Oval Definition:oval:com.redhat.rhsa:def:20100490
Revision Date:2010-06-17Version:645
Title:RHSA-2010:0490: cups security update (Important)
Description:The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS "texttops" filter converts text files to PostScript.

  • A missing memory allocation failure check flaw, leading to a NULL pointer dereference, was found in the CUPS "texttops" filter. An attacker could create a malicious text file that would cause "texttops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2010-0542)

  • A Cross-Site Request Forgery (CSRF) issue was found in the CUPS web interface. If a remote attacker could trick a user, who is logged into the CUPS web interface as an administrator, into visiting a specially-crafted website, the attacker could reconfigure and disable CUPS, and gain access to print jobs and system files. (CVE-2010-0540)

    Note: As a result of the fix for CVE-2010-0540, cookies must now be enabled in your web browser to use the CUPS web interface.

  • An uninitialized memory read issue was found in the CUPS web interface. If an attacker had access to the CUPS web interface, they could use a specially-crafted URL to leverage this flaw to read a limited amount of memory from the cupsd process, possibly obtaining sensitive information. (CVE-2010-1748)

    Red Hat would like to thank the Apple Product Security team for responsibly reporting these issues. Upstream acknowledges regenrecht as the original reporter of CVE-2010-0542; Adrian 'pagvac' Pastor of GNUCITIZEN and Tim Starling as the original reporters of CVE-2010-0540; and Luca Carettoni as the original reporter of CVE-2010-1748.

    Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2010-0540
    CVE-2010-0542
    CVE-2010-1748
    RHSA-2010:0490
    RHSA-2010:0490-01
    RHSA-2010:0490-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • cups is earlier than 1:1.1.17-13.3.65
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.17-13.3.65
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.17-13.3.65
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups is signed with Red Hat master key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups-devel is signed with Red Hat master key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups-libs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cups-devel is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-devel is signed with Red Hat redhatrelease key
  • cups is earlier than 1:1.3.7-18.el5_5.4
  • AND cups is signed with Red Hat redhatrelease key
  • cups-libs is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-libs is signed with Red Hat redhatrelease key
  • cups-lpd is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-lpd is signed with Red Hat redhatrelease key
  • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • cups is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups is signed with Red Hat redhatrelease2 key
  • cups-devel is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups-devel is signed with Red Hat redhatrelease2 key
  • cups-libs is earlier than 1:1.1.22-0.rc1.9.32.el4_8.6
  • AND cups-libs is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cups is earlier than 1:1.3.7-18.el5_5.4
  • AND cups is signed with Red Hat redhatrelease2 key
  • cups-devel is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-devel is signed with Red Hat redhatrelease2 key
  • cups-libs is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-libs is signed with Red Hat redhatrelease2 key
  • cups-lpd is earlier than 1:1.3.7-18.el5_5.4
  • AND cups-lpd is signed with Red Hat redhatrelease2 key
  • BACK