(Fedora Issues Fix for FC2) CUPS Log Files May Disclose User Passwords to Local Users
|
|
SecurityTracker Alert ID: 1011546 |
|
SecurityTracker URL: http://securitytracker.com/id/1011546
|
|
CVE Reference:
CAN-2004-0923
(Links to External Site)
|
Date: Oct 6 2004
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.1.20-11.4
|
Description:
A vulnerability was reported in CUPS. A local user may be able to view passwords.
Apple reported that a local user may be able to view user passwords (used for authenticating remote print jobs) in the log files for the printing system.
The vendor credits Gary Smith of the IT Services department at Glasgow Caledonian University with reporting this flaw.
[Editor's note: It is not clear if this affects the upstream CUPS version or if it is specific to Apple's configuration.]
|
Impact:
A local user may be able to view passwords used during printing.
|
Solution:
Fedora has released a fix, available at:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
2cf978560a0914692a66f66abcfdcd29 SRPMS/cups-1.1.20-11.4.src.rpm
396e6013a5b7debc9bcbb8ceaa0c00be x86_64/cups-1.1.20-11.4.x86_64.rpm
d200ceedcdc138960680513c525e648f x86_64/cups-devel-1.1.20-11.4.x86_64.rpm
c94a56b1a2839717c067d08ab91b3dea x86_64/cups-libs-1.1.20-11.4.x86_64.rpm
7751bb200ddd8ee600a8b435d6d6a0d5 x86_64/debug/cups-debuginfo-1.1.20-11.4.x86_64.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d x86_64/cups-libs-1.1.20-11.4.i386.rpm
5e0dbb50222185cfd880661739b128a6 i386/cups-1.1.20-11.4.i386.rpm
b5cdc03daba7e7ce914c99c836fced6d i386/cups-devel-1.1.20-11.4.i386.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d i386/cups-libs-1.1.20-11.4.i386.rpm
58df8018fcb09695166bcb825fa8fc15 i386/debug/cups-debuginfo-1.1.20-11.4.i386.rpm
|
Vendor URL: www.cups.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Red Hat Fedora)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 5 Oct 2004 17:01:53 +0100
Subject: [SECURITY] Fedora Core 2 Update: cups-1.1.20-11.4
|
--===============0242258467==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="AnSJTMMZ92c40QA7"
Content-Disposition: inline
--AnSJTMMZ92c40QA7
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-331
2004-10-05
---------------------------------------------------------------------
Product : Fedora Core 2
Name : cups
Version : 1.1.20 =20
Release : 11.4 =20
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX=EF=BF=BD operating systems. It has been developed by Easy Software Pro=
ducts
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
---------------------------------------------------------------------
Update Information:
This update fixes an information leakage problem when printing to SMB
shares requiring authentication. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923
to this issue.
---------------------------------------------------------------------
* Tue Oct 05 2004 Tim Waugh <twaugh@redhat.com> 1:1.1.20-11.4
- Apply patch to fix CAN-2004-0923 (bug #134601).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
2cf978560a0914692a66f66abcfdcd29 SRPMS/cups-1.1.20-11.4.src.rpm
396e6013a5b7debc9bcbb8ceaa0c00be x86_64/cups-1.1.20-11.4.x86_64.rpm
d200ceedcdc138960680513c525e648f x86_64/cups-devel-1.1.20-11.4.x86_64.rpm
c94a56b1a2839717c067d08ab91b3dea x86_64/cups-libs-1.1.20-11.4.x86_64.rpm
7751bb200ddd8ee600a8b435d6d6a0d5 x86_64/debug/cups-debuginfo-1.1.20-11.4.x=
86_64.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d x86_64/cups-libs-1.1.20-11.4.i386.rpm
5e0dbb50222185cfd880661739b128a6 i386/cups-1.1.20-11.4.i386.rpm
b5cdc03daba7e7ce914c99c836fced6d i386/cups-devel-1.1.20-11.4.i386.rpm
aa5ebb1c74839d1c6f249f4187a1eb3d i386/cups-libs-1.1.20-11.4.i386.rpm
58df8018fcb09695166bcb825fa8fc15 i386/debug/cups-debuginfo-1.1.20-11.4.i38=
6.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------
--AnSJTMMZ92c40QA7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBYsVwHU/d4jnpWe0RAn1CAJwMETkuBHplJpOA9D9YeYunbTbFOACghpQm
6/ZShyV9gDaE4z3zYoeavfM=
=PEcB
-----END PGP SIGNATURE-----
--AnSJTMMZ92c40QA7--
--===============0242258467==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
--===============0242258467==--
|
|
