Synopsis:	Moderate: cups security update
Issue date:	2008-06-04
CVE Names:	CVE-2008-1722

An integer overflow flaw leading to a heap buffer overflow was discovered
in the Portable Network Graphics (PNG) decoding routines used by the CUPS
image converting filters "imagetops" and "imagetoraster". An attacker could
create a malicious PNG file that could possibly execute arbitrary code as
the "lp" user if the file was printed. (CVE-2008-1722)

SL 3.0.x

      SRPMS:
cups-1.1.17-13.3.53.src.rpm
      i386:
cups-1.1.17-13.3.53.i386.rpm
cups-devel-1.1.17-13.3.53.i386.rpm
cups-libs-1.1.17-13.3.53.i386.rpm
      x86_64:
cups-1.1.17-13.3.53.x86_64.rpm
cups-devel-1.1.17-13.3.53.x86_64.rpm
cups-libs-1.1.17-13.3.53.i386.rpm
cups-libs-1.1.17-13.3.53.x86_64.rpm

SL 4.x

      SRPMS:
cups-1.1.22-0.rc1.9.20.2.el4_6.8.src.rpm
      i386:
cups-1.1.22-0.rc1.9.20.2.el4_6.8.i386.rpm
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.8.i386.rpm
      x86_64:
cups-1.1.22-0.rc1.9.20.2.el4_6.8.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.20.2.el4_6.8.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.20.2.el4_6.8.x86_64.rpm

SL 5.x

      SRPMS:
cups-1.2.4-11.18.el5_2.1.src.rpm
      i386:
cups-1.2.4-11.18.el5_2.1.i386.rpm
cups-devel-1.2.4-11.18.el5_2.1.i386.rpm
cups-libs-1.2.4-11.18.el5_2.1.i386.rpm
cups-lpd-1.2.4-11.18.el5_2.1.i386.rpm
      x86_64:
cups-1.2.4-11.18.el5_2.1.x86_64.rpm
cups-devel-1.2.4-11.18.el5_2.1.i386.rpm
cups-devel-1.2.4-11.18.el5_2.1.x86_64.rpm
cups-libs-1.2.4-11.18.el5_2.1.i386.rpm
cups-libs-1.2.4-11.18.el5_2.1.x86_64.rpm
cups-lpd-1.2.4-11.18.el5_2.1.x86_64.rpm

-Connie Sieh
-Troy Dawson