Synopsis: Important: cups security update
CVE Names: CVE-2007-4045
CVE-2007-4351
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
Problem description:
Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause CUPS to crash
or potentially execute arbitrary code when printed.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags.
A remote attacker who is able to connect to the IPP TCP port could send a
malicious request causing the CUPS daemon to crash. (CVE-2007-4351)
A flaw was found in the way CUPS handled SSL negotiation. A remote attacker
capable of connecting to the CUPS daemon could cause CUPS to crash.
(CVE-2007-4045)
SL4.x
SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_5.2.src.rpm
i386:
cups-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.i386.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_5.2.x86_64.rpm
-Connie Sieh
-Troy Dawson