Comment 12 for bug 298241

Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5183 to
the following vulnerability:

cupsd in CUPS before 1.3.8 allows local users, and possibly remote
attackers, to cause a denial of service (daemon crash) by adding a
large number of RSS Subscriptions, which triggers a NULL pointer
dereference. NOTE: this issue can be triggered remotely by leveraging
CVE-2008-5184.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241
http://www.openwall.com/lists/oss-security/2008/11/19/3
http://www.openwall.com/lists/oss-security/2008/11/19/4

Patch: See attachment -- cups-1.3-max-subscriptions.patch