Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

SL 3 and SL 4 only A flaw was found in the way CUPS handled the
addition and removal of remote shared printers via IPP. A remote
attacker could send malicious UDP IPP packets causing the CUPS daemon
to attempt to dereference already freed memory and crash.
(CVE-2008-0597)

A memory management flaw was found in the way CUPS handled the
addition and removal of remote shared printers via IPP. When shared
printer was removed, allocated memory was not properly freed, leading
to a memory leak possibly causing CUPS daemon crash after exhausting
available memory. (CVE-2008-0596)

SL 5 only A flaw was found in the way CUPS handles the addition and
removal of remote shared printers via IPP. A remote attacker could
send malicious UDP IPP packets causing the CUPS daemon to crash.
(CVE-2008-0882)

See also :

http://www.nessus.org/u?23505281

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60364 ()

Bugtraq ID:

CVE ID: CVE-2008-0596
CVE-2008-0597
CVE-2008-0882