cups security update

2008-02-2312:03:27

CentOS Project

lists.centos.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.123 Low

EPSS

Percentile

95.4%

JSON

CentOS Errata and Security Advisory CESA-2008:0157

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX® operating systems. The Internet Printing Protocol (IPP) is a
standard network protocol for remote printing, as well as managing print
jobs.

A flaw was found in the way CUPS handles the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to crash. (CVE-2008-0882)

Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will
only accept requests of this type from the local subnet. This issue did not
affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or
4.

All cups users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-February/076866.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076867.html

Affected packages:
cups
cups-devel
cups-libs
cups-lpd

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0157

OSVersionArchitecturePackageVersionFilename
CentOS5i386cups< 1.2.4-11.14.el5_1.4cups-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5i386cups-devel< 1.2.4-11.14.el5_1.4cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5i386cups-libs< 1.2.4-11.14.el5_1.4cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5i386cups-lpd< 1.2.4-11.14.el5_1.4cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5x86_64cups< 1.2.4-11.14.el5_1.4cups-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS5i386cups-devel< 1.2.4-11.14.el5_1.4cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5x86_64cups-devel< 1.2.4-11.14.el5_1.4cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS5i386cups-libs< 1.2.4-11.14.el5_1.4cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
CentOS5x86_64cups-libs< 1.2.4-11.14.el5_1.4cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS5x86_64cups-lpd< 1.2.4-11.14.el5_1.4cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	cups	< 1.2.4-11.14.el5_1.4	cups-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	i386	cups-devel	< 1.2.4-11.14.el5_1.4	cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	i386	cups-libs	< 1.2.4-11.14.el5_1.4	cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	i386	cups-lpd	< 1.2.4-11.14.el5_1.4	cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	x86_64	cups	< 1.2.4-11.14.el5_1.4	cups-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS	5	i386	cups-devel	< 1.2.4-11.14.el5_1.4	cups-devel-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	x86_64	cups-devel	< 1.2.4-11.14.el5_1.4	cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS	5	i386	cups-libs	< 1.2.4-11.14.el5_1.4	cups-libs-1.2.4-11.14.el5_1.4.i386.rpm
CentOS	5	x86_64	cups-libs	< 1.2.4-11.14.el5_1.4	cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm
CentOS	5	x86_64	cups-lpd	< 1.2.4-11.14.el5_1.4	cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm