(Fedora Issues Fix for FC2) CUPS Log Files May Disclose User Passwords to Local Users
|
|
SecurityTracker Alert ID: 1011546
|
|
SecurityTracker URL: http://securitytracker.com/id?1011546
|
|
CVE Reference: CAN-2004-0923
(Links to External Site)
|
Date: Oct 6 2004
|
Impact: Disclosure of authentication information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.1.20-11.4
|
Description: A vulnerability was reported in CUPS. A local user may be able to view passwords.
Apple reported that a local user may be able to view user passwords (used for authenticating remote print jobs) in the log files
for the printing system.
The vendor credits Gary Smith of the IT Services department at Glasgow Caledonian University with reporting
this flaw.
[Editor's note: It is not clear if this affects the upstream CUPS version or if it is specific to Apple's configuration.]
|
Impact: A local user may be able to view passwords used during printing.
|
Solution: Fedora has released a fix, available at:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
2cf978560a0914692a66f66abcfdcd29
SRPMS/cups-1.1.20-11.4.src.rpm
396e6013a5b7debc9bcbb8ceaa0c00be x86_64/cups-1.1.20-11.4.x86_64.rpm
d200ceedcdc138960680513c525e648f
x86_64/cups-devel-1.1.20-11.4.x86_64.rpm
c94a56b1a2839717c067d08ab91b3dea x86_64/cups-libs-1.1.20-11.4.x86_64.rpm
7751bb200ddd8ee600a8b435d6d6a0d5
x86_64/debug/cups-debuginfo-1.1.20-11.4.x86_64.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d x86_64/cups-libs-1.1.20-11.4.i386.rpm
5e0dbb50222185cfd880661739b128a6
i386/cups-1.1.20-11.4.i386.rpm
b5cdc03daba7e7ce914c99c836fced6d i386/cups-devel-1.1.20-11.4.i386.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d
i386/cups-libs-1.1.20-11.4.i386.rpm
58df8018fcb09695166bcb825fa8fc15 i386/debug/cups-debuginfo-1.1.20-11.4.i386.rpm
|
Vendor URL: www.cups.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Red Hat Fedora)
|
Underlying OS Comments: FC2
|
Reported By: Tim Waugh <twaugh@redhat.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 5 Oct 2004 17:01:53 +0100
From: Tim Waugh <twaugh@redhat.com>
Subject: [SECURITY] Fedora Core 2 Update: cups-1.1.20-11.4
|
--===============0242258467==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="AnSJTMMZ92c40QA7"
Content-Disposition: inline
--AnSJTMMZ92c40QA7
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-331
2004-10-05
---------------------------------------------------------------------
Product : Fedora Core 2
Name : cups
Version : 1.1.20 =20
Release : 11.4 =20
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX=EF=BF=BD operating systems. It has been developed by Easy Software Pro=
ducts
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
---------------------------------------------------------------------
Update Information:
This update fixes an information leakage problem when printing to SMB
shares requiring authentication. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923
to this issue.
---------------------------------------------------------------------
* Tue Oct 05 2004 Tim Waugh <twaugh@redhat.com> 1:1.1.20-11.4
- Apply patch to fix CAN-2004-0923 (bug #134601).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
2cf978560a0914692a66f66abcfdcd29 SRPMS/cups-1.1.20-11.4.src.rpm
396e6013a5b7debc9bcbb8ceaa0c00be x86_64/cups-1.1.20-11.4.x86_64.rpm
d200ceedcdc138960680513c525e648f x86_64/cups-devel-1.1.20-11.4.x86_64.rpm
c94a56b1a2839717c067d08ab91b3dea x86_64/cups-libs-1.1.20-11.4.x86_64.rpm
7751bb200ddd8ee600a8b435d6d6a0d5 x86_64/debug/cups-debuginfo-1.1.20-11.4.x=
86_64.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d x86_64/cups-libs-1.1.20-11.4.i386.rpm
5e0dbb50222185cfd880661739b128a6 i386/cups-1.1.20-11.4.i386.rpm
b5cdc03daba7e7ce914c99c836fced6d i386/cups-devel-1.1.20-11.4.i386.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d i386/cups-libs-1.1.20-11.4.i386.rpm
58df8018fcb09695166bcb825fa8fc15 i386/debug/cups-debuginfo-1.1.20-11.4.i38=
6.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------
--AnSJTMMZ92c40QA7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBYsVwHU/d4jnpWe0RAn1CAJwMETkuBHplJpOA9D9YeYunbTbFOACghpQm
6/ZShyV9gDaE4z3zYoeavfM=
=PEcB
-----END PGP SIGNATURE-----
--AnSJTMMZ92c40QA7--
--===============0242258467==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
--===============0242258467==--
|
|
