Security Updates and Vulnerability Announcements for June 8, 2009


CUPS Update

A security update for the Common Unix Printing System, CUPS, has been released for RHEL and CentOS 3, 4 and 5. The update fixes a flaw in the routine for processing requests for the scheduler which were sent using IPP. A crafted request would crash the cupsd daemon due to a NULL pointer dereference. Ref,

PDF Update

The RHEL 3 and 4 updates also fix another denial of service crash, as well as multiple integer overflow flaws, which could lead to heap-based buffer overflows, in the "pdftops" filter. By attempting to print a maliciously crafted PDF file, "pdftops" would either crash or, potentially execute code as the print daemon user, lp. Ref