Yellow Dog Linux Security Advisory: YDU-20030114-1
yellowdog-updates@lists.terrasoftsolutions.com
yellowdog-updates@lists.terrasoftsolutions.com
Mon, 13 Jan 2003 13:51:31 -0700 (MST)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: cups
Issue Date: January 14, 2002
Priority: high
Advisory ID: YDU-20030114-1
1. Topic:
Updated cups packages are available.
2. Problem:
"The Common UNIX Printing System (CUPS) provides a portable printing
layer. A number of vulnerabilities have been discovered in CUPS.
CUPS was distributed with [Yellow Dog Linux 2.3.]
1. An integer overflow exists in the CUPS HTTP interface that allows
a local attacker to gain the permissions of the 'lp' user. (CAN-2002-1383)
2. A race condition exists in the creation of a pid file which allows
an attacker who already has privileges of the 'lp' user (for example from
utilizing a different exploit) to create or overwrite any file as
root, leading to arbitrary code execution. (CAN-2002-1366)
3. It is possible to remotely add a printer to CUPS by sending a
specially crafted UDP packet. If an attacker utilizes this vulnerability,
they could add a printer with a tainted name that if clicked on in the
web administration interface could be used to exploit other
vulnerabilities. (CAN-2002-1367)
By utilizing this vulnerability, an attacker could take a number of steps
to be able to get hold of the certificate used to access the administrative
section of the CUPS server and potentially add a printer that will execute
commands with root privileges.
4. Problems with chunked encoding and negative content length handling
in the CUPS HTTP interface can cause CUPS to crash. On [Yellow Dog] Linux
platforms this can cause a denial of service (DoS) against CUPS.
(CAN-2002-1368)
5. A number of integer overflows exist in the image handling code of
the filters in CUPS. In addition, CUPS does not properly check for
zero width GIF images. These vulnerabilities allow an attacker who has
the ability to print to run arbitrary code as the 'lp' user. (CAN-2002-1371)
6. An integer overflow exists in the CUPS pdftops filter. This can be
exploited by an attacker who is able to print sending a carefully
crafted PDF file which can execute arbitrary commands as the 'lp' user.
(CAN-2002-1384)
7. A buffer overflow exists in setting up the job management options.
When combined with other vulnerabilities, this could allow a local user
to gain root privileges. This issue only affects the version of CUPS
shipped with [Yellow Dog Linux 2.3]. (CAN-2002-1369)
8. A bug in the select() call would allow an easy DoS attack which would
cause CUPS to not recover once the DoS has stopped. (CAN-2002-1372)"
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install cups
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/cups-1.1.14-15.2a.ppc.rpm
ppc/cups-devel-1.1.14-15.2a.ppc.rpm
ppc/cups-libs-1.1.14-15.2a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
ccc9069f14a6659f6db0d494adcf8dcc ppc/cups-1.1.14-15.2a.ppc.rpm
c2cfe70bc5fecc8a986bae0e8de551c4 ppc/cups-devel-1.1.14-15.2a.ppc.rpm
2032d795dabec9e9f7a3033f19ca902d ppc/cups-libs-1.1.14-15.2a.ppc.rpm
159fe5666b75bc1ec7936534c7df8a6b SRPMS/cups-1.1.14-15.2a.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml