Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual page 44

Chapter 1. Package Updates
Users of cups are advised to upgrade to these updated packages, which contain a backported patch
to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
1.29.3. RHSA-2009:1595: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1595
errata
Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise
Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
[Updated 12th January 2010] The packages list in this erratum has been updated to include missing
i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating
systems.
A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling
interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs for a
specific printer, leading to a denial of service (cupsd crash).
Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface
processed HTML form content. If a remote attacker could trick a local user who is logged into the
CUPS web interface into visiting a specially-crafted HTML page, the attacker could retrieve and
potentially modify confidential CUPS administration data.
Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the
234
CVE-2009-2820
issue.
Users of cups are advised to upgrade to these updated packages, which contain backported patches
to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
1.29.4. RHSA-2009:1513: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1513
errata
Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
232
https://www.redhat.com/security/data/cve/CVE-2009-3553.html
233
https://www.redhat.com/security/data/cve/CVE-2009-2820.html
234
https://www.redhat.com/security/data/cve/CVE-2009-2820.html
34
231
(CVE-2009-2820
235
232
(CVE-2009-3553 )
233
)