SciLinux: CVE-2009-3608 Moderate: cups SL5.x i386/x86_64
Summary
Date: Wed, 11 Nov 2009 15:42:12 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: cups on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: cups security updateIssue date: 2009-10-15CVE Names: CVE-2009-3608 CVE-2009-3609Two integer overflow flaws were found in the CUPS "pdftops" filter. Anattacker could create a malicious PDF file that would cause "pdftops" tocrash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-3608, CVE-2009-3609)After installing the update, the cupsd daemon will be restarted automatically.Note: Some older versions of SL 5 needed a newer version of rpm for this update. The SL 5.4 version of rpm and popt is included with this update.Note: This update is already in SL 5.4SL 5.x SRPMS:cups-1.3.7-11.el5_4.3.src.rpm i386:cups-1.3.7-11.el5_4.3.i386.rpmcups-devel-1.3.7-11.el5_4.3.i386.rpmcups-libs-1.3.7-11.el5_4.3.i386.rpmcups-lpd-1.3.7-11.el5_4.3.i386.rpmpopt-1.10.2.3-18.el5.i386.rpmrpm-4.4.2.3-18.el5.i386.rpmrpm-apidocs-4.4.2.3-18.el5.i386.rpmrpm-build-4.4.2.3-18.el5.i386.rpmrpm-devel-4.4.2.3-18.el5.i386.rpmrpm-libs-4.4.2.3-18.el5.i386.rpmrpm-python-4.4.2.3-18.el5.i386.rpm x86_64:cups-1.3.7-11.el5_4.3.x86_64.rpmcups-devel-1.3.7-11.el5_4.3.i386.rpmcups-devel-1.3.7-11.el5_4.3.x86_64.rpmcups-libs-1.3.7-11.el5_4.3.i386.rpmcups-libs-1.3.7-11.el5_4.3.x86_64.rpmcups-lpd-1.3.7-11.el5_4.3.x86_64.rpmpopt-1.10.2.3-18.el5.i386.rpmpopt-1.10.2.3-18.el5.x86_64.rpmrpm-4.4.2.3-18.el5.x86_64.rpmrpm-apidocs-4.4.2.3-18.el5.x86_64.rpmrpm-build-4.4.2.3-18.el5.x86_64.rpmrpm-devel-4.4.2.3-18.el5.i386.rpmrpm-devel-4.4.2.3-18.el5.x86_64.rpmrpm-libs-4.4.2.3-18.el5.i386.rpmrpm-libs-4.4.2.3-18.el5.x86_64.rpmrpm-python-4.4.2.3-18.el5.x86_64.rpm-Connie Sieh-Troy Dawson