Synopsis:	Moderate: cups security update
Issue date:	2009-10-15
CVE Names:	CVE-2009-3608 CVE-2009-3609

Two integer overflow flaws were found in the CUPS "pdftops" filter. An
attacker could create a malicious PDF file that would cause "pdftops" to
crash or, potentially, execute arbitrary code as the "lp" user if the 
file was printed. (CVE-2009-3608, CVE-2009-3609)

After installing the update, the cupsd daemon will be restarted 
automatically.

Note: Some older versions of SL 5 needed a newer version of rpm for this 
update.  The SL 5.4 version of rpm and popt is included with this update.

Note: This update is already in SL 5.4

SL 5.x

     SRPMS:
cups-1.3.7-11.el5_4.3.src.rpm
     i386:
cups-1.3.7-11.el5_4.3.i386.rpm
cups-devel-1.3.7-11.el5_4.3.i386.rpm
cups-libs-1.3.7-11.el5_4.3.i386.rpm
cups-lpd-1.3.7-11.el5_4.3.i386.rpm
popt-1.10.2.3-18.el5.i386.rpm
rpm-4.4.2.3-18.el5.i386.rpm
rpm-apidocs-4.4.2.3-18.el5.i386.rpm
rpm-build-4.4.2.3-18.el5.i386.rpm
rpm-devel-4.4.2.3-18.el5.i386.rpm
rpm-libs-4.4.2.3-18.el5.i386.rpm
rpm-python-4.4.2.3-18.el5.i386.rpm
     x86_64:
cups-1.3.7-11.el5_4.3.x86_64.rpm
cups-devel-1.3.7-11.el5_4.3.i386.rpm
cups-devel-1.3.7-11.el5_4.3.x86_64.rpm
cups-libs-1.3.7-11.el5_4.3.i386.rpm
cups-libs-1.3.7-11.el5_4.3.x86_64.rpm
cups-lpd-1.3.7-11.el5_4.3.x86_64.rpm
popt-1.10.2.3-18.el5.i386.rpm
popt-1.10.2.3-18.el5.x86_64.rpm
rpm-4.4.2.3-18.el5.x86_64.rpm
rpm-apidocs-4.4.2.3-18.el5.x86_64.rpm
rpm-build-4.4.2.3-18.el5.x86_64.rpm
rpm-devel-4.4.2.3-18.el5.i386.rpm
rpm-devel-4.4.2.3-18.el5.x86_64.rpm
rpm-libs-4.4.2.3-18.el5.i386.rpm
rpm-libs-4.4.2.3-18.el5.x86_64.rpm
rpm-python-4.4.2.3-18.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson