Issued:

2015-03-05

Updated:

2015-03-05

RHBA-2015:0386 - cups bug fix and enhancement update

Synopsis

cups bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated cups packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 7.

Description

CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.

This update fixes the following bugs:

• When using the cupsEnumDests() API call, the libcups utility failed to take note of the client callback function. As a consequence, applications using this API could terminate unexpectedly. The cupsEnumDests() implementation has been fixed and callbacks now function as expected. (BZ#1072954)

• Previously, the CUPS scheduler used an incorrect D-Bus interface when trying to add a colord profile, which led to colord profiles not working correctly. With this update, the correct D-Bus interface is used, and colord profiles now function as expected. (BZ#1087323)

• When handling an incoming Internet Printing Protocol (IPP) request with an associated document to follow, the CUPS scheduler did not check whether the client connection had data available to read before starting to handle the document data. Consequently, in some instances, a 10-second timeout could occur. The scheduler now checks for data availability before reading the document data, thus fixing this bug. (BZ#1110259)

• When the CUPS scheduler read data from a client, it did not check for data availability in between reading the HTTP headers and the Internet Printing Protocol (IPP) request. This led to a race condition causing client requests to fail depending on the timing of the data packets. With this update, the scheduler checks for data availability, preventing the race condition from occurring. (BZ#1113045)

• Previously, the manual page for the cupsd.conf(5) configuration file did not mention the ErrorPolicy directive. Text describing this directive has now been added to the manual page. (BZ#1120591)

• Prior to this update, the cups utility was started before networking, and therefore it was not available in some configurations. A patch has been applied to fix this bug, and CUPS is now available throughout the network. (BZ#1144780)

• A prior security update changed the /etc/cups/ppd/ directory not to be world-readable. However, the cupsGetPPD() function still assumed the files in the directory were world-readable. As a consequence, cupsGetPPD() returned a symbolic link to a file in /etc/cups/ppd/ to the caller even though the caller was not able to read it, which caused a variety of failures when printing. This update fixes cupsGetPPD3() to check for readability, and these failures thus no longer occur. (BZ#1153708)

• A prior fix for setting the value of the FINAL_CONTENT_TYPE variable caused unintended problems: the back end could not reliably determine the format of the input data and forced FINAL_CONTENT_TYPE to always be "printer/[queue name]". The incorrect fix has been reverted. Nevertheless, users who have files configured on both the local and remote ends of their queues will still encounter this problem, and thus need to make the local ends of their queues "raw". (BZ#1149245)

In addition, this update adds the following enhancement:

• Prior to this update, the commands required by the redhat-lsb-core package were provided by the cups packages, which itself has other requirements on other packages. To prevent redhat-lsb-core causing a larger dependency chain than needed, the CUPS client commands required by redhat-lsb-core have been moved into a new sub-package, cups-clients. (BZ#1115057)

Users of cups are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing this update, the cupsd daemon will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• cups-ipptool-1.6.3-17.el7.s390x.rpm
• cups-1.6.3-17.el7.src.rpm
• cups-libs-1.6.3-17.el7.ppc64.rpm
• cups-lpd-1.6.3-17.el7.x86_64.rpm
• cups-lpd-1.6.3-17.el7.ppc64.rpm
• cups-debuginfo-1.6.3-17.el7.i686.rpm
• cups-devel-1.6.3-17.el7.s390.rpm
• cups-1.6.3-17.el7.ppc64.rpm
• cups-1.6.3-17.el7.s390x.rpm
• cups-debuginfo-1.6.3-17.el7.x86_64.rpm
• cups-client-1.6.3-17.el7.ppc64.rpm
• cups-libs-1.6.3-17.el7.s390.rpm
• cups-libs-1.6.3-17.el7.s390x.rpm
• cups-devel-1.6.3-17.el7.s390x.rpm
• cups-debuginfo-1.6.3-17.el7.ppc64.rpm
• cups-client-1.6.3-17.el7.s390x.rpm
• cups-ipptool-1.6.3-17.el7.x86_64.rpm
• cups-debuginfo-1.6.3-17.el7.s390x.rpm
• cups-devel-1.6.3-17.el7.i686.rpm
• cups-1.6.3-17.el7.x86_64.rpm
• cups-client-1.6.3-17.el7.x86_64.rpm
• cups-ipptool-1.6.3-17.el7.ppc64.rpm
• cups-libs-1.6.3-17.el7.ppc.rpm
• cups-devel-1.6.3-17.el7.x86_64.rpm
• cups-libs-1.6.3-17.el7.i686.rpm
• cups-filesystem-1.6.3-17.el7.noarch.rpm
• cups-debuginfo-1.6.3-17.el7.s390.rpm
• cups-libs-1.6.3-17.el7.x86_64.rpm
• cups-lpd-1.6.3-17.el7.s390x.rpm
• cups-devel-1.6.3-17.el7.ppc.rpm
• cups-devel-1.6.3-17.el7.ppc64.rpm
• cups-debuginfo-1.6.3-17.el7.ppc.rpm

Fixes

• This content is not included.BZ - 1087323
• This content is not included.BZ - 1113045
• This content is not included.BZ - 1144780
• This content is not included.BZ - 1149245
• This content is not included.BZ - 1153708

CVEs

• CVE-2014-3537
• CVE-2014-2856
• CVE-2014-5029
• CVE-2014-5030
• CVE-2014-5031

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.