—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2010-0302 – Schwachstelle in CUPS beim Verarbeiten von
Dateideskriptoren
In CUPS wurde die Schwachstelle CVE-2009-3553 nicht richtig behoben,
so dass es weiterhin moegliche ist den Server mit manipulierten
Anfragen zum Absturz zu bringen. Ein entfernter Angreifer kann diese
Schwachstelle zu einem Denial of Service Angriff ausnutzen.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket cups
Fedora 11
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Detlev O. Matthies
– —
Detlev O. Matthies, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
– ——————————————————————————–
Fedora Update Notification
FEDORA-2010-2743
2010-02-24 04:56:45
– ——————————————————————————–
Name : cups
Product : Fedora 11
Version : 1.4.2
Release : 26.fc11
URL : http://www.cups.org/
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
– ——————————————————————————–
Update Information:
This update addresses a denial of service security issue (CVE-2010-0302) as well
as fixing several other small problems: * classes.conf is now updated when a
class member is deleted. * the usermode dependency has been removed. * the
udev rules are now installed in the correct location. * cups-config now has
no multilib conflict. * the ipp backend now clears the printer status on
completion. * cupsGetNamedDest() is no longer confused by old configuration
files. * the scheduler no longer treats SIGPIPE as a filter error. * the
gcrypt threading patch has been reverted. * the package no longer owns
filesystem-owned directories.
– ——————————————————————————–
ChangeLog:
* Fri Mar 5 2010 Tim Waugh
– – Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
bug #557775).
* Tue Mar 2 2010 Tim Waugh
– – Don’t own filesystem locale directories (bug #569403).
– – Don’t apply gcrypt threading patch (bug #553834).
– – Don’t treat SIGPIPE as an error (bug #569770).
* Wed Feb 24 2010 Jiri Popelka
– – Fixed cupsGetNamedDest() so it falls back to the real default
printer when a default from configuration file does not exist (bug #565569, STR #3503).
* Tue Feb 23 2010 Tim Waugh
– – Update classes.conf when a class member printer is deleted
(bug #565878, STR #3505).
* Tue Feb 23 2010 Tim Waugh
– – Re-initialize the resolver if getnameinfo() returns EAI_AGAIN
(bug #567353).
* Fri Jan 15 2010 Tim Waugh
– – Reset status after successful ipp job (bug #548219, STR #3460).
* Wed Dec 23 2009 Tim Waugh
– – Fixed patch for STR #3425 again by adding in back-ported change from
svn revision 8929 (bug #549899). No longer need
delete-active-printer patch.
* Tue Dec 22 2009 Tim Waugh
– – Fixed ipp authentication for servers requiring authentication for
IPP-Get-Printer-Attributes (bug #548873, STR #3458).
* Mon Dec 21 2009 Tim Waugh
– – Ensure proper thread-safety in gnutls’s use of libgcrypt
(bug #544619).
* Sat Dec 19 2009 Tim Waugh
– – Fixed patch for STR #3425 by adding in back-ported change from svn
revision 8936 (bug #548904).
* Thu Dec 10 2009 Tim Waugh
– – Fixed invalid read in cupsAddDest (bug #537460).
* Wed Dec 9 2009 Tim Waugh
– – Use upstream patch to fix scheduler crash when an active printer was
deleted (rev 8914).
* Tue Dec 8 2009 Tim Waugh
– – The scheduler did not use the Get-Job-Attributes policy for a
printer (STR #3431).
– – The scheduler added two job-name attributes to each job object
(STR #3428).
– – The scheduler did not clean out completed jobs when
PreserveJobHistory was turned off (STR #3425).
– – The web interface did not show completed jobs (STR #3436).
– – Authenticated printing did not always work when printing directly to
a remote server (STR #3435).
– – Use upstream patch to stop the network backends incorrectly clearing
the media-empty-warning state (rev 8896).
– – Use upstream patch to fix interrupt handling in the side-channel
APIs (rev 8896).
– – Use upstream patch to handle negative SNMP string lengths (rev 8896).
– – Use upstream fix for SNMP detection (bug #542857, STR #3413).
– – Use the text filter for text/css files (bug #545026, STR #3442).
– – Show conflicting option values in web UI (bug #544326, STR #3440).
