Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference . The web interface in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for rem ...