---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA35340 VERIFY ADVISORY: http://secunia.com/advisories/35340/ DESCRIPTION: Red Hat has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) A use-after-free error exists within the scheduler directory service. This can be exploited to e.g. crash cupsd by sending a CUPS browse packet at a specific moment. 2) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file. 3) An error in the processing of IPP tags below 16 can be exploited to crash the server. For more information: SA34481 SOLUTION: Updated packages are available via Red Hat Network. PROVIDED AND/OR DISCOVERED BY: 1) Swen van Brussel 2) Reported by the vendor. ORIGINAL ADVISORY: RHSA-2009-1083: http://rhn.redhat.com/errata/RHSA-2009-1083.html OTHER REFERENCES: SA34481: http://secunia.com/advisories/34481/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------