The Common UNIX® Printing System (CUPS) provides a portable printing layerfor UNIX operating systems. The Internet Printing Protocol (IPP) allowsusers to print and manage printing-related tasks over a network. The CUPS"pdftops" filter converts Portable Document Format (PDF) files toPostScript. "pdftops" is based on Xpdf and the CUPS imaging library.A NULL pointer dereference flaw was found in the CUPS IPP routine, used forprocessing incoming IPP requests for the CUPS scheduler. An attacker coulduse this flaw to send specially-crafted IPP requests that would crash thecupsd daemon. (CVE-2009-0949)A use-after-free flaw was found in the CUPS scheduler directory servicesroutine, used to process data about available printers and printer classes.An attacker could use this flaw to cause a denial of service (cupsd daemonstop or crash). (CVE-2009-1196)Multiple integer overflows flaws, leading to heap-based buffer overflows,were found in the CUPS "pdftops" filter. An attacker could create amalicious PDF file that would cause "pdftops" to crash or, potentially,execute arbitrary code as the "lp" user if the file was printed.(CVE-2009-0791)Red Hat would like to thank Anibal Sacco from Core Security Technologiesfor reporting the CVE-2009-0949 flaw, and Swen van Brussel for reportingthe CVE-2009-1196 flaw.Users of cups are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the cupsd daemon will be restarted automatically.