cups security update

CentOS Errata and Security Advisory CESA-2008:0498

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.

An integer overflow flaw leading to a heap buffer overflow was discovered
in the Portable Network Graphics (PNG) decoding routines used by the CUPS
image converting filters “imagetops” and “imagetoraster”. An attacker could
create a malicious PNG file that could possibly execute arbitrary code as
the “lp” user if the file was printed. (CVE-2008-1722)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077114.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077115.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077116.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077117.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077122.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077123.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077126.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077127.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077170.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077171.html

Affected packages:
cups
cups-devel
cups-libs
cups-lpd

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0498