Synopsis: Moderate: cups security update
Issue date: 2010-03-03
CVE Names: CVE-2010-0302
CVE-2010-0302 cups Incomplete fix for CVE-2009-3553
It was discovered that the cups 1.3.7-11.el5_4.4 security update did not
fully correct the use-after-free flaw in the way CUPS handled references
in its file descriptors-handling interface. A remote attacker could send
specially-crafted queries to the CUPS server, causing it to crash.
(CVE-2010-0302)
After installing the update, the cupsd daemon will be restarted
automatically.
SL 5.x
SRPMS:
cups-1.3.7-11.el5_4.6.src.rpm
i386:
cups-1.3.7-11.el5_4.6.i386.rpm
cups-devel-1.3.7-11.el5_4.6.i386.rpm
cups-libs-1.3.7-11.el5_4.6.i386.rpm
cups-lpd-1.3.7-11.el5_4.6.i386.rpm
x86_64:
cups-1.3.7-11.el5_4.6.x86_64.rpm
cups-devel-1.3.7-11.el5_4.6.i386.rpm
cups-devel-1.3.7-11.el5_4.6.x86_64.rpm
cups-libs-1.3.7-11.el5_4.6.i386.rpm
cups-libs-1.3.7-11.el5_4.6.x86_64.rpm
cups-lpd-1.3.7-11.el5_4.6.x86_64.rpm
-Connie Sieh
-Troy Dawson
|