CentOS Errata and Security Advisory CESA-2009:0308
The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems.
The CUPS security advisory, RHSA-2008:0937, stated that it fixed CVE-2008-3640 for Red Hat Enterprise Linux 3, 4, and 5. It was discovered this flaw was not properly fixed on Red Hat Enterprise Linux 3, however. (CVE-2009-0577)
These new packages contain a proper fix for CVE-2008-3640 on Red Hat Enterprise Linux 3. Red Hat Enterprise Linux 4 and 5 already contain the appropriate fix for this flaw and do not need to be updated.
Users of cups should upgrade to these updated packages, which contain a backported patch to correct this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-February/027679.html http://lists.centos.org/pipermail/centos-announce/2009-February/027681.html http://lists.centos.org/pipermail/centos-announce/2009-February/027685.html http://lists.centos.org/pipermail/centos-announce/2009-February/027686.html
Affected packages: cups cups-devel cups-libs
Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-0308.html