Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings . ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted IPP request . The updated packages have been patched to correct these issues.