cups security update

2007-11-07T20:06:27
ID CESA-2007:1023
Type centos
Reporter CentOS Project
Modified 2007-11-07T23:51:07

Description

CentOS Errata and Security Advisory CESA-2007:1023

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.

Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393)

Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351)

A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045)

All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-November/026412.html http://lists.centos.org/pipermail/centos-announce/2007-November/026418.html http://lists.centos.org/pipermail/centos-announce/2007-November/026419.html http://lists.centos.org/pipermail/centos-announce/2007-November/026424.html

Affected packages: cups cups-devel cups-libs

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-1023.html