The Common UNIX Printing System (CUPS) provides a portable printing layer for
UNIX® operating systems.
When processing a request, the CUPS scheduler would use case-sensitive
matching on the queue name to decide which authorization policy should be
used. However, queue names are not case-sensitive. An unauthorized user
could print to a password-protected queue without needing a password. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-2154 to this issue.
Please note that the version of CUPS included in Red Hat Enterprise Linux 4
is not vulnerable to this issue.
All users of CUPS should upgrade to these erratum packages which contain a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | cups-libs | < 1.1.17-13.3.29 | cups-libs-1.1.17-13.3.29.ia64.rpm |
RedHat | any | ia64 | cups-devel | < 1.1.17-13.3.29 | cups-devel-1.1.17-13.3.29.ia64.rpm |
RedHat | any | i386 | cups-libs | < 1.1.17-13.3.29 | cups-libs-1.1.17-13.3.29.i386.rpm |
RedHat | any | ia64 | cups | < 1.1.17-13.3.29 | cups-1.1.17-13.3.29.ia64.rpm |