– – Use upstream fix for adjustment of conflicting options
(bug #533426, STR #3439).
* Tue Dec 8 2009 Tim Waugh
– – Moved %{_datadir}/cups/ppdc/*.h to the main package (bug #545348).
* Fri Dec 4 2009 Tim Waugh
– – The web interface prevented conflicting options from being adjusted
(bug #533426, STR #3439).
* Thu Dec 3 2009 Tim Waugh
– – Fixes for SNMP scanning with Lexmark printers (bug #542857, STR #3413).
* Mon Nov 23 2009 Tim Waugh
– – Undo last change as it was incorrect.
* Mon Nov 23 2009 Tim Waugh
– – Fixed small typos introduced in fix for bug #536741.
* Fri Nov 20 2009 Jiri Popelka
– – Do not translate russian links showing completed jobs
(bug #539354, STR #3422).
* Thu Nov 19 2009 Tim Waugh
– – Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
* Tue Nov 17 2009 Tim Waugh
– – Fixed display of current driver (bug #537182, STR #3418).
– – Fixed out-of-memory handling when loading jobs (bug #538054,
STR #3407).
* Mon Nov 16 2009 Tim Waugh
– – Fixed typo in admin web template (bug #537884, STR #3403).
– – Reset SIGPIPE handler for child processes (bug #537886, STR #3399).
* Mon Nov 16 2009 Tim Waugh
– – Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381).
* Wed Nov 11 2009 Jiri Popelka
– – Fixed lspp-patch to avoid memory leak (bug #536741).
* Tue Nov 10 2009 Tim Waugh
– – Added explicit version dependency on cups-libs to cups-lpd
(bug #502205).
* Tue Nov 10 2009 Tim Waugh
– – 1.4.2. No longer need str3380, str3332, str3356, str3396 patches.
– – Removed postscript.ppd.gz (bug #533371).
* Tue Nov 3 2009 Tim Waugh
– – Removed stale patch from STR #2831 which was causing problems with
number-up (bug #532516).
* Tue Oct 27 2009 Jiri Popelka
– – Fix incorrectly applied patch from #STR3285 (bug #531108).
– – Set the PRINTER_IS_SHARED variable for admin.cgi (bug #529634, #STR3390).
– – Pass through serial parameters correctly in web interface (bug #529635, #STR3391).
– – Fixed German translation (bug #531144, #STR3396).
* Tue Oct 20 2009 Jiri Popelka
– – Fix cups-lpd to create unique temporary data files (bug #529838).
* Mon Oct 19 2009 Tim Waugh
– – Fixed German translation (bug #529575, STR #3380).
* Thu Oct 8 2009 Tim Waugh
– – Fixed naming of ‘Generic PostScript Printer’ entry.
* Wed Oct 7 2009 Tim Waugh
– – Use upstream patch for STR #3356 (bug #526405).
* Fri Oct 2 2009 Tim Waugh
– – Fixed orientation of page labels when printing text in landscape
mode (bug #520141, STR #3334).
* Wed Sep 30 2009 Tim Waugh
– – 1.4.1.
– – Don’t use cached PPD for raw queue (bug #526405, STR #3356).
* Fri Sep 4 2009 Tim Waugh
– – Fixed the dnssd backend so that it only reports devices once avahi
resolution has completed. This makes it report Device IDs
(bug #520858).
* Fri Aug 28 2009 Tim Waugh
– – 1.4.0.
* Wed Aug 26 2009 Tim Waugh
– – Fixed admin.cgi crash when modifying a class (bug #519724,
STR #3312, patch from Jiri Popelka).
* Wed Aug 26 2009 Tim Waugh
– – Prevent infinite loop in cupsDoIORequest when processing HTTP
errors (bug #518065, bug #519663, STR #3311).
– – Fixed document-format-supported attribute when
application/octet-stream is enabled (bug #516507, STR #3308, patch
from Jiri Popelka).
– – Fixed buggy JobKillDelay handling fix (STR #3292).
– – Prevent infinite loop in ppdc (STR #3293).
* Fri Aug 21 2009 Tim Waugh
– – Removed 3-distribution symlink (bug #514244).
* Tue Aug 18 2009 Tim Waugh
– – Fixed JobKillDelay handling for cancelled jobs (bug #518026,
STR #3292).
– – Use ‘exec’ to invoke ghostscript in the pstoraster filter. This
allows the SIGTERM signal to reach the correct process, as well as
conserving memory (part of bug #518026).
* Tue Aug 11 2009 Tim Waugh
– – Avoid empty BrowseLocalProtocols setting (bug #516460, STR #3287).
– – Fixed ppds.dat handling of drv files (bug #515027, STR #3279).
– – Fixed udev rules file to avoid DEVTYPE warning messages.
– – Fixed cupsGetNamedDest() so it does not fall back to the default
printer when a destination has been named (bug #516439, STR #3285).
– – Fixed MIME type rules for image/jpeg and image/x-bitmap
(bug #516438, STR #3284).
– – Clear out cache files on upgrade.
– – Require acl.
* Thu Aug 6 2009 Tim Waugh
– – Ship udev rules to allow libusb to access printer devices.
– – Fixed duplex test pages (bug #514898, STR #3277).
– – Removed temporary snmp option from socket backend.
* Wed Jul 29 2009 Tim Waugh
– – Fixed Avahi support in the dnssd backend (bug #513888).
– – Fixed incorrect arguments to sigaction() in dnssd backend (STR #3272).
– – Cheaply restore compatibility with 1.1.x by having cups_get_sdests()
perform a CUPS_GET_CLASSES request if it is not sure it is talking
to CUPS 1.2 or later (bug #512866).
* Tue Jul 28 2009 Tim Waugh
– – Temporarily added snmp option to socket backend for debugging purposes.
– – Prevent ipp backend looping with bad IPP devices (bug #476424,
STR #3262).
– – Fixed Device ID reporting in the usb backend (STR #3266).
* Wed Jul 15 2009 Tim Waugh
– – Applied patch to prevent bad job control files crashing cupsd on
start-up (STR #3253, bug #509741).
– – Correctly handle CUPS-Get-PPDs requests for models with ‘+’ in their
names (STR #3254, bug #509586).
– – Accept incorrect device URIs in the (non-libusb) usb backend for
compatibility with Fedora 11 before bug #507244 was fixed.
– – Applied patch to fix incorrect device URIs (STR #3259, bug #507244).
– – Applied patch to fix job-hold-until for remote queues (STR #3258,
bug #497376).
* Mon Jul 13 2009 Remi Collet
– – add PHP ABI check
– – use php_extdir
– – add php configuration file (/etc/php.d/cups.ini)
* Fri Jul 10 2009 Tim Waugh
– – Build does not require aspell-devel (bug #510405).
* Wed Jul 1 2009 Tim Waugh
– – Fixed template problem preventing current printer option defaults
from being shown in the web interface (bug #506794, STR #3244).
* Wed Jul 1 2009 Tim Waugh
– – Fixed lpadmin for remote 1.3.x servers (bug #506977, STR #3231).
* Tue Jun 23 2009 Tim Waugh
– – Added more debugging output when constructing filter chain.
* Thu Jun 18 2009 Tim Waugh
– – More complete fix for STR #3229 (bug #506461).
* Wed Jun 17 2009 Tim Waugh
– – Don’t use RPM_SOURCE_DIR macro.
– – Fixed add/modify-printer templates which had extra double-quote
characters, preventing the Continue button from appearing in certain
browsers (bug #506461, STR #3229).
* Wed Jun 17 2009 Tim Waugh
– – 1.4rc1. No longer need str3124, CVE-2009-0163, CVE-2009-0164,
str3197, missing-devices patches.
– – Disabled avahi patch for the time being. More work is needed to
port this to rc1.
– – Removed wbuffer patch as it is not needed (see STR #1968).
– ——————————————————————————–
References:
[ 1 ] Bug #557775 – CVE-2010-0302 cups Incomplete fix for CVE-2009-3553
https://bugzilla.redhat.com/show_bug.cgi?id=557775
– ——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFLnimVWmhIvjFb90URAi7yAKCX1lekjoYJTlHAK8Drvv5N6/ZGUQCcCitF
RKOhz2D7aDBtsztNF51Op7M=
=BVX4
—–END PGP SIGNATURE—–
