RHEL 6 : cups (RHSA-2011:1635)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated cups packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The Common UNIX Printing System (CUPS) provides a portable printing
layer for UNIX operating systems.

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
(LZW) decompression algorithm implementation used by the CUPS GIF
image format reader. An attacker could create a malicious GIF image
file that, when printed, could possibly cause CUPS to crash or,
potentially, execute arbitrary code with the privileges of the 'lp'
user. (CVE-2011-2896)

These updated cups packages also provide fixes for the following
bugs :

* Previously CUPS was not correctly handling the language setting
LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries
were not displaying any output when the LANG=en_US.ASCII environment
variable was used. As a result of this update the problem is fixed and
the expected output is now displayed. (BZ#681836)

* Previously the scheduler did not check for empty values of several
configuration directives. As a consequence it was possible for the
CUPS daemon (cupsd) to crash when a configuration file contained
certain empty values. With this update the problem is fixed and cupsd
no longer crashes when reading such a configuration file. (BZ#706673)

* Previously when printing to a raw print queue, when using certain
printer models, CUPS was incorrectly sending SNMP queries. As a
consequence there was a noticeable 4-second delay between queueing the
job and the start of printing. With this update the problem is fixed
and CUPS no longer tries to collect SNMP supply and status information
for raw print queues. (BZ#709896)

* Previously when using the BrowsePoll directive it could happen that
the CUPS printer polling daemon (cups-polld) began polling before the
network interfaces were set up after a system boot. CUPS was then
caching the failed hostname lookup. As a consequence no printers were
found and the error, 'Host name lookup failure', was logged. With this
update the code that re-initializes the resolver after failure in
cups-polld is fixed and as a result CUPS will obtain the correct
network settings to use in printer discovery. (BZ#712430)

* The MaxJobs directive controls the maximum number of print jobs that
are kept in memory. Previously, once the number of jobs reached the
limit, the CUPS system failed to automatically purge the data file
associated with the oldest completed job from the system in order to
make room for a new print job. This bug has been fixed, and the jobs
beyond the set limit are now properly purged. (BZ#735505)

* The cups init script (/etc/rc.d/init.d/cups) uses the daemon
function (from /etc/rc.d/init.d/functions) to start the cups process,
but previously it did not source a configuration file from the
/etc/sysconfig/ directory. As a consequence, it was difficult to
cleanly set the nice level or cgroup for the cups daemon by setting
the NICELEVEL or CGROUP_DAEMON variables. With this update, the init
script is fixed. (BZ#744791)

All users of CUPS are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. After
installing this update, the cupsd daemon will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2011-2896.html
http://rhn.redhat.com/errata/RHSA-2011-1635.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 57018 ()

Bugtraq ID: 49148

CVE ID: CVE-2011-2896