RHEL 3 : cups (RHSA-2005:132)
High Nessus Plugin ID 17149
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated cups packages that fix a security issue are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Common UNIX Printing System (CUPS) is a print spooler.
During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect Xpdf. CUPS contained a copy of the Xpdf code used for parsing PDF files and was therefore affected by these bugs.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0888 to this issue, and Red Hat released erratum RHSA-2004:543 with updated packages.
It was found that the patch used to correct this issue was not sufficient and did not fully protect CUPS running on 64-bit architectures. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue.
These updated packages also include a fix that prevents the CUPS initscript from being accidentally replaced.
All users of CUPS on 64-bit architectures should upgrade to these updated packages, which contain a corrected patch and are not vulnerable to these issues.
SolutionUpdate the affected cups, cups-devel and / or cups-libs packages.