Rapid7 Vulnerability & Exploit Database

RHSA-2001:138: Comprehensive Printing Update

Back to Search

RHSA-2001:138: Comprehensive Printing Update

Severity
3
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:N)
Published
09/18/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A collection of security fixes, bug fixes, and functionality updates, including the Omni print drivers from IBM.

This update addresses the following issues: A printing security hole, whereby non-local users could print the contents of any file on the system which the 'lp' user was capable of reading. This was solved by giving Ghostscript a 'PARANOIDSAFER' mode, which will not open external files. A foomatic printing database bug, which caused all users of the 'stp' driver, including virtually all Epson printers, to fail to print as a result of miscalculated driver data. A filtration problem, which caused many PCL and PJL printers to produce garbage. This was solved by switching to the foomatic distributed 'lpdomatic' program for filtration. A few printconf crashers in the new printconf-tui programme. And in addition, this update adds the Omni print drivers from IBM, which support an additional 300 printers.

Solution(s)

  • redhat-upgrade-foomatic
  • redhat-upgrade-ghostscript
  • redhat-upgrade-omni
  • redhat-upgrade-omni-foomatic
  • redhat-upgrade-printconf
  • redhat-upgrade-printconf-gui

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;