- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHBA-2015:1346 - cups bug fix and enhancement update
Synopsis
cups bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated cups packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
Description
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
This update fixes the following bugs:
-
Incorrect reference for PageLogFormat in HTML documentation has been corrected, and PageLogFormat documentation is now accessible. (BZ#951553)
-
Documentation for the operation of the CUPS Line Printer Daemon back-end "sanitize_title" option has been amended and now describes the option clearly. (BZ#988062)
-
Due to a problem with HTTP multipart handling in the CUPS scheduler, some browsers did not work as expected when attempting to add a printer using the web interface. A change from a later version has been backported enabling adding printers in all browsers without problems. (BZ#1145064, BZ#1178370)
-
It was not possible to disable Secure Sockets Layer (SSLv3) and keep other secure protocols enabled in CUPS. This left CUPS users vulnerable to the POODLE attack (CVE-2014-3566), and needing to deploy the stunnel utility for mitigation. This update disables SSLv3 support by default. For users who need to continue using SSLv3, an SSLOptions configuration directive has been added to the cupsd.conf file for the cupsd service and to the client.conf file for the client programs. (BZ#1161171)
-
When the BrowsePoll configuration directive was used and the remote server configured for polling forbade access, the cups-polld process retried accessing immediately in a busy loop. The process consumed all processor time and increased network traffic. With this update, a mandatory delay of ten seconds has been introduced to prevent that. Affected users should also fix their configuration by removing the BrowsePoll line for the server, or adjusting the server to allow remote queries. (BZ#1164854)
-
The CUPS scheduler incorrectly assumed the print queue still existed when there were only implicit classes with all members deleted due to being unresponsive. When sending a job using separate Create-Job and Send-Document requests to an implicit class whose members were being deleted, the CUPS scheduler terminated unexpectedly with a NULL dereference. The scheduler has been amended to respond with an error instead of crashing in this case. (BZ#1170002)
-
A missing NULL check in job processing code caused the CUPS scheduler to terminate unexpectedly when a job with more than one file aborted due to a filter failure. This update adds the check to prevent the CUPS scheduler from crashing in the described situation. (BZ#1187840)
-
The ErrorPolicy configuration directive was not validated on startup, and an unintended default error policy could be used without a warning. The directive is now validated on startup and reset to the default if the configured value is incorrect. The intended policy is used, or a warning message is logged. (BZ#1196217)
-
Due to an incomplete fix in a prior update, some environment variables were not correctly set on startup, which led to SELinux denials. The remainder of the original fix has been added, and the variables are now set correctly on startup. (BZ#1198394)
In addition, this update adds these enhancements:
-
It is now possible to direct jobs to a single printer with failover to other printers instead of using load balancing among printers that is built into CUPS. Jobs can be directed to the first working printer of a set, the preferred printer, with other printers used only if the preferred one is unavailable. (BZ#1115219)
-
Description of the ErrorPolicy directive with supported values has been added to the cupsd.conf(5) man page. The ErrorPolicy directive defines the default policy used when a back end is unable to send a print job to the printer. (BZ#1120587)
Users of CUPS are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the cupsd service will be restarted automatically.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Users affected by BZ#1164854 should additionally fix their configuration by removing the BrowsePoll line for their remote server configured for polling, or by adjusting the server to allow remote queries.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- cups-debuginfo-1.4.2-72.el6.i686.rpm
- cups-libs-1.4.2-72.el6.s390.rpm
- cups-php-1.4.2-72.el6.x86_64.rpm
- cups-debuginfo-1.4.2-72.el6.ppc.rpm
- cups-devel-1.4.2-72.el6.i686.rpm
- cups-lpd-1.4.2-72.el6.s390x.rpm
- cups-1.4.2-72.el6.s390x.rpm
- cups-libs-1.4.2-72.el6.s390x.rpm
- cups-debuginfo-1.4.2-72.el6.ppc64.rpm
- cups-libs-1.4.2-72.el6.ppc64.rpm
- cups-1.4.2-72.el6.i686.rpm
- cups-lpd-1.4.2-72.el6.i686.rpm
- cups-libs-1.4.2-72.el6.i686.rpm
- cups-debuginfo-1.4.2-72.el6.s390.rpm
- cups-php-1.4.2-72.el6.ppc64.rpm
- cups-devel-1.4.2-72.el6.ppc.rpm
- cups-devel-1.4.2-72.el6.x86_64.rpm
- cups-lpd-1.4.2-72.el6.x86_64.rpm
- cups-1.4.2-72.el6.src.rpm
- cups-1.4.2-72.el6.x86_64.rpm
- cups-libs-1.4.2-72.el6.x86_64.rpm
- cups-php-1.4.2-72.el6.s390x.rpm
- cups-1.4.2-72.el6.ppc64.rpm
- cups-libs-1.4.2-72.el6.ppc.rpm
- cups-devel-1.4.2-72.el6.s390.rpm
- cups-devel-1.4.2-72.el6.s390x.rpm
- cups-debuginfo-1.4.2-72.el6.x86_64.rpm
- cups-lpd-1.4.2-72.el6.ppc64.rpm
- cups-php-1.4.2-72.el6.i686.rpm
- cups-debuginfo-1.4.2-72.el6.s390x.rpm
- cups-devel-1.4.2-72.el6.ppc64.rpm
Fixes
- This content is not included.BZ - 988062
- This content is not included.BZ - 1145064
- This content is not included.BZ - 1161171
- This content is not included.BZ - 1164854
- This content is not included.BZ - 1196217
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.