The Common UNIX Printing System (CUPS) provides a portable printing layerfor UNIX operating systems.A use-after-free flaw was found in the way CUPS handled references in itsfile descriptors-handling interface. A remote attacker could, in aspecially-crafted way, query for the list of current print jobs for aspecific printer, leading to a denial of service (cupsd crash).(CVE-2009-3553)Several cross-site scripting (XSS) flaws were found in the way the CUPS webserver interface processed HTML form content. If a remote attacker couldtrick a local user who is logged into the CUPS web interface into visitinga specially-crafted HTML page, the attacker could retrieve and potentiallymodify confidential CUPS administration data. (CVE-2009-2820)Red Hat would like to thank Aaron Sigel of Apple Product Security forresponsibly reporting the CVE-2009-2820 issue.Users of cups are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing theupdate, the cupsd daemon will be restarted automatically.