LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-2982 (cups)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: cups-1.3.4-2.fc8


Date:
    	      Wed, 07 Nov 2007 23:03:28 -0700


Message-ID:
    	      <200711080603.lA863ECM010987@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2982
2007-11-08 06:03:22.808613
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 8
Version     : 1.3.4
Release     : 2.fc8
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX? operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS
scheduler, as well as several PDF handling security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  7 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-2
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
* Thu Nov  1 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-1
- 1.3.4 (bug #362971).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #362971 - CVE-2007-4351 cups boundary error [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=362971
  [ 2 ] Bug #345091 - CVE-2007-4351 cups boundary error
        https://bugzilla.redhat.com/show_bug.cgi?id=345091
  [ 3 ] Bug #345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
        https://bugzilla.redhat.com/show_bug.cgi?id=345101
  [ 4 ] Bug #250161 - CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=250161
  [ 5 ] CVE-2007-4351
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 6 ] CVE-2007-4045
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 7 ] CVE-2007-4352
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 8 ] CVE-2007-5392
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 9 ] CVE-2007-5393
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

28d4d82b9a40e8c248ddeeb2a5161644932b0287 cups-lpd-1.3.4-2.fc8.ppc64.rpm
d71ea0fd85ae077f9a9d1a82781bdcd9828480d9 cups-1.3.4-2.fc8.ppc64.rpm
c0035414e97a3ffc745fbacecc59a829c8efb8bd cups-libs-1.3.4-2.fc8.ppc64.rpm
456e4c54ac3c902d32dd3b4eb2059ac867e04ad8 cups-devel-1.3.4-2.fc8.ppc64.rpm
af4987bf57763d4a135737d795d87c21bb7f31d3 cups-debuginfo-1.3.4-2.fc8.ppc64.rpm
3b77fd98a606712a2df3748e7756ee3737d295db cups-libs-1.3.4-2.fc8.i386.rpm
95b5db10adcacd9cb63b8ee74dc04a3c47ffcfd0 cups-debuginfo-1.3.4-2.fc8.i386.rpm
fc588e0677698b946e0523654aa8e18807c2f0b4 cups-lpd-1.3.4-2.fc8.i386.rpm
c7f9e99e30785aba7d0d732a56c42782e8162186 cups-1.3.4-2.fc8.i386.rpm
d30a21de63f1c7d7e670cb983fd74a10d7ae5e74 cups-devel-1.3.4-2.fc8.i386.rpm
76734e22a918ae6052f25e87a964f0000b916a79 cups-debuginfo-1.3.4-2.fc8.x86_64.rpm
191ae04aa9fade079275c210eed48c29b22c5d73 cups-libs-1.3.4-2.fc8.x86_64.rpm
25cbe8f49f16cb8d45a251858d39c5622db84615 cups-1.3.4-2.fc8.x86_64.rpm
a0c48b992ebbd8115a7a2a502f922d217892eb07 cups-devel-1.3.4-2.fc8.x86_64.rpm
16a87bfd305352824bdcd27c1771fc394eea4a38 cups-lpd-1.3.4-2.fc8.x86_64.rpm
8f7e94ca2ff5142599434fd3552d95038c67f392 cups-libs-1.3.4-2.fc8.ppc.rpm
7d98b205dfef8b4cb7327e2ed15feed2ab3a302d cups-devel-1.3.4-2.fc8.ppc.rpm
5371df4f75b8625bf19de4b4c07a289614273dcb cups-1.3.4-2.fc8.ppc.rpm
1f32d87df6670b2a779afec2bfe8b842b6346fc2 cups-lpd-1.3.4-2.fc8.ppc.rpm
38145dadc5ebef5afe0e72f001d586d52c474437 cups-debuginfo-1.3.4-2.fc8.ppc.rpm
f28a1d7b4a3308ed185be8f914bfaf1231324a72 cups-1.3.4-2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds