The Common UNIX Printing System (CUPS) provides a portable printing layerfor UNIX(R) operating systems.A heap buffer overflow flaw was found in a CUPS administration interfaceCGI script. A local attacker able to connect to the IPP port (TCP port 631)could send a malicious request causing the script to crash or, potentially,execute arbitrary code as the "lp" user. Please note: the default CUPSconfiguration in Red Hat Enterprise Linux 5 does not allow remoteconnections to the IPP TCP port. (CVE-2008-0047)Red Hat would like to thank "regenrecht" for reporting this issue.This issue did not affect the versions of CUPS as shipped with Red HatEnterprise Linux 3 or 4.Two overflows were discovered in the HP-GL/2-to-PostScript filter. Anattacker could create a malicious HP-GL/2 file that could possibly executearbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)A buffer overflow flaw was discovered in the GIF decoding routines used byCUPS image converting filters "imagetops" and "imagetoraster". An attackercould create a malicious GIF file that could possibly execute arbitrarycode as the "lp" user if the file was printed. (CVE-2008-1373)All cups users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.