Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 60592
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949)
A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196)
Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user if the file was printed. (CVE-2009-0791)
After installing this update, the cupsd daemon will be restarted automatically.
SolutionUpdate the affected packages.