Synopsis: Important: cups security update Issue date: 2009-06-03 CVE Names: CVE-2009-0791 CVE-2009-0949 CVE-2009-1196 A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially-crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS "pdftops" filter. An attacker could create a malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0791) After installing this update, the cupsd daemon will be restarted automatically. SL 3.0.x SRPMS: cups-1.1.17-13.3.62.src.rpm i386: cups-1.1.17-13.3.62.i386.rpm cups-devel-1.1.17-13.3.62.i386.rpm cups-libs-1.1.17-13.3.62.i386.rpm x86_64: cups-1.1.17-13.3.62.x86_64.rpm cups-devel-1.1.17-13.3.62.x86_64.rpm cups-libs-1.1.17-13.3.62.i386.rpm cups-libs-1.1.17-13.3.62.x86_64.rpm SL 4.x SRPMS: cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm i386: cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm x86_64: cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm SL 5.x SRPMS: cups-1.3.7-8.el5_3.6.src.rpm i386: cups-1.3.7-8.el5_3.6.i386.rpm cups-devel-1.3.7-8.el5_3.6.i386.rpm cups-libs-1.3.7-8.el5_3.6.i386.rpm cups-lpd-1.3.7-8.el5_3.6.i386.rpm x86_64: cups-1.3.7-8.el5_3.6.x86_64.rpm cups-devel-1.3.7-8.el5_3.6.i386.rpm cups-devel-1.3.7-8.el5_3.6.x86_64.rpm cups-libs-1.3.7-8.el5_3.6.i386.rpm cups-libs-1.3.7-8.el5_3.6.x86_64.rpm cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm -Connie Sieh -Troy Dawson