Oval Definition:oval:com.redhat.rhsa:def:20080937
Revision Date:2008-10-10Version:636
Title:RHSA-2008:0937: cups security update (Important)
Description:The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.

  • A buffer overflow flaw was discovered in the SGI image format decoding routines used by the CUPS image converting filter "imagetops". An attacker could create a malicious SGI image file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)

  • An integer overflow flaw leading to a heap buffer overflow was discovered in the Text-to-PostScript "texttops" filter. An attacker could create a malicious text file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3640)

  • An insufficient buffer bounds checking flaw was discovered in the HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a malicious HP-GL/2 file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3641)

    Red Hat would like to thank regenrecht for reporting these issues.

    All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-3639
    CVE-2008-3640
    CVE-2008-3641
    RHSA-2008:0937
    RHSA-2008:0937-01
    RHSA-2008:0937-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • cups is earlier than 1:1.1.17-13.3.54
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.17-13.3.54
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.17-13.3.54
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-devel is signed with Red Hat master key
  • cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cups-devel is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-devel is signed with Red Hat redhatrelease key
  • cups-lpd is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-lpd is signed with Red Hat redhatrelease key
  • cups is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups is signed with Red Hat redhatrelease key
  • cups-libs is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-libs is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • cups is earlier than 1:1.1.17-13.3.54
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.17-13.3.54
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.17-13.3.54
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cups is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups is signed with Red Hat redhatrelease key
  • cups-devel is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-devel is signed with Red Hat redhatrelease key
  • cups-libs is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-libs is signed with Red Hat redhatrelease key
  • cups-lpd is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-lpd is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups is signed with Red Hat redhatrelease2 key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-devel is signed with Red Hat redhatrelease2 key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.1
  • AND cups-libs is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cups is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups is signed with Red Hat redhatrelease2 key
  • cups-devel is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-devel is signed with Red Hat redhatrelease2 key
  • cups-libs is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-libs is signed with Red Hat redhatrelease2 key
  • cups-lpd is earlier than 1:1.2.4-11.18.el5_2.2
  • AND cups-lpd is signed with Red Hat redhatrelease2 key
    • BACK