LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:	Important: cups security update
Issue date:	2009-06-03
CVE Names:	CVE-2009-0791 CVE-2009-0949 CVE-2009-1196

A NULL pointer dereference flaw was found in the CUPS IPP routine, used 
for processing incoming IPP requests for the CUPS scheduler. An attacker 
could use this flaw to send specially-crafted IPP requests that would 
crash the cupsd daemon. (CVE-2009-0949)

A use-after-free flaw was found in the CUPS scheduler directory services
routine, used to process data about available printers and printer 
classes. An attacker could use this flaw to cause a denial of service 
(cupsd daemon stop or crash). (CVE-2009-1196)

Multiple integer overflows flaws, leading to heap-based buffer 
overflows, were found in the CUPS "pdftops" filter. An attacker could 
create a malicious PDF file that would cause "pdftops" to crash or, 
potentially, execute arbitrary code as the "lp" user if the file was 
printed. (CVE-2009-0791)

After installing this update, the cupsd daemon will be restarted 
automatically.

SL 3.0.x

       SRPMS:
cups-1.1.17-13.3.62.src.rpm
       i386:
cups-1.1.17-13.3.62.i386.rpm
cups-devel-1.1.17-13.3.62.i386.rpm
cups-libs-1.1.17-13.3.62.i386.rpm
       x86_64:
cups-1.1.17-13.3.62.x86_64.rpm
cups-devel-1.1.17-13.3.62.x86_64.rpm
cups-libs-1.1.17-13.3.62.i386.rpm
cups-libs-1.1.17-13.3.62.x86_64.rpm

SL 4.x

       SRPMS:
cups-1.1.22-0.rc1.9.32.el4_8.3.src.rpm
       i386:
cups-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
       x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.3.x86_64.rpm

SL 5.x

       SRPMS:
cups-1.3.7-8.el5_3.6.src.rpm
       i386:
cups-1.3.7-8.el5_3.6.i386.rpm
cups-devel-1.3.7-8.el5_3.6.i386.rpm
cups-libs-1.3.7-8.el5_3.6.i386.rpm
cups-lpd-1.3.7-8.el5_3.6.i386.rpm
       x86_64:
cups-1.3.7-8.el5_3.6.x86_64.rpm
cups-devel-1.3.7-8.el5_3.6.i386.rpm
cups-devel-1.3.7-8.el5_3.6.x86_64.rpm
cups-libs-1.3.7-8.el5_3.6.i386.rpm
cups-libs-1.3.7-8.el5_3.6.x86_64.rpm
cups-lpd-1.3.7-8.el5_3.6.x86_64.rpm

-Connie Sieh
-Troy Dawson