CentOS Errata and Security Advisory CESA-2009:1082
The Common UNIX® Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The Internet Printing Protocol (IPP) allows
users to print and manage printing-related tasks over a network.
A NULL pointer dereference flaw was found in the CUPS IPP routine, used for
processing incoming IPP requests for the CUPS scheduler. An attacker could
use this flaw to send specially-crafted IPP requests that would crash the
cupsd daemon. (CVE-2009-0949)
Red Hat would like to thank Anibal Sacco from Core Security Technologies
for reporting this issue.
Users of cups are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the cupsd daemon will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-June/078125.html
https://lists.centos.org/pipermail/centos-announce/2009-June/078126.html
Affected packages:
cups
cups-devel
cups-libs
cups-lpd
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1082
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | cups | < 1.3.7-8.el5_3.6 | cups-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-devel | < 1.3.7-8.el5_3.6 | cups-devel-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-libs | < 1.3.7-8.el5_3.6 | cups-libs-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-lpd | < 1.3.7-8.el5_3.6 | cups-lpd-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups | < 1.3.7-8.el5_3.6 | cups-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-devel | < 1.3.7-8.el5_3.6 | cups-devel-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-libs | < 1.3.7-8.el5_3.6 | cups-libs-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | i386 | cups-lpd | < 1.3.7-8.el5_3.6 | cups-lpd-1.3.7-8.el5_3.6.i386.rpm |
CentOS | 5 | x86_64 | cups | < 1.3.7-8.el5_3.6 | cups-1.3.7-8.el5_3.6.x86_64.rpm |
CentOS | 5 | i386 | cups-devel | < 1.3.7-8.el5_3.6 | cups-devel-1.3.7-8.el5_3.6.i386.rpm |