- Vulnerability/
- RHSA-2007:1022
RHSA-2007:1022: Important: cups security update
First published: Wed Nov 07 2007(Updated: )
The Common UNIX Printing System (CUPS) provides a portable printing layer<br>for UNIX(R) operating systems.<br>Alin Rad Pop discovered several flaws in the handling of PDF files. An<br>attacker could create a malicious PDF file that would cause CUPS to crash<br>or potentially execute arbitrary code when printed.<br>(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)<br>Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags.<br>A remote attacker who is able to connect to the IPP TCP port could send a<br>malicious request causing the CUPS daemon to crash. (CVE-2007-4351)<br>A flaw was found in the way CUPS handled SSL negotiation. A remote attacker<br>capable of connecting to the CUPS daemon could cause CUPS to crash.<br>(CVE-2007-4045)<br>All CUPS users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cups | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
| redhat/cups | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
| redhat/cups-devel | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
| redhat/cups-libs | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
| redhat/cups-libs | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
| redhat/cups-devel | <1.1.22-0.rc1.9.20.2.el4_5.2 | 1.1.22-0.rc1.9.20.2.el4_5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250161
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=345091
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=345101
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=345111
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=345121
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2007:1022 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2007:1022?
The severity of RHSA-2007:1022 is classified as critical due to potential crashes or execution of arbitrary code from malicious PDF files.
How do I fix RHSA-2007:1022?
To fix RHSA-2007:1022, upgrade to the patched version 1.1.22-0.rc1.9.20.2.el4_5.2 of the CUPS package.
What systems are affected by RHSA-2007:1022?
RHSA-2007:1022 affects various CUPS packages including cups, cups-devel, and cups-libs on Red Hat Enterprise Linux 4.
What vulnerabilities are addressed in RHSA-2007:1022?
RHSA-2007:1022 addresses several flaws in PDF file handling that may lead to application crashes or remote code execution.
Can unpatched systems still operate normally after RHSA-2007:1022?
Unpatched systems may continue to operate, but they remain vulnerable to PDF file exploits that could compromise system integrity.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2007:1022
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat