5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.157 Low
EPSS
Percentile
95.4%
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.
A use-after-free flaw was found in the way CUPS handled references in its
file descriptors-handling interface. A remote attacker could, in a
specially-crafted way, query for the list of current print jobs for a
specific printer, leading to a denial of service (cupsd crash).
(CVE-2009-3553)
Several cross-site scripting (XSS) flaws were found in the way the CUPS web
server interface processed HTML form content. If a remote attacker could
trick a local user who is logged into the CUPS web interface into visiting
a specially-crafted HTML page, the attacker could retrieve and potentially
modify confidential CUPS administration data. (CVE-2009-2820)
Red Hat would like to thank Aaron Sigel of Apple Product Security for
responsibly reporting the CVE-2009-2820 issue.
Users of cups are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the cupsd daemon will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ppc | cups | < 1.3.7-11.el5_4.4 | cups-1.3.7-11.el5_4.4.ppc.rpm |
RedHat | 5 | ia64 | cups-devel | < 1.3.7-11.el5_4.4 | cups-devel-1.3.7-11.el5_4.4.ia64.rpm |
RedHat | 5 | x86_64 | cups-lpd | < 1.3.7-11.el5_4.4 | cups-lpd-1.3.7-11.el5_4.4.x86_64.rpm |
RedHat | 5 | ppc | cups-libs | < 1.3.7-11.el5_4.4 | cups-libs-1.3.7-11.el5_4.4.ppc.rpm |
RedHat | 5 | s390x | cups | < 1.3.7-11.el5_4.4 | cups-1.3.7-11.el5_4.4.s390x.rpm |
RedHat | 5 | i386 | cups | < 1.3.7-11.el5_4.4 | cups-1.3.7-11.el5_4.4.i386.rpm |
RedHat | 5 | ia64 | cups | < 1.3.7-11.el5_4.4 | cups-1.3.7-11.el5_4.4.ia64.rpm |
RedHat | 5 | i386 | cups-devel | < 1.3.7-11.el5_4.4 | cups-devel-1.3.7-11.el5_4.4.i386.rpm |
RedHat | 5 | x86_64 | cups-devel | < 1.3.7-11.el5_4.4 | cups-devel-1.3.7-11.el5_4.4.x86_64.rpm |
RedHat | 5 | i386 | cups-libs | < 1.3.7-11.el5_4.4 | cups-libs-1.3.7-11.el5_4.4.i386.rpm |