RHBA-2010:0210: bug fix update
35
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating
systems. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript.
Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a
malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp"
user if the file was printed. (
CVE-2009-3608
236
,
CVE-2009-3609
237
)
Red Hat would like to thank Chris Rohlf for reporting the
CVE-2009-3608
238
issue.
Users of cups are advised to upgrade to these updated packages, which contain a backported patch
to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
1.29.5. RHBA-2010:0210: bug fix update
Updated cups packages that fix several bugs are now available.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating
systems.
These updated packages address the following bugs:
* landscape orientation jobs had incorrect page margins. This affects all landscape orientation PDF
files, including any landscape job printed from Mac OS X. (
BZ#447987
239
)
* when running PHP files through the scheduler's web interface the wrong version PHP interpreter was
used, causing missing header lines. (
BZ#460898
240
)
* the tmpwatch package is needed by cups but there was no package dependency on it.
(
BZ#487495
241
)
* there was a memory leak in the scheduler's handling of "file:" device URIs. (
BZ#496008
242
)
* setting quota limits using the lpadmin command did not work correctly. (
BZ#496082
243
)
* there were several issues with CGI handling in the scheduler, causing custom CGI scripts not to work
as expected. (
BZ#497632
244
,
BZ#506316
245
)
* the dependencies between the various sub-packages were not made explicit in the package
requirements. (
BZ#502205
246
)
* jobs with multiple files could be removed from a disabled queue when it is re-enabled.
(
BZ#506257
247
)
* the cups-lpd daemon, for handling RFC 1179 clients, could fail under load due to incorrect temporary
file handling. (
BZ#523152
248
)
236
https://www.redhat.com/security/data/cve/CVE-2009-3608.html
237
https://www.redhat.com/security/data/cve/CVE-2009-3609.html
238
https://www.redhat.com/security/data/cve/CVE-2009-3608.html
239
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=447987
240
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=460898
241
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=487495
242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496008
243
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496082
244
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497632
245
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506316
246
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502205
247
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506257
248
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=523152
Содержание ENTERPRISE LINUX 5.5 - S 2010
Страница 10: ...x ...
Страница 308: ...298 ...
Страница 310: ...300 ...
Страница 468: ...458 ...
Страница 470: ...460 ...