Oval Definition:oval:com.redhat.rhsa:def:20080206
Revision Date:2008-04-01Version:637
Title:RHSA-2008:0206: cups security update (Moderate)
Description:The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.

  • Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)

  • A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373)

  • It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the "pdftops" filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1374)

    All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-0053
    CVE-2008-1373
    CVE-2008-1374
    RHSA-2008:0206
    RHSA-2008:0206-01
    RHSA-2008:0206-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • cups is earlier than 1:1.1.17-13.3.52
  • AND cups is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.17-13.3.52
  • AND cups-libs is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.17-13.3.52
  • AND cups-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-libs is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-devel is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • cups is earlier than 1:1.1.17-13.3.52
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.17-13.3.52
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.17-13.3.52
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-libs is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups is signed with Red Hat redhatrelease2 key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-devel is signed with Red Hat redhatrelease2 key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
  • AND cups-libs is signed with Red Hat redhatrelease2 key
    • BACK