Table of Contents
Advertisement
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating
systems. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript.
Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a
malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp"
user if the file was printed.
Red Hat would like to thank Chris Rohlf for reporting the
Users of cups are advised to upgrade to these updated packages, which contain a backported patch
to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
1.29.5. RHBA-2010:0210: bug fix update
Updated cups packages that fix several bugs are now available.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating
systems.
These updated packages address the following bugs:
* landscape orientation jobs had incorrect page margins. This affects all landscape orientation PDF
files, including any landscape job printed from Mac OS X.
* when running PHP files through the scheduler's web interface the wrong version PHP interpreter was
used, causing missing header lines.
* the tmpwatch package is needed by cups but there was no package dependency on it.
241
(BZ#487495
)
* there was a memory leak in the scheduler's handling of "file:" device URIs.
* setting quota limits using the lpadmin command did not work correctly.
* there were several issues with CGI handling in the scheduler, causing custom CGI scripts not to work
as expected.
(BZ#497632
* the dependencies between the various sub-packages were not made explicit in the package
requirements.
(BZ#502205
* jobs with multiple files could be removed from a disabled queue when it is re-enabled.
247
(BZ#506257
)
* the cups-lpd daemon, for handling RFC 1179 clients, could fail under load due to incorrect temporary
file handling.
(BZ#523152
236
https://www.redhat.com/security/data/cve/CVE-2009-3608.html
237
https://www.redhat.com/security/data/cve/CVE-2009-3609.html
238
https://www.redhat.com/security/data/cve/CVE-2009-3608.html
239
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=447987
240
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=460898
241
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=487495
242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496008
243
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496082
244
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497632
245
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506316
246
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502205
247
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506257
248
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=523152
236
CVE-2009-3609
(CVE-2009-3608
,
(BZ#460898
244
245
BZ#506316
,
)
246
)
248
)
RHBA-2010:0210: bug fix update
237
)
CVE-2009-3608
239
(BZ#447987
240
)
238
issue.
)
242
(BZ#496008
)
243
(BZ#496082
)
35
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
Related Products for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE