Security Updates and Vulnerability Announcements for June 8, 2009

Medium

CUPS Update

A security update for the Common Unix Printing System, CUPS, has been released for RHEL and CentOS 3, 4 and 5. The update fixes a flaw in the routine for processing requests for the scheduler which were sent using IPP. A crafted request would crash the cupsd daemon due to a NULL pointer dereference. Ref https://rhn.redhat.com/errata/RHSA-2009-1082.html, http://lists.centos.org/pipermail/centos-announce/2009-June/date.html

PDF Update

The RHEL 3 and 4 updates also fix another denial of service crash, as well as multiple integer overflow flaws, which could lead to heap-based buffer overflows, in the "pdftops" filter. By attempting to print a maliciously crafted PDF file, "pdftops" would either crash or, potentially execute code as the print daemon user, lp. Ref https://rhn.redhat.com/errata/RHSA-2009-1083.html