069f14a6659f6db0d494adcf8dcc  ppc/cups-1.1.14-15.2a.ppc.rpm
c2cfe70bc5fecc8a986bae0e8de551c4  ppc/cups-devel-1.1.14-15.2a.ppc.rpm
2032d795dabec9e9f7a3033f19ca902d  ppc/cups-libs-1.1.14-15.2a.ppc.rpm
159fe5666b75bc1ec7936534c7df8a6b  SRPMS/cups-1.1.14-15.2a.src.rpm



I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml