Synopsis: Important: cups security update
Issue date: 2009-06-03
CVE Names: CVE-2009-0791 CVE-2009-0949 CVE-2009-1196
A NULL pointer dereference flaw was found in the CUPS IPP routine, used
for processing incoming IPP requests for the CUPS scheduler. An attacker
could use this flaw to send specially-crafted IPP requests that would
crash the cupsd daemon. (CVE-2009-0949)
A use-after-free flaw was found in the CUPS scheduler directory services
routine, used to process data about available printers and printer
classes. An attacker could use this flaw to cause a denial of service
(cupsd daemon stop or crash). (CVE-2009-1196)
Multiple integer overflows flaws, leading to heap-based buffer
overflows, were found in the CUPS "pdftops" filter. An attacker could
create a malicious PDF file that would cause "pdftops" to crash or,
potentially, execute arbitrary code as the "lp" user if the file was
printed. (CVE-2009-0791)
After installing this update, the cupsd daemon will be restarted
automatically.
SL 3.0.x
SRPMS:
cups-1.1.17-13.3.62.src.rpm
i386:
cups-1.1.17-13.3.62.i386.rpm
cups-devel-1.1.17-13.3.62.i386.rpm
cups-libs-1.1.17-13.3.62.i386.rpm
x86_64:
cups-1.1.17-13.3.62.x86_64.rpm
cups-devel-1.1.17-13.3.62.x86_64.rpm
cups-libs-1.1.17-13.3.62.i386.rpm
cups-libs-1.1.17-13.3.62.x86_64.rpm
SL 4.x
SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm
i386:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm
SL 5.x
SRPMS:
cups-1.3.7-8.el5_3.6.src.rpm
i386:
cups-1.3.7-8.el5_3.6.i386.rpm
cups-devel-1.3.7-8.el5_3.6.i386.rpm
cups-libs-1.3.7-8.el5_3.6.i386.rpm
cups-lpd-1.3.7-8.el5_3.6.i386.rpm
x86_64:
cups-1.3.7-8.el5_3.6.x86_64.rpm
cups-devel-1.3.7-8.el5_3.6.i386.rpm
cups-devel-1.3.7-8.el5_3.6.x86_64.rpm
cups-libs-1.3.7-8.el5_3.6.i386.rpm
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm
-Connie Sieh
-Troy Dawson
